Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Der Volume Regler und die Akku Anzeige von der Taskleiste verschwunden - Trojaner Fund! (https://www.trojaner-board.de/123734-volume-regler-akku-anzeige-taskleiste-verschwunden-trojaner-fund.html)

matzepeng 08.09.2012 14:23
Der Volume Regler und die Akku Anzeige von der Taskleiste verschwunden - Trojaner Fund!
 
Hallo liebes Trojaner Board Team,
ich habe ein Toschiba Satelite Laptop,intel(R) core(TM) i5 - 2450M cpu,2,50GHz,Arbeitsspeicher 4,00GB,64 Bit Betriebssystem,Windows 7.
Ich wollte den Internet Explorer als Browser verwenden aber hatte diesen nicht mehr auf meinen Deskop und konnte ihn auch nicht über c programme Wiederherstellen.Habe dan,obwohl ich weiß das ja eigentlich alles auf mein Rechner sein muss,ein download(Internet Explorer) im nets über google suche
Runtergeladen.Als ich diesen öffnen wollte,hat Avira gleich angeschlagen und ein Viren Fund gemeldet.
"In der Datei 'C:\Users\Mathias Wehpke\AppData\Local\Temp\YontooSetup S.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.E.1' [adware] gefunden.Ausgeführte Aktion: Zugriff verweigern"

"In der Datei 'C:\Users\Mathias Wehpke\AppData\Local\Temp\YontooSetup-S.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Yontoo.E.1' [adware] gefunden.Ausgeführte Aktion: Übergeben an Scanner"

Danach habe ich die Download Datei gelöscht und anschließen den Papierkorb geleert.Gleich darauf eine Systemwiederherstellung durchgeführt und als letztes Avira full Scan.Später ist noch ein ESET Online,Malewarbytes,OTL Scan ausgeführt worden.
Da ich meinen Laptop für meine Arbeit als Musiker brauche,wäre ich wirklich Dankbar,wenn ich eure Zeit in anschbruch nehmen könnte und ihr euch das proplem mal anseht.
SCANS:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=6e5bae181aaa234090725215d7e70f36
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-08 07:41:48
# local_time=2012-09-08 09:41:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 16384983 16384983 0 0
# compatibility_mode=5893 16776574 100 94 15256021 98689338 0 0
# compatibility_mode=8192 67108863 100 0 289 289 0 0
# scanned=182663
# found=1
# cleaned=0
# scan_time=30640
D:\MATHIASWEHPKE\Backup Set 2012-09-02 194209\Backup Files 2012-09-02 194209\Backup files 10.zip JS/Exploit.Pdfka.PMN trojan (unable to clean) 00000000000000000000000000000000 I



Avira Free Antivirus
Erstellungsdatum der Reportdatei: Donnerstag, 6. September 2012 21:54

Es wird nach 4169649 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Home Premium
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : Mathias Wehpke
Computername : MATHIASWEHPKE

Versionsinformationen:
BUILD.DAT : 12.0.0.1167 40870 Bytes 18.07.2012 19:07:00
AVSCAN.EXE : 12.3.0.33 468472 Bytes 11.08.2012 10:51:14
AVSCAN.DLL : 12.3.0.15 66256 Bytes 08.05.2012 19:47:18
LUKE.DLL : 12.3.0.15 68304 Bytes 08.05.2012 19:47:26
AVSCPLR.DLL : 12.3.0.14 97032 Bytes 08.05.2012 19:47:30
AVREG.DLL : 12.3.0.17 232200 Bytes 10.05.2012 19:45:43
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 10:49:21
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 07:56:15
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 07:56:21
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 08:49:03
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 11:07:29
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 15:14:57
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 17:50:01
VBASE007.VDF : 7.11.41.251 2048 Bytes 06.09.2012 17:51:00
VBASE008.VDF : 7.11.41.252 2048 Bytes 06.09.2012 17:51:00
VBASE009.VDF : 7.11.41.253 2048 Bytes 06.09.2012 17:51:00
VBASE010.VDF : 7.11.41.254 2048 Bytes 06.09.2012 17:51:00
VBASE011.VDF : 7.11.41.255 2048 Bytes 06.09.2012 17:51:00
VBASE012.VDF : 7.11.42.0 2048 Bytes 06.09.2012 17:51:00
VBASE013.VDF : 7.11.42.1 2048 Bytes 06.09.2012 17:51:00
VBASE014.VDF : 7.11.42.2 2048 Bytes 06.09.2012 17:51:00
VBASE015.VDF : 7.11.42.3 2048 Bytes 06.09.2012 17:51:01
VBASE016.VDF : 7.11.42.4 2048 Bytes 06.09.2012 17:51:01
VBASE017.VDF : 7.11.42.5 2048 Bytes 06.09.2012 17:51:01
VBASE018.VDF : 7.11.42.6 2048 Bytes 06.09.2012 17:51:02
VBASE019.VDF : 7.11.42.7 2048 Bytes 06.09.2012 17:51:02
VBASE020.VDF : 7.11.42.8 2048 Bytes 06.09.2012 17:51:02
VBASE021.VDF : 7.11.42.9 2048 Bytes 06.09.2012 17:51:03
VBASE022.VDF : 7.11.42.10 2048 Bytes 06.09.2012 17:51:03
VBASE023.VDF : 7.11.42.11 2048 Bytes 06.09.2012 17:51:03
VBASE024.VDF : 7.11.42.12 2048 Bytes 06.09.2012 17:51:03
VBASE025.VDF : 7.11.42.13 2048 Bytes 06.09.2012 17:51:03
VBASE026.VDF : 7.11.42.14 2048 Bytes 06.09.2012 17:51:03
VBASE027.VDF : 7.11.42.15 2048 Bytes 06.09.2012 17:51:04
VBASE028.VDF : 7.11.42.16 2048 Bytes 06.09.2012 17:51:04
VBASE029.VDF : 7.11.42.17 2048 Bytes 06.09.2012 17:51:04
VBASE030.VDF : 7.11.42.18 2048 Bytes 06.09.2012 17:51:04
VBASE031.VDF : 7.11.42.20 2048 Bytes 06.09.2012 17:51:04
Engineversion : 8.2.10.150
AEVDF.DLL : 8.1.2.10 102772 Bytes 10.07.2012 19:49:22
AESCRIPT.DLL : 8.1.4.46 455034 Bytes 24.08.2012 11:40:27
AESCN.DLL : 8.1.8.2 131444 Bytes 02.03.2012 08:49:27
AESBX.DLL : 8.2.5.12 606578 Bytes 15.06.2012 07:31:21
AERDL.DLL : 8.1.9.15 639348 Bytes 31.01.2012 07:55:37
AEPACK.DLL : 8.3.0.32 811382 Bytes 24.08.2012 11:40:25
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 11.08.2012 10:51:01
AEHEUR.DLL : 8.1.4.94 5230967 Bytes 31.08.2012 11:40:01
AEHELP.DLL : 8.1.23.2 258422 Bytes 29.06.2012 15:15:00
AEGEN.DLL : 8.1.5.36 434549 Bytes 24.08.2012 11:39:52
AEEXP.DLL : 8.1.0.84 90485 Bytes 31.08.2012 11:40:01
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 19:49:20
AECORE.DLL : 8.1.27.4 201078 Bytes 11.08.2012 10:50:13
AEBB.DLL : 8.1.1.0 53618 Bytes 31.01.2012 07:55:33
AVWINLL.DLL : 12.3.0.15 27344 Bytes 08.05.2012 19:47:13
AVPREF.DLL : 12.3.0.15 51920 Bytes 08.05.2012 19:47:18
AVREP.DLL : 12.3.0.15 179208 Bytes 08.05.2012 19:47:30
AVARKT.DLL : 12.3.0.15 211408 Bytes 08.05.2012 19:47:16
AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 08.05.2012 19:47:17
SQLITE3.DLL : 3.7.0.1 398288 Bytes 08.05.2012 19:47:28
AVSMTP.DLL : 12.3.0.32 63480 Bytes 11.08.2012 10:51:15
NETNT.DLL : 12.3.0.15 17104 Bytes 08.05.2012 19:47:26
RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 11.08.2012 10:47:30
RCTEXT.DLL : 12.3.0.31 100088 Bytes 11.08.2012 10:47:30

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Suche nach Rootkits und aktiver Malware
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\rootkit.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig

Beginn des Suchlaufs: Donnerstag, 6. September 2012 21:54

Der Suchlauf nach versteckten Objekten wird begonnen.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Network\Config
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions\Microsoft-ISATAP-Adapter
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{3C0B4681-27BB-4A04-9D1E-B1BFAAF3F17B}\Connection\Name
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{3C0B4681-27BB-4A04-9D1E-B1BFAAF3F17B}\Connection\Name
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage\Bind
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage\Route
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage\Export
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\iphlpsvc\Teredo\PreviousState\7c-4f-b5-d7-8a-bc\TeredoAddress
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\LanmanServer\Linkage\Bind
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\LanmanServer\Linkage\Route
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\LanmanServer\Linkage\Export
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\LanmanWorkstation\Linkage\Bind
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\LanmanWorkstation\Linkage\Route
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\LanmanWorkstation\Linkage\Export
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\NetBIOS\Linkage\LanaMap
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\NetBIOS\Linkage\Bind
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\NetBIOS\Linkage\Route
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\NetBIOS\Linkage\Export
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\NetBT\Linkage\Bind
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\NetBT\Linkage\Route
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\NetBT\Linkage\Export
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\Smb\Linkage\Bind
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\Smb\Linkage\Route
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\Smb\Linkage\Export
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\Tcpip\Parameters\Interfaces\{6EE8BD76-9FC1-4AF5-990F-E32A025E53E6}\DhcpIPAddress
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\Tcpip\Parameters\Interfaces\{6EE8BD76-9FC1-4AF5-990F-E32A025E53E6}\DhcpSubnetMask
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\Tcpip\Parameters\Interfaces\{6EE8BD76-9FC1-4AF5-990F-E32A025E53E6}\DhcpServer
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\Tcpip\Parameters\Interfaces\{6EE8BD76-9FC1-4AF5-990F-E32A025E53E6}\DhcpNetworkHint
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\TCPIP6\Linkage\Bind
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\TCPIP6\Linkage\Route
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\TCPIP6\Linkage\Export
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2962335387-2445119808-2019167956-1000\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{01979c6a-42fa-414c-b8aa-eee2c8202018}.check.100\CheckSetting
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2962335387-2445119808-2019167956-1000\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{01979c6a-42fa-414c-b8aa-eee2c8202018}.check.101\CheckSetting
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2962335387-2445119808-2019167956-1000\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.100\CheckSetting
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.
HKEY_USERS\S-1-5-21-2962335387-2445119808-2019167956-1000\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{E8433B72-5842-4d43-8645-BC2C35960837}.check.102\CheckSetting
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFSvcs.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'CFSwMgr.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'ArcCon.ac' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'vprot.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACDaemon.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'KeNotify.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'NDSTray.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'CVHSVC.EXE' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftlist.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'ToolbarUpdater.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'sftvsa.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'RIconMan.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACService.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '40' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1349' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:' <WINDOWS>
C:\Windows\SoftwareDistribution\Download\a568738027b9278d7681fca958f664fb\BIT3F13.tmp
[0] Archivtyp: CAB SFX (self extracting)
--> silverlight.7z
[WARNUNG] Die Datei konnte nicht gelesen werden!
[WARNUNG] Die Datei konnte nicht gelesen werden!


Ende des Suchlaufs: Donnerstag, 6. September 2012 23:00
Benötigte Zeit: 1:06:21 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

28979 Verzeichnisse wurden überprüft
300672 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
300672 Dateien ohne Befall
2968 Archive wurden durchsucht
2 Warnungen
34 Hinweise
515383 Objekte wurden beim Rootkitscan durchsucht
35 Versteckte Objekte wurden gefunden

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.09.08.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mathias Wehpke :: MATHIASWEHPKE [Administrator]

08.09.2012 11:18:48
mbam-log-2012-09-08 (11-02-21).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 376272
Laufzeit: 1 Stunde(n), 4 Minute(n), 38 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Mathias Wehpke\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Keine Aktion durchgeführt.
C:\Users\Mathias Wehpke\AppData\Local\funmoods.crx (PUP.Funmoods) -> Keine Aktion durchgeführt.

(Ende)OTL Logfile:
Code:
OTL logfile created on: 08.09.2012 12:30:08 - Run 3
OTL by OldTimer - Version 3.2.61.2    Folder = C:\Users\Mathias Wehpke\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 45,49% Memory free
7,95 Gb Paging File | 5,75 Gb Available in Paging File | 72,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 96,39 Gb Free Space | 41,39% Space Free | Partition Type: NTFS
Drive D: | 232,49 Gb Total Space | 6,59 Gb Free Space | 2,84% Space Free | Partition Type: NTFS
Drive E: | 511,29 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MATHIASWEHPKE | User Name: Mathias Wehpke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.08 11:49:33 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias Wehpke\Desktop\OTL.exe
PRC - [2012.08.17 12:21:30 | 000,927,840 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
PRC - [2012.08.17 12:21:29 | 001,162,848 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
PRC - [2012.08.11 12:51:11 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.08 21:47:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 21:47:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.02.01 14:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.01 14:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.12.03 15:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010.08.16 11:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2010.08.04 18:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.07.28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.17 12:21:31 | 000,564,832 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\12.2.0\avgdttbx.dll
MOD - [2012.08.17 12:21:30 | 000,132,704 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\SiteSafety.dll
MOD - [2012.08.17 12:21:29 | 001,162,848 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.10.12 11:55:12 | 005,739,008 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2010.12.09 18:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010.12.08 16:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010.10.20 15:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.09.07 11:52:54 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.17 12:21:30 | 000,927,840 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe -- (vToolbarUpdater12.2.0)
SRV - [2012.07.27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 21:47:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 21:47:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.02.10 09:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2011.02.01 14:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.01 14:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.11.29 15:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010.08.04 18:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.01.28 17:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.08.17 12:21:31 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012.05.08 21:47:29 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 21:47:29 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.21 13:51:29 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.05.10 03:41:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.08 20:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011.02.03 20:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.01.13 20:58:30 | 000,413,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.01.12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.01.05 02:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010.12.07 15:23:02 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2010.12.07 15:23:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2010.12.07 15:23:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2010.12.07 15:22:58 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.07.20 18:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.03.22 11:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009.07.30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={A97FE354-88CA-4DAB-B169-C58B3D963240}&mid=af3a64d909244ed8b19557c2ffd64935-e7ea363af7b30adb67d08055fac976fd6a6a4ae0&lang=de&ds=hk011&pr=sa&d=2012-08-17 12:21:31&v=12.2.0.5&sap=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 AA 7E EB D5 34 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={A97FE354-88CA-4DAB-B169-C58B3D963240}&mid=af3a64d909244ed8b19557c2ffd64935-e7ea363af7b30adb67d08055fac976fd6a6a4ae0&lang=de&ds=hk011&pr=sa&d=2012-08-17 12:21:31&v=12.2.0.5&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: ffxtlbr@funmoods.com:1.5.1
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.0.5\ [2012.08.27 09:39:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 18:04:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.08.27 10:33:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias Wehpke\AppData\Roaming\mozilla\Extensions
[2012.09.06 21:40:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias Wehpke\AppData\Roaming\mozilla\Firefox\Profiles\hrc7l44c.default\extensions
[2012.09.06 21:49:34 | 000,000,000 | ---D | M] (Funmoods.com) -- C:\Users\Mathias Wehpke\AppData\Roaming\mozilla\Firefox\Profiles\hrc7l44c.default\extensions\ffxtlbr@funmoods.com
[2012.09.06 21:41:02 | 000,002,331 | ---- | M] () -- C:\Users\Mathias Wehpke\AppData\Roaming\mozilla\firefox\profiles\hrc7l44c.default\searchplugins\Search.xml
[2012.08.27 10:33:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.09.07 18:04:19 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.05 09:19:53 | 000,003,771 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.08.31 20:47:44 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.04.16 10:12:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.0.5\AVG Secure Search_toolbar.dll ()
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe ()
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Mathias Wehpke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mathias Wehpke\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mathias Wehpke\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe File not found
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81C079F3-6C8E-4AD9-96FB-933E495C684D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.0\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2001.08.28 02:28:54 | 000,000,038 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.08 11:49:28 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\Mathias Wehpke\Desktop\OTL.exe
[2012.09.08 11:47:36 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\Desktop\logs trojaner
[2012.09.08 10:05:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.08 10:05:27 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.08 10:05:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.08 10:04:07 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Mathias Wehpke\Desktop\mbam-setup-1.62.0.1300.exe
[2012.09.08 01:06:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.09.08 01:06:07 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Mathias Wehpke\Desktop\esetsmartinstaller_enu(1).exe
[2012.09.07 22:00:47 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\P5JavaClientSettings
[2012.09.07 22:00:38 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\P5
[2012.09.07 22:00:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
[2012.09.07 22:00:36 | 000,000,000 | ---D | C] -- C:\bwinPoker
[2012.09.07 11:55:21 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\Documents\888poker
[2012.09.07 11:55:20 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\Start Menu
[2012.09.07 11:55:20 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\Application Data
[2012.09.07 11:55:20 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\888poker
[2012.09.07 11:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\888poker
[2012.09.07 11:54:30 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Roaming\PacificPoker
[2012.09.07 11:54:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PacificPoker
[2012.09.06 20:51:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Everest Poker
[2012.09.05 13:29:03 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\PokerStars.EU
[2012.09.05 09:18:10 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\AVG Secure Search
[2012.08.31 18:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.NET
[2012.08.31 17:54:38 | 020,905,256 | ---- | C] (PokerStars) -- C:\Users\Mathias Wehpke\Desktop\PokerStarsInstallEU.exe
[2012.08.31 17:29:22 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\PokerStars
[2012.08.31 17:29:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars.EU
[2012.08.31 17:15:59 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\PokerStars.NET
[2012.08.31 17:15:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars.NET
[2012.08.27 10:33:32 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Roaming\Mozilla
[2012.08.26 22:08:57 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{175B6B52-DB09-4C15-92CC-C6C2080EEE88}
[2012.08.21 15:30:30 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{148F6406-A474-4D3C-90D7-0DECB360FF8A}
[2012.08.21 11:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TV-Total Emulator
[2012.08.21 11:13:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TV-Total Emulator
[2012.08.17 12:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012.08.17 12:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012.08.17 12:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012.08.17 12:21:41 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012.08.17 12:21:31 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012.08.17 12:21:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012.08.17 12:21:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012.08.16 09:05:23 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{A2F3FCA4-4A91-4787-9027-DB8D9A38A854}
[2012.08.16 09:05:04 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{E86892C3-9F44-4DE6-AEB8-77207A03F30C}
[2012.08.14 18:56:46 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{06316F92-1D7F-4ED8-B5A0-184D0B7DA50A}
[2012.08.11 13:32:38 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\Programs
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.08 12:04:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.08 11:49:33 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias Wehpke\Desktop\OTL.exe
[2012.09.08 11:45:30 | 000,050,477 | ---- | M] () -- C:\Users\Mathias Wehpke\Desktop\Defogger.exe
[2012.09.08 10:05:28 | 000,001,080 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.08 10:04:42 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Mathias Wehpke\Desktop\mbam-setup-1.62.0.1300.exe
[2012.09.08 09:01:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.08 01:06:13 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Mathias Wehpke\Desktop\esetsmartinstaller_enu(1).exe
[2012.09.07 22:00:37 | 000,001,478 | ---- | M] () -- C:\Users\Public\Desktop\bwin Poker.lnk
[2012.09.07 21:02:42 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.07 21:02:42 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.07 20:55:46 | 000,002,006 | ---- | M] () -- C:\Users\Mathias Wehpke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
[2012.09.07 20:55:08 | 3203,735,552 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.07 15:57:24 | 145,950,358 | R--- | M] () -- C:\Users\Mathias Wehpke\Desktop\Riddim Driven - Salsa Riddim CD (2003).zip
[2012.09.07 15:55:22 | 113,593,657 | R--- | M] () -- C:\Users\Mathias Wehpke\Desktop\Riddim Driven - Thrilla riddim CD (2004).rar
[2012.09.07 15:54:43 | 106,452,490 | R--- | M] () -- C:\Users\Mathias Wehpke\Desktop\VA-Riddim_Driven-Reflections-Retail_CD-2006-JAH.zip
[2012.09.07 15:52:47 | 132,119,900 | R--- | M] () -- C:\Users\Mathias Wehpke\Desktop\Driven Riddim - All Out Riddim CD (2003).rar
[2012.09.07 15:47:52 | 072,085,313 | R--- | M] () -- C:\Users\Mathias Wehpke\Desktop\VA-Riddim_Driven-Nookie_2K6-Promo_CD-2006-WiS.rar
[2012.09.07 15:47:37 | 078,243,659 | R--- | M] () -- C:\Users\Mathias Wehpke\Desktop\VA-Riddim_Driven-Gully_Slime-Retail_CD-2006-RAS.zip
[2012.09.07 15:47:01 | 093,458,863 | R--- | M] () -- C:\Users\Mathias Wehpke\Desktop\VA-Riddim_Driven_Juicy-Retail_CD-2003-JAH.zip
[2012.09.07 15:41:49 | 094,467,474 | R--- | M] () -- C:\Users\Mathias Wehpke\Desktop\VA-Riddim_Driven-Rock_Steady-Retail_CD-2009-RKS.zip
[2012.09.07 15:41:10 | 066,178,775 | R--- | M] () -- C:\Users\Mathias Wehpke\Desktop\VA-Riddim_Driven-Hardtimes-Retail_CD-2004-JAH.rar
[2012.09.07 15:35:50 | 101,442,305 | R--- | M] () -- C:\Users\Mathias Wehpke\Desktop\Riddim Driven - Baghdad Riddim (2003).zip
[2012.09.07 15:33:04 | 100,468,033 | R--- | M] () -- C:\Users\Mathias Wehpke\Desktop\Riddim Driven - 44 Flat Riddim (2003).zip
[2012.09.07 15:16:49 | 109,173,547 | R--- | M] () -- C:\Users\Mathias Wehpke\Desktop\Riddim Driven - Phantom Riddim (2004).zip
[2012.09.07 15:15:37 | 090,127,270 | R--- | M] () -- C:\Users\Mathias Wehpke\Desktop\Riddim Driven - Mexican Riddim (2002).zip
[2012.09.07 15:01:55 | 059,598,502 | R--- | M] () -- C:\Users\Mathias Wehpke\Desktop\Riddim Driven - Mad Instruments Riddim (2004).zip
[2012.09.07 14:52:02 | 058,391,308 | R--- | M] () -- C:\Users\Mathias Wehpke\Desktop\Riddim Driven - Nine Night Riddim (2001).zip
[2012.09.07 14:43:27 | 081,025,451 | R--- | M] () -- C:\Users\Mathias Wehpke\Desktop\Riddim Driven - Trilogy Pt. 2 & Ole Sore Riddim (2001).zip
[2012.09.07 11:55:20 | 000,002,010 | ---- | M] () -- C:\Users\Mathias Wehpke\Application Data\Microsoft\Internet Explorer\Quick Launch\888poker.lnk
[2012.09.07 11:55:20 | 000,001,992 | ---- | M] () -- C:\Users\Mathias Wehpke\Desktop\888poker.lnk
[2012.09.07 11:26:17 | 147,577,459 | R--- | M] () -- C:\Users\Mathias Wehpke\Desktop\Riddim Driven - Thunder & Bedroom Riddim (2001).zip
[2012.09.07 11:17:12 | 072,394,937 | R--- | M] () -- C:\Users\Mathias Wehpke\Desktop\BUY OUT RIDDIM [DEC 2001].zip
[2012.09.06 21:39:24 | 000,384,844 | ---- | M] () -- C:\Users\Mathias Wehpke\AppData\Local\funmoods-speeddial.crx
[2012.09.06 21:39:24 | 000,031,465 | ---- | M] () -- C:\Users\Mathias Wehpke\AppData\Local\funmoods.crx
[2012.08.31 18:00:45 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.net.lnk
[2012.08.31 17:55:43 | 020,905,256 | ---- | M] (PokerStars) -- C:\Users\Mathias Wehpke\Desktop\PokerStarsInstallEU.exe
[2012.08.31 14:05:17 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.31 14:05:17 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.31 14:05:17 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.31 14:05:17 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.31 14:05:17 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.27 10:33:26 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.08.21 11:47:08 | 000,001,521 | ---- | M] () -- C:\Windows\TVTEmulator.ini
[2012.08.21 11:13:56 | 000,000,952 | ---- | M] () -- C:\Users\Mathias Wehpke\Desktop\TV-Total Emulator.lnk
[2012.08.17 12:22:24 | 000,002,272 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012.08.17 12:21:31 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012.08.16 12:18:40 | 000,266,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.15 09:54:28 | 000,001,986 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.08.14 11:21:01 | 003,209,216 | ---- | M] () -- C:\Users\Mathias Wehpke\Desktop\Beenie Man - Gimmie Gimmie Gimmie.mp3
 
========== Files Created - No Company Name ==========
 
[2012.09.08 11:45:26 | 000,050,477 | ---- | C] () -- C:\Users\Mathias Wehpke\Desktop\Defogger.exe
[2012.09.08 10:05:28 | 000,001,080 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.07 22:00:37 | 000,001,478 | ---- | C] () -- C:\Users\Public\Desktop\bwin Poker.lnk
[2012.09.07 15:09:26 | 072,085,313 | R--- | C] () -- C:\Users\Mathias Wehpke\Desktop\VA-Riddim_Driven-Nookie_2K6-Promo_CD-2006-WiS.rar
[2012.09.07 15:08:33 | 145,950,358 | R--- | C] () -- C:\Users\Mathias Wehpke\Desktop\Riddim Driven - Salsa Riddim CD (2003).zip
[2012.09.07 15:04:52 | 106,452,490 | R--- | C] () -- C:\Users\Mathias Wehpke\Desktop\VA-Riddim_Driven-Reflections-Retail_CD-2006-JAH.zip
[2012.09.07 15:03:36 | 093,458,863 | R--- | C] () -- C:\Users\Mathias Wehpke\Desktop\VA-Riddim_Driven_Juicy-Retail_CD-2003-JAH.zip
[2012.09.07 15:02:30 | 066,178,775 | R--- | C] () -- C:\Users\Mathias Wehpke\Desktop\VA-Riddim_Driven-Hardtimes-Retail_CD-2004-JAH.rar
[2012.09.07 14:54:11 | 078,243,659 | R--- | C] () -- C:\Users\Mathias Wehpke\Desktop\VA-Riddim_Driven-Gully_Slime-Retail_CD-2006-RAS.zip
[2012.09.07 14:51:44 | 132,119,900 | R--- | C] () -- C:\Users\Mathias Wehpke\Desktop\Driven Riddim - All Out Riddim CD (2003).rar
[2012.09.07 14:51:05 | 094,467,474 | R--- | C] () -- C:\Users\Mathias Wehpke\Desktop\VA-Riddim_Driven-Rock_Steady-Retail_CD-2009-RKS.zip
[2012.09.07 14:46:43 | 113,593,657 | R--- | C] () -- C:\Users\Mathias Wehpke\Desktop\Riddim Driven - Thrilla riddim CD (2004).rar
[2012.09.07 14:42:53 | 100,468,033 | R--- | C] () -- C:\Users\Mathias Wehpke\Desktop\Riddim Driven - 44 Flat Riddim (2003).zip
[2012.09.07 14:39:14 | 101,442,305 | R--- | C] () -- C:\Users\Mathias Wehpke\Desktop\Riddim Driven - Baghdad Riddim (2003).zip
[2012.09.07 14:36:29 | 059,598,502 | R--- | C] () -- C:\Users\Mathias Wehpke\Desktop\Riddim Driven - Mad Instruments Riddim (2004).zip
[2012.09.07 14:33:29 | 090,127,270 | R--- | C] () -- C:\Users\Mathias Wehpke\Desktop\Riddim Driven - Mexican Riddim (2002).zip
[2012.09.07 14:31:14 | 058,391,308 | R--- | C] () -- C:\Users\Mathias Wehpke\Desktop\Riddim Driven - Nine Night Riddim (2001).zip
[2012.09.07 14:28:58 | 109,173,547 | R--- | C] () -- C:\Users\Mathias Wehpke\Desktop\Riddim Driven - Phantom Riddim (2004).zip
[2012.09.07 14:27:00 | 081,025,451 | R--- | C] () -- C:\Users\Mathias Wehpke\Desktop\Riddim Driven - Trilogy Pt. 2 & Ole Sore Riddim (2001).zip
[2012.09.07 11:55:20 | 000,002,010 | ---- | C] () -- C:\Users\Mathias Wehpke\Application Data\Microsoft\Internet Explorer\Quick Launch\888poker.lnk
[2012.09.07 11:55:20 | 000,001,992 | ---- | C] () -- C:\Users\Mathias Wehpke\Desktop\888poker.lnk
[2012.09.07 11:52:54 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.07 11:15:13 | 147,577,459 | R--- | C] () -- C:\Users\Mathias Wehpke\Desktop\Riddim Driven - Thunder & Bedroom Riddim (2001).zip
[2012.09.07 11:11:15 | 072,394,937 | R--- | C] () -- C:\Users\Mathias Wehpke\Desktop\BUY OUT RIDDIM [DEC 2001].zip
[2012.09.06 21:39:26 | 000,384,844 | ---- | C] () -- C:\Users\Mathias Wehpke\AppData\Local\funmoods-speeddial.crx
[2012.09.06 21:39:25 | 000,031,465 | ---- | C] () -- C:\Users\Mathias Wehpke\AppData\Local\funmoods.crx
[2012.08.31 18:00:45 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.net.lnk
[2012.08.27 10:33:26 | 000,001,113 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.08.27 10:33:26 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.08.21 11:14:07 | 000,001,521 | ---- | C] () -- C:\Windows\TVTEmulator.ini
[2012.08.21 11:13:56 | 000,000,952 | ---- | C] () -- C:\Users\Mathias Wehpke\Desktop\TV-Total Emulator.lnk
[2012.08.17 12:22:23 | 000,002,272 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012.08.14 11:20:47 | 003,209,216 | ---- | C] () -- C:\Users\Mathias Wehpke\Desktop\Beenie Man - Gimmie Gimmie Gimmie.mp3
[2012.04.16 10:07:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.04.16 10:07:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.04.16 10:07:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.04.16 10:07:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.04.16 10:07:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.04.11 19:49:02 | 000,000,000 | ---- | C] () -- C:\Users\Mathias Wehpke\defogger_reenable
[2012.03.06 12:14:21 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012.03.06 12:14:21 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012.03.01 23:54:40 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012.03.01 22:20:43 | 004,014,540 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.21 14:14:17 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011.12.21 14:00:18 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011.02.03 20:56:58 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2010.11.09 13:09:58 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll
 
========== LOP Check ==========
 
[2012.08.16 08:57:06 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\DVDVideoSoft
[2012.09.07 11:55:20 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\PacificPoker
[2012.08.28 10:40:56 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\SoftGrid Client
[2012.03.08 13:06:33 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\Toshiba
[2012.03.05 13:51:02 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\TOSHIBA Online Product Information
[2012.03.01 22:22:07 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\TP
[2012.06.23 17:27:35 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:46 on 08/09/2012 (Mathias Wehpke)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Mit Freundlichen Grüßen
matzepeng

Hallo,ich wollte noch anmerken,das ich heute wieder eine System Wiederherstellung gestartet habe und jetzt alle dinge auf meiner Taskleiste wieder da sind.
Doch der Laptop,ist bestimmt trotzdem noch infiziert.

nette grüße
matzepeng

cosinus 11.09.2012 11:43
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

matzepeng 12.09.2012 08:55
Malewarebytes ist nicht mehr auf mein Rechner.Ich denke mal das es durch die Systemwiederherstellung verschwunden ist da OTL auch nicht mehr auf mein Laptop ist.
grüße matzepeng

cosinus 12.09.2012 11:32
Schau mal nach ob die Logs noch hier zu sehen sind in Form von Textdateien. Damit du die Ordner auch siehst das hier VORHER umsetzen!! => http://www.trojaner-board.de/59624-a...-sichtbar.html

Hauptlogs nach Scans (Quick, Full oder Flash):
  • XP:
    C:\Dokumente und Einstellungen\(USER)\Anwendungsdaten\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd.txt

  • Vista, Windows 7, 2008:
    C:\Users\(USER)\AppData\Roaming\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-yyyy-mm-dd.txt

matzepeng 12.09.2012 17:40
Habe so noch Logdateien gefunden von Malewarebytes

Code:
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.10.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mathias Wehpke :: MATHIASWEHPKE [Administrator]

10.04.2012 21:04:21
mbam-log-2012-04-10 (21-04-21).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 313718
Laufzeit: 27 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.18.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mathias Wehpke :: MATHIASWEHPKE [Administrator]

19.04.2012 14:01:39
mbam-log-2012-04-19 (14-01-39).txt

Art des Suchlaufs: Benutzerdefinierter Suchlauf
Aktivierte Suchlaufeinstellungen: Dateisystem | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | P2P
Durchsuchte Objekte: 58
Laufzeit: 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.06.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mathias Wehpke :: MATHIASWEHPKE [Administrator]

06.05.2012 22:28:26
mbam-log-2012-05-06 (22-28-26).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 30618
Laufzeit: 10 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.06.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mathias Wehpke :: MATHIASWEHPKE [Administrator]

14.05.2012 12:03:19
mbam-log-2012-05-14 (12-03-19).txt

Art des Suchlaufs: Benutzerdefinierter Suchlauf
Aktivierte Suchlaufeinstellungen: Dateisystem | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | P2P
Durchsuchte Objekte: 1
Laufzeit: 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.06.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mathias Wehpke :: MATHIASWEHPKE [Administrator]

15.05.2012 15:37:59
mbam-log-2012-05-15 (15-37-59).txt

Art des Suchlaufs: Benutzerdefinierter Suchlauf
Aktivierte Suchlaufeinstellungen: Dateisystem | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Heuristiks/Extra | P2P
Durchsuchte Objekte: 1
Laufzeit: 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
grüße ike81

cosinus 12.09.2012 20:28
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

matzepeng 13.09.2012 09:00
hy hier der log

Code:
# AdwCleaner v2.001 - Datei am 09/13/2012 um 09:59:21 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Mathias Wehpke - MATHIASWEHPKE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mathias Wehpke\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gefunden : C:\Users\Mathias Wehpke\AppData\Local\funmoods.crx
Datei Gefunden : C:\Users\Mathias Wehpke\AppData\Local\funmoods-speeddial.crx
Datei Gefunden : C:\Users\Mathias Wehpke\AppData\Roaming\Mozilla\Firefox\Profiles\hrc7l44c.default\searchplugins\search.xml
Ordner Gefunden : C:\Program Files (x86)\AVG Secure Search
Ordner Gefunden : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gefunden : C:\ProgramData\AVG Secure Search
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Mathias Wehpke\AppData\Local\AVG Secure Search
Ordner Gefunden : C:\Users\Mathias Wehpke\AppData\Roaming\Mozilla\Firefox\Profiles\hrc7l44c.default\extensions\ffxtlbr@funmoods.com

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\AVG Secure Search
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\Software\AVG Secure Search
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Software
Schlüssel Gefunden : HKU\S-1-5-21-2962335387-2445119808-2019167956-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={A97FE354-88CA-4DAB-B169-C58B3D963240}&mid=af3a64d909244ed8b19557c2ffd64935-e7ea363af7b30adb67d08055fac976fd6a6a4ae0&lang=de&ds=hk011&pr=sa&d=2012-08-17 12:21:31&v=12.2.0.5&sap=hp

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default
Datei : C:\Users\Mathias Wehpke\AppData\Roaming\Mozilla\Firefox\Profiles\hrc7l44c.default\prefs.js

Gefunden : user_pref("extensions.enabledAddons", "ffxtlbr@funmoods.com:1.5.1,{972ce4c6-7e08-4474-a285-3208198ce[...]

*************************

AdwCleaner[R1].txt - [6678 octets] - [13/09/2012 09:56:33]
AdwCleaner[R2].txt - [6621 octets] - [13/09/2012 09:59:21]

########## EOF - C:\AdwCleaner[R2].txt - [6681 octets] ##########
Danke und nette grüße ike 81

cosinus 13.09.2012 16:26
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

matzepeng 13.09.2012 17:59
Hierr die Logdatei

Code:
# AdwCleaner v2.001 - Datei am 09/13/2012 um 18:51:53 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Mathias Wehpke - MATHIASWEHPKE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mathias Wehpke\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Users\Mathias Wehpke\AppData\Local\funmoods.crx
Datei Gelöscht : C:\Users\Mathias Wehpke\AppData\Local\funmoods-speeddial.crx
Datei Gelöscht : C:\Users\Mathias Wehpke\AppData\Roaming\Mozilla\Firefox\Profiles\hrc7l44c.default\searchplugins\search.xml
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Mathias Wehpke\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Mathias Wehpke\AppData\Roaming\Mozilla\Firefox\Profiles\hrc7l44c.default\extensions\ffxtlbr@funmoods.com

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={A97FE354-88CA-4DAB-B169-C58B3D963240}&mid=af3a64d909244ed8b19557c2ffd64935-e7ea363af7b30adb67d08055fac976fd6a6a4ae0&lang=de&ds=hk011&pr=sa&d=2012-08-17 12:21:31&v=12.2.0.5&sap=hp --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default
Datei : C:\Users\Mathias Wehpke\AppData\Roaming\Mozilla\Firefox\Profiles\hrc7l44c.default\prefs.js

Gelöscht : user_pref("extensions.enabledAddons", "ffxtlbr@funmoods.com:1.5.1,{972ce4c6-7e08-4474-a285-3208198ce[...]

*************************

AdwCleaner[R1].txt - [6678 octets] - [13/09/2012 09:56:33]
AdwCleaner[R2].txt - [6738 octets] - [13/09/2012 09:59:21]
AdwCleaner[S1].txt - [7266 octets] - [13/09/2012 18:51:53]

########## EOF - C:\AdwCleaner[S1].txt - [7326 octets] ##########
gruß ike81

cosinus 14.09.2012 11:09
Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

matzepeng 14.09.2012 13:58
Der normale Modus unter Windows geht wieder uneingeschränkt!
Es Fehlt auch nichts im Start Menü alles vorhanden!
gruß ike81

cosinus 14.09.2012 19:47
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

matzepeng 15.09.2012 09:36
Hier der OTL Text

OTL Logfile:
Code:
OTL logfile created on: 15.09.2012 09:59:53 - Run 3
OTL by OldTimer - Version 3.2.61.4    Folder = C:\Users\Mathias Wehpke\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 62,88% Memory free
7,95 Gb Paging File | 6,20 Gb Available in Paging File | 77,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 232,88 Gb Total Space | 90,27 Gb Free Space | 38,76% Space Free | Partition Type: NTFS
Drive D: | 232,49 Gb Total Space | 104,26 Gb Free Space | 44,85% Space Free | Partition Type: NTFS
Drive E: | 285,56 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: MATHIASWEHPKE | User Name: Mathias Wehpke | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.15 09:55:34 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias Wehpke\Desktop\OTL.exe
PRC - [2012.09.07 18:04:18 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.08.17 12:21:30 | 000,927,840 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
PRC - [2012.08.11 12:51:11 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.08 21:47:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 21:47:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.02.01 14:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.01 14:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.12.03 15:57:16 | 000,304,560 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010.08.16 11:54:50 | 000,034,160 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
PRC - [2010.08.04 18:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.07.28 21:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.07 18:04:18 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.10.12 11:55:12 | 005,739,008 | ---- | M] (Native Instruments GmbH) [Auto | Running] -- C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe -- (NIHardwareService)
SRV:64bit: - [2010.12.09 18:45:26 | 000,489,384 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV:64bit: - [2010.12.08 16:42:54 | 000,137,632 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV:64bit: - [2010.10.20 15:41:00 | 000,138,656 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv)
SRV:64bit: - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.09.07 11:52:54 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.17 12:21:30 | 000,927,840 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe -- (vToolbarUpdater12.2.0)
SRV - [2012.07.27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.08 21:47:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 21:47:17 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.02.10 09:25:36 | 000,112,080 | ---- | M] (Toshiba Europe GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService)
SRV - [2011.02.01 14:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.01 14:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.11.29 15:58:30 | 000,054,136 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2010.08.04 18:11:34 | 001,809,920 | ---- | M] (Realsil Microelectronics Inc.) [Auto | Running] -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe -- (IconMan_R)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.01.28 17:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.10 19:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.08.17 12:21:31 | 000,031,080 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012.05.08 21:47:29 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 21:47:29 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.21 13:51:29 | 000,020,592 | ---- | M] (Compal Electronics, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CeKbFilter.sys -- (CeKbFilter)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.16 17:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.05.10 03:41:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.08 20:07:00 | 000,038,096 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect)
DRV:64bit: - [2011.02.03 20:59:06 | 001,413,680 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.01.13 20:58:30 | 000,413,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.01.12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.01.05 02:08:58 | 001,109,096 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192ce.sys -- (RTL8192Ce)
DRV:64bit: - [2010.12.07 15:23:02 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2010.12.07 15:23:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2010.12.07 15:23:00 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2010.12.07 15:22:58 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.19 17:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.07.20 18:43:22 | 000,247,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2010.03.22 11:55:20 | 000,046,192 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LPCFilter.sys -- (LPCFilter)
DRV:64bit: - [2009.07.30 21:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV:64bit: - [2009.07.14 17:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-2962335387-2445119808-2019167956-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2962335387-2445119808-2019167956-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2962335387-2445119808-2019167956-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2962335387-2445119808-2019167956-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 28 AA 7E EB D5 34 CD 01  [binary data]
IE - HKU\S-1-5-21-2962335387-2445119808-2019167956-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2962335387-2445119808-2019167956-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.07 18:04:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.08.27 10:33:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias Wehpke\AppData\Roaming\mozilla\Extensions
[2012.09.13 18:51:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias Wehpke\AppData\Roaming\mozilla\Firefox\Profiles\hrc7l44c.default\extensions
[2012.08.27 10:33:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.09.07 18:04:19 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 20:47:44 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.04.16 10:12:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH)
O4:64bit: - HKLM..\Run: [TosNC] C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation)
O4:64bit: - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe (TOSHIBA Electronics, Inc.)
O4 - HKLM..\Run: [KeNotify] C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe (TOSHIBA CORPORATION)
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe (TOSHIBA)
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKU\.DEFAULT..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-18..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe (TOSHIBA)
O4 - HKU\S-1-5-21-2962335387-2445119808-2019167956-1000..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe (TOSHIBA)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O4 - Startup: C:\Users\Mathias Wehpke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2962335387-2445119808-2019167956-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2962335387-2445119808-2019167956-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mathias Wehpke\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mathias Wehpke\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Zu TOSHIBA Bulletin Board hinzufügen - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9:64bit: - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom64.dll (TODO: <会社名>)
O9 - Extra Button: PokerStars.eu - {07BA1DA9-F501-4796-8728-74D1B91A6CD5} - C:\Program Files (x86)\PokerStars.EU\PokerStarsUpdate.exe File not found
O9 - Extra Button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra 'Tools' menuitem : @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll (TODO: <会社名>)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{81C079F3-6C8E-4AD9-96FB-933E495C684D}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest - No CLSID value found
O18 - Protocol\Handler\sacore - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O18 - Protocol\Filter\application/x-mfe-ipt - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MCODS -
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS -
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.15 09:55:34 | 000,599,552 | ---- | C] (OldTimer Tools) -- C:\Users\Mathias Wehpke\Desktop\OTL.exe
[2012.09.14 15:16:11 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Gutschein NR. Korn  Music Store
[2012.09.12 00:29:20 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\Desktop\white lion - mix cd`s - 2012
[2012.09.12 00:29:10 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\Desktop\soca - tunes - 2012
[2012.09.12 00:28:49 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\Desktop\soca - selection - 2012
[2012.09.12 00:28:48 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\Desktop\lauschangriff - love child b-day
[2012.09.09 16:31:01 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\Desktop\mcke
[2012.09.08 11:47:36 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\Desktop\logs trojaner
[2012.09.08 10:05:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.08 01:06:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.09.07 22:00:47 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\P5JavaClientSettings
[2012.09.07 22:00:38 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\P5
[2012.09.07 22:00:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\bwin Poker
[2012.09.07 22:00:36 | 000,000,000 | ---D | C] -- C:\bwinPoker
[2012.09.07 11:55:21 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\Documents\888poker
[2012.09.07 11:55:20 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\Start Menu
[2012.09.07 11:55:20 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\Application Data
[2012.09.07 11:55:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\888poker
[2012.09.07 11:54:30 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Roaming\PacificPoker
[2012.09.07 11:54:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PacificPoker
[2012.09.06 20:51:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Everest Poker
[2012.09.05 13:29:03 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\PokerStars.EU
[2012.08.31 18:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.NET
[2012.08.31 17:54:38 | 020,905,256 | ---- | C] (PokerStars) -- C:\Users\Mathias Wehpke\Desktop\PokerStarsInstallEU.exe
[2012.08.31 17:29:22 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\PokerStars
[2012.08.31 17:29:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars.EU
[2012.08.31 17:15:59 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\PokerStars.NET
[2012.08.31 17:15:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PokerStars.NET
[2012.08.27 10:33:32 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Roaming\Mozilla
[2012.08.26 22:08:57 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{175B6B52-DB09-4C15-92CC-C6C2080EEE88}
[2012.08.21 15:30:30 | 000,000,000 | ---D | C] -- C:\Users\Mathias Wehpke\AppData\Local\{148F6406-A474-4D3C-90D7-0DECB360FF8A}
[2012.08.21 11:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TV-Total Emulator
[2012.08.21 11:13:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TV-Total Emulator
[2012.08.17 12:22:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2012.08.17 12:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2012.08.17 12:22:15 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2012.08.17 12:21:31 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012.08.17 12:21:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.15 10:04:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.15 09:55:34 | 000,599,552 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias Wehpke\Desktop\OTL.exe
[2012.09.15 09:44:07 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.15 09:44:07 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.15 09:44:07 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.15 09:44:07 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.15 09:44:07 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.15 09:42:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.14 22:20:23 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.14 22:20:23 | 000,025,120 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.14 22:13:26 | 000,002,006 | ---- | M] () -- C:\Users\Mathias Wehpke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk
[2012.09.14 22:12:49 | 3203,735,552 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.13 09:55:28 | 000,512,399 | ---- | M] () -- C:\Users\Mathias Wehpke\Desktop\adwcleaner.exe
[2012.09.07 22:00:37 | 000,001,478 | ---- | M] () -- C:\Users\Public\Desktop\bwin Poker.lnk
[2012.08.31 18:00:45 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.net.lnk
[2012.08.31 17:55:43 | 020,905,256 | ---- | M] (PokerStars) -- C:\Users\Mathias Wehpke\Desktop\PokerStarsInstallEU.exe
[2012.08.27 10:33:26 | 000,001,101 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.08.21 11:47:08 | 000,001,521 | ---- | M] () -- C:\Windows\TVTEmulator.ini
[2012.08.21 11:13:56 | 000,000,952 | ---- | M] () -- C:\Users\Mathias Wehpke\Desktop\TV-Total Emulator.lnk
[2012.08.17 12:22:24 | 000,002,272 | ---- | M] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012.08.17 12:21:31 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012.08.16 12:18:40 | 000,266,688 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.09.13 09:55:27 | 000,512,399 | ---- | C] () -- C:\Users\Mathias Wehpke\Desktop\adwcleaner.exe
[2012.09.12 00:29:59 | 179,320,196 | ---- | C] () -- C:\Users\Mathias Wehpke\Desktop\max b day at lauschi - sound fighter - 18 05 2012 - set 01.mp3
[2012.09.07 22:00:37 | 000,001,478 | ---- | C] () -- C:\Users\Public\Desktop\bwin Poker.lnk
[2012.09.07 11:52:54 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.31 18:00:45 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.net.lnk
[2012.08.27 10:33:26 | 000,001,113 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.08.27 10:33:26 | 000,001,101 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.08.21 11:14:07 | 000,001,521 | ---- | C] () -- C:\Windows\TVTEmulator.ini
[2012.08.21 11:13:56 | 000,000,952 | ---- | C] () -- C:\Users\Mathias Wehpke\Desktop\TV-Total Emulator.lnk
[2012.08.17 12:22:23 | 000,002,272 | ---- | C] () -- C:\Users\Public\Desktop\WinZip.lnk
[2012.04.16 10:07:34 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.04.16 10:07:34 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.04.16 10:07:34 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.04.16 10:07:34 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.04.16 10:07:34 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.04.11 19:49:02 | 000,000,000 | ---- | C] () -- C:\Users\Mathias Wehpke\defogger_reenable
[2012.03.06 12:14:21 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012.03.06 12:14:21 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012.03.01 23:54:40 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012.03.01 22:20:43 | 004,014,540 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.21 14:14:17 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2011.12.21 14:00:18 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011.02.03 20:56:58 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2010.11.09 13:09:58 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\SPCtl.dll
 
========== LOP Check ==========
 
[2012.08.16 08:57:06 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\DVDVideoSoft
[2012.09.12 09:42:22 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\PacificPoker
[2012.08.28 10:40:56 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\SoftGrid Client
[2012.03.08 13:06:33 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\Toshiba
[2012.03.05 13:51:02 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\TOSHIBA Online Product Information
[2012.03.01 22:22:07 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\TP
[2012.06.23 17:27:35 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.03.01 20:01:50 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\Adobe
[2012.08.10 14:12:16 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\ArcSoft
[2012.03.02 10:53:46 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\Avira
[2012.07.15 18:12:02 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\dvdcss
[2012.08.16 08:57:06 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\DVDVideoSoft
[2012.03.01 19:58:20 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\Identities
[2012.03.01 20:31:25 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\Macromedia
[2012.04.10 21:02:27 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\Malwarebytes
[2010.11.21 09:16:41 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\Media Center Programs
[2012.09.06 21:49:23 | 000,000,000 | --SD | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\Microsoft
[2012.08.27 10:33:47 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\Mozilla
[2012.03.01 22:32:52 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\Nero
[2012.09.12 09:42:22 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\PacificPoker
[2012.09.13 10:48:05 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\Skype
[2012.08.28 10:40:56 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\SoftGrid Client
[2012.03.08 13:06:33 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\Toshiba
[2012.03.05 13:51:02 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\TOSHIBA Online Product Information
[2012.03.01 22:22:07 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\TP
[2012.09.13 13:09:20 | 000,000,000 | ---D | M] -- C:\Users\Mathias Wehpke\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2011.01.12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.01.12 18:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\ERDNT\cache86\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\ERDNT\cache64\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >

< End of report >
--- --- ---

liebe güße matzeatze

cosinus 15.09.2012 14:18
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2962335387-2445119808-2019167956-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2962335387-2445119808-2019167956-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
:Files
C:\Users\Mathias Wehpke\AppData\Local\{*
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

matzepeng 16.09.2012 08:38
Hier das Logfile

Code:
All processes killed
========== OTL ==========
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@mcafee.com/MSC,version=10\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-2962335387-2445119808-2019167956-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2962335387-2445119808-2019167956-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives deleted successfully.
========== FILES ==========
C:\Users\Mathias Wehpke\AppData\Local\{0590E6A8-F9B6-435B-A32D-113A54E7FFC6} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{06316F92-1D7F-4ED8-B5A0-184D0B7DA50A} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{0F5E5E29-0D02-490D-9679-4A3AAFCBD222} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{148F6406-A474-4D3C-90D7-0DECB360FF8A} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{16250FE9-0C07-443E-896B-1FA2454552BA} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{175B6B52-DB09-4C15-92CC-C6C2080EEE88} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{1A723313-5462-4AD8-8D9A-7C48E8469FF3} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{216424BC-43B7-43D3-BD74-A3008977FBEE} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{2199C085-2118-4FC5-8108-BC1D14FDD0D3} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{2A5710F0-B40C-4CA1-BBFD-9AA406DFB365} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{2E7068EE-8286-442D-BD27-7686C40C198A} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{30D79529-DD88-4143-94AE-1198B9F42A34} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{331816A4-8B5D-4845-A1D4-853B5CC539BA} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{33575E26-123E-4921-82CC-97FA15434D9D} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{34EADD9F-5F40-4F21-BC9F-4F09EAA4B0B8} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{3EE67039-67D5-4636-9E8D-5A4B86C3271E} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{3FE0BB59-D8FD-4E5A-B9B2-6AADEF1469D2} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{45AA03C8-D238-455E-8717-66F0495B6D21} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{489C6A7C-D2C1-4D69-9F25-BDEC1E3EE0B8} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{4E4B5DB7-C0B5-41ED-BFC6-D49808854C94} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{4F045D5F-BE28-4C15-90FF-E170E5CD46F5} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{52D17B3E-3B7E-4D00-9AAC-79FBED7F9DCE} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{52FADD55-F313-42B0-B1F1-151C83697E96} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{561A33D6-7628-40CE-AD07-C2886B772DB8} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{56A06A09-C346-4E55-BDBC-CB8D9F9267BE} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{56E144C8-2081-41AB-9C50-5E2A0BC36202} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{592F984C-A301-4A01-B937-4B8E8993D5AC} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{5AA3CCF6-6208-4355-87A7-6AA10187293B} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{5B01307D-C98F-45C9-BA33-0F750EBB1E3E} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{5CCF5286-8E1A-4550-930F-E8B82F399669} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{5D6EF785-81F0-4D22-A8F1-FDEF71775D01} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{5DCA1FA1-470F-4F32-9CEE-2D0CFC5C82BD} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{63B9B549-7245-480A-A787-FFB368455D05} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{6BACADC0-1111-4A0A-8E7F-FBF221559214} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{6C8D77D5-DAB9-4A86-93CB-E4AB3E6EBE88} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{6E4C706C-822D-4C75-AD39-6F395DCBDBD5} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{71658C9D-5AD7-4FA3-BFAC-DD8F55CA7628} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{76335E2F-1923-4874-B760-DADD8D100969} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{79865EC3-8ED6-441F-BE13-10A224E04A4C} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{7BF990F9-AE9A-4337-8A1F-3E1F5A661FDE} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{7CD0EF18-6F6B-40B1-B24B-51A19D6495EA} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{8029399F-8B7D-4299-9F35-7D435D99D6D3} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{8834DDF2-A958-41CB-A035-872A80FD0989} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{899A736D-539B-4D8A-B8D4-F8BF051DD86A} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{8AE65FFB-0189-430B-95D4-68E39F279FDD} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{930CF94B-B2B3-436D-8B77-B498D3FDC6EF} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{9527F5DE-D015-48E5-9021-F808480297B0} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{974BADEF-215E-496E-8D7B-9A722B90961F} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{9788A29E-C3F2-4505-80EE-128B13CA3F54} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{9A00DCAF-03FE-4859-A9A5-000434FF16A1} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{9BF8F08B-3650-4207-B263-093FBF6EA2C7} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{9FDC76AE-AF58-44B8-AAEA-D2CE78E31F0A} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{A198CB0E-B433-4CFC-B816-3CF7AB60FA02} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{A2F3FCA4-4A91-4787-9027-DB8D9A38A854} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{A3CF102E-1145-45BA-9315-0EB63699E208} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{A767C658-EA69-49AE-A270-9171C71ACF78} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{AA11200A-FC04-4AF8-B549-0077483651D4} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{AB4EAB55-1590-45E4-9A9A-385C35C2B6FF} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{ACBD79F7-5A3D-41FA-9C95-523CBA3C1D8E} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{B4984444-D7F9-4766-8067-5DA88E07AD42} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{BFB0396A-51DB-48DD-B1ED-0457C261B4E2} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{CC059663-EF32-4DA9-BCDF-8E6895A2825F} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{CF1A8703-4AA4-405A-8D4A-8E09240702CF} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{D16C1EDD-8B48-4519-9D48-6709288329C7} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{D257C4D8-E482-4811-B886-675C40523393} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{D33DF28B-7FCD-4BE5-8C4E-DAF996CEAD39} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{D4097B5C-6168-4738-B8D7-8B32CB2B34B9} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{D4674694-3499-4570-B749-F780E54FDCDC} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{E55FF987-3847-4B9B-ABD6-720117548253} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{E7006125-9842-492E-A8F1-E578002A8553} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{E86892C3-9F44-4DE6-AEB8-77207A03F30C} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{EE81FB16-AB76-4638-BDF4-64A08AB62127} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{EEC8D146-FEF2-4861-B9D0-7C84BFABE1E7} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{EFDD117B-A518-4558-8C58-91588D14FFD9} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{F33D3EB1-4488-447B-9653-6FB1033AD65A} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{F718F04F-4EF3-4A92-AAFA-3E8955060DF1} folder moved successfully.
C:\Users\Mathias Wehpke\AppData\Local\{FC74BA1E-BD56-45CE-9257-DE7A332C2709} folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Mathias Wehpke\Desktop\cmd.bat deleted successfully.
C:\Users\Mathias Wehpke\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Mathias Wehpke
->Temp folder emptied: 1234981 bytes
->Temporary Internet Files folder emptied: 1694022 bytes
->FireFox cache emptied: 1096330653 bytes
->Flash cache emptied: 27492 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 133861 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 436570999 bytes
 
Total Files Cleaned = 1.465,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.61.4 log created on 09162012_091901

Files\Folders moved on Reboot...
C:\Users\Mathias Wehpke\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Grüße matzeatze

cosinus 16.09.2012 18:26
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

matzepeng 17.09.2012 09:45
Hier die Logdatei

Code:
10:35:51.0375 6080  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
10:35:54.0367 6080  ============================================================
10:35:54.0367 6080  Current date / time: 2012/09/17 10:35:54.0367
10:35:54.0367 6080  SystemInfo:
10:35:54.0367 6080 
10:35:54.0367 6080  OS Version: 6.1.7601 ServicePack: 1.0
10:35:54.0367 6080  Product type: Workstation
10:35:54.0367 6080  ComputerName: MATHIASWEHPKE
10:35:54.0367 6080  UserName: Mathias Wehpke
10:35:54.0367 6080  Windows directory: C:\Windows
10:35:54.0367 6080  System windows directory: C:\Windows
10:35:54.0367 6080  Running under WOW64
10:35:54.0367 6080  Processor architecture: Intel x64
10:35:54.0367 6080  Number of processors: 4
10:35:54.0367 6080  Page size: 0x1000
10:35:54.0367 6080  Boot type: Normal boot
10:35:54.0367 6080  ============================================================
10:35:54.0698 6080  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
10:35:54.0700 6080  ============================================================
10:35:54.0700 6080  \Device\Harddisk0\DR0:
10:35:54.0700 6080  MBR partitions:
10:35:54.0700 6080  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x1D1C3000
10:35:54.0700 6080  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D28B800, BlocksNum 0x1D0FA800
10:35:54.0700 6080  ============================================================
10:35:54.0735 6080  C: <-> \Device\Harddisk0\DR0\Partition1
10:35:54.0778 6080  D: <-> \Device\Harddisk0\DR0\Partition2
10:35:54.0779 6080  ============================================================
10:35:54.0779 6080  Initialize success
10:35:54.0779 6080  ============================================================
10:37:42.0815 1112  ============================================================
10:37:42.0815 1112  Scan started
10:37:42.0815 1112  Mode: Manual; SigCheck; TDLFS;
10:37:42.0815 1112  ============================================================
10:37:43.0080 1112  ================ Scan system memory ========================
10:37:43.0080 1112  System memory - ok
10:37:43.0080 1112  ================ Scan services =============================
10:37:43.0314 1112  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
10:37:43.0439 1112  1394ohci - ok
10:37:43.0595 1112  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
10:37:43.0797 1112  ACDaemon - ok
10:37:43.0891 1112  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
10:37:43.0891 1112  ACPI - ok
10:37:43.0922 1112  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
10:37:43.0985 1112  AcpiPmi - ok
10:37:44.0063 1112  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:37:44.0063 1112  AdobeARMservice - ok
10:37:44.0203 1112  [ F3CD7B20B27D1772C946DF993FF3635C ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:37:44.0203 1112  AdobeFlashPlayerUpdateSvc - ok
10:37:44.0265 1112  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
10:37:44.0281 1112  adp94xx - ok
10:37:44.0328 1112  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\drivers\adpahci.sys
10:37:44.0343 1112  adpahci - ok
10:37:44.0375 1112  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
10:37:44.0375 1112  adpu320 - ok
10:37:44.0406 1112  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
10:37:44.0562 1112  AeLookupSvc - ok
10:37:44.0640 1112  [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc            C:\Windows\syswow64\drivers\Afc.sys
10:37:44.0655 1112  Afc - ok
10:37:44.0718 1112  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\Windows\system32\drivers\afd.sys
10:37:44.0780 1112  AFD - ok
10:37:44.0827 1112  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
10:37:44.0843 1112  agp440 - ok
10:37:44.0874 1112  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
10:37:44.0936 1112  ALG - ok
10:37:44.0983 1112  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
10:37:44.0983 1112  aliide - ok
10:37:44.0999 1112  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
10:37:44.0999 1112  amdide - ok
10:37:45.0030 1112  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
10:37:45.0061 1112  AmdK8 - ok
10:37:45.0077 1112  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
10:37:45.0123 1112  AmdPPM - ok
10:37:45.0155 1112  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
10:37:45.0155 1112  amdsata - ok
10:37:45.0233 1112  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
10:37:45.0248 1112  amdsbs - ok
10:37:45.0264 1112  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
10:37:45.0264 1112  amdxata - ok
10:37:45.0311 1112  [ 48CD7E6520D47D62EAB0E6CE3EC30C65 ] Andbus          C:\Windows\system32\DRIVERS\lgandbus64.sys
10:37:45.0357 1112  Andbus - ok
10:37:45.0389 1112  [ 08CBACC00D15DCDBBAAE1A7C8F231C61 ] AndDiag        C:\Windows\system32\DRIVERS\lganddiag64.sys
10:37:45.0404 1112  AndDiag - ok
10:37:45.0451 1112  [ CEA9A4CD6B3A83428CE8501240833668 ] AndGps          C:\Windows\system32\DRIVERS\lgandgps64.sys
10:37:45.0482 1112  AndGps - ok
10:37:45.0513 1112  [ E2B5663E547FA5E756B253EFA8EC8286 ] ANDModem        C:\Windows\system32\DRIVERS\lgandmodem64.sys
10:37:45.0545 1112  ANDModem - ok
10:37:45.0654 1112  [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
10:37:45.0654 1112  AntiVirSchedulerService - ok
10:37:45.0701 1112  [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
10:37:45.0701 1112  AntiVirService - ok
10:37:45.0732 1112  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
10:37:45.0857 1112  AppID - ok
10:37:45.0888 1112  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
10:37:45.0935 1112  AppIDSvc - ok
10:37:45.0981 1112  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo        C:\Windows\System32\appinfo.dll
10:37:46.0028 1112  Appinfo - ok
10:37:46.0091 1112  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\drivers\arc.sys
10:37:46.0091 1112  arc - ok
10:37:46.0106 1112  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
10:37:46.0122 1112  arcsas - ok
10:37:46.0137 1112  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
10:37:46.0184 1112  AsyncMac - ok
10:37:46.0215 1112  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
10:37:46.0231 1112  atapi - ok
10:37:46.0262 1112  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:37:46.0309 1112  AudioEndpointBuilder - ok
10:37:46.0325 1112  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
10:37:46.0356 1112  AudioSrv - ok
10:37:46.0403 1112  [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
10:37:46.0403 1112  avgntflt - ok
10:37:46.0481 1112  [ E964EA70249DDE1343C8F694B52575EE ] avgtp          C:\Windows\system32\drivers\avgtpx64.sys
10:37:46.0496 1112  avgtp - ok
10:37:46.0543 1112  [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
10:37:46.0543 1112  avipbb - ok
10:37:46.0574 1112  [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
10:37:46.0574 1112  avkmgr - ok
10:37:46.0621 1112  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
10:37:46.0683 1112  AxInstSV - ok
10:37:46.0746 1112  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\drivers\bxvbda.sys
10:37:46.0793 1112  b06bdrv - ok
10:37:46.0824 1112  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
10:37:46.0871 1112  b57nd60a - ok
10:37:46.0917 1112  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
10:37:46.0949 1112  BDESVC - ok
10:37:46.0980 1112  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
10:37:47.0042 1112  Beep - ok
10:37:47.0105 1112  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\Windows\System32\bfe.dll
10:37:47.0167 1112  BFE - ok
10:37:47.0214 1112  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\system32\qmgr.dll
10:37:47.0307 1112  BITS - ok
10:37:47.0339 1112  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
10:37:47.0370 1112  blbdrive - ok
10:37:47.0432 1112  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
10:37:47.0479 1112  bowser - ok
10:37:47.0495 1112  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
10:37:47.0541 1112  BrFiltLo - ok
10:37:47.0557 1112  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
10:37:47.0573 1112  BrFiltUp - ok
10:37:47.0619 1112  [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP        C:\Windows\system32\DRIVERS\bridge.sys
10:37:47.0651 1112  BridgeMP - ok
10:37:47.0697 1112  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
10:37:47.0729 1112  Browser - ok
10:37:47.0760 1112  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
10:37:47.0791 1112  Brserid - ok
10:37:47.0807 1112  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
10:37:47.0822 1112  BrSerWdm - ok
10:37:47.0853 1112  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
10:37:47.0869 1112  BrUsbMdm - ok
10:37:47.0900 1112  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
10:37:47.0916 1112  BrUsbSer - ok
10:37:47.0947 1112  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
10:37:47.0963 1112  BTHMODEM - ok
10:37:48.0009 1112  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
10:37:48.0025 1112  bthserv - ok
10:37:48.0041 1112  catchme - ok
10:37:48.0056 1112  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
10:37:48.0103 1112  cdfs - ok
10:37:48.0134 1112  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
10:37:48.0197 1112  cdrom - ok
10:37:48.0259 1112  [ A965B206921C55F2D1481789D609B711 ] CeKbFilter      C:\Windows\system32\DRIVERS\CeKbFilter.sys
10:37:48.0275 1112  CeKbFilter - ok
10:37:48.0306 1112  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
10:37:48.0368 1112  CertPropSvc - ok
10:37:48.0446 1112  [ 41E7C4FA6491747402CFCA77CC1C7AAB ] cfWiMAXService  C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
10:37:48.0462 1112  cfWiMAXService - ok
10:37:48.0477 1112  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
10:37:48.0509 1112  circlass - ok
10:37:48.0540 1112  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
10:37:48.0555 1112  CLFS - ok
10:37:48.0633 1112  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:37:48.0633 1112  clr_optimization_v2.0.50727_32 - ok
10:37:48.0665 1112  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:37:48.0680 1112  clr_optimization_v2.0.50727_64 - ok
10:37:48.0727 1112  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:37:48.0743 1112  clr_optimization_v4.0.30319_32 - ok
10:37:48.0774 1112  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:37:48.0789 1112  clr_optimization_v4.0.30319_64 - ok
10:37:48.0805 1112  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
10:37:48.0821 1112  CmBatt - ok
10:37:48.0867 1112  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
10:37:48.0867 1112  cmdide - ok
10:37:48.0899 1112  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG            C:\Windows\system32\Drivers\cng.sys
10:37:48.0930 1112  CNG - ok
10:37:48.0977 1112  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
10:37:48.0992 1112  Compbatt - ok
10:37:49.0008 1112  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
10:37:49.0039 1112  CompositeBus - ok
10:37:49.0055 1112  COMSysApp - ok
10:37:49.0101 1112  [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
10:37:49.0101 1112  ConfigFree Service - ok
10:37:49.0133 1112  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
10:37:49.0133 1112  crcdisk - ok
10:37:49.0179 1112  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
10:37:49.0226 1112  CryptSvc - ok
10:37:49.0320 1112  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
10:37:49.0351 1112  cvhsvc - ok
10:37:49.0398 1112  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
10:37:49.0476 1112  DcomLaunch - ok
10:37:49.0507 1112  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
10:37:49.0554 1112  defragsvc - ok
10:37:49.0585 1112  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
10:37:49.0647 1112  DfsC - ok
10:37:49.0694 1112  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
10:37:49.0741 1112  Dhcp - ok
10:37:49.0772 1112  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
10:37:49.0819 1112  discache - ok
10:37:49.0866 1112  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
10:37:49.0881 1112  Disk - ok
10:37:49.0897 1112  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
10:37:49.0944 1112  Dnscache - ok
10:37:49.0959 1112  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
10:37:50.0006 1112  dot3svc - ok
10:37:50.0022 1112  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
10:37:50.0084 1112  DPS - ok
10:37:50.0115 1112  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
10:37:50.0147 1112  drmkaud - ok
10:37:50.0178 1112  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
10:37:50.0193 1112  DXGKrnl - ok
10:37:50.0225 1112  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
10:37:50.0256 1112  EapHost - ok
10:37:50.0349 1112  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\drivers\evbda.sys
10:37:50.0412 1112  ebdrv - ok
10:37:50.0443 1112  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\Windows\System32\lsass.exe
10:37:50.0490 1112  EFS - ok
10:37:50.0505 1112  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
10:37:50.0521 1112  elxstor - ok
10:37:50.0537 1112  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
10:37:50.0568 1112  ErrDev - ok
10:37:50.0615 1112  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
10:37:50.0661 1112  EventSystem - ok
10:37:50.0693 1112  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
10:37:50.0739 1112  exfat - ok
10:37:50.0771 1112  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
10:37:50.0817 1112  fastfat - ok
10:37:50.0864 1112  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\Windows\system32\fxssvc.exe
10:37:50.0927 1112  Fax - ok
10:37:50.0958 1112  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\drivers\fdc.sys
10:37:50.0973 1112  fdc - ok
10:37:51.0020 1112  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
10:37:51.0051 1112  fdPHost - ok
10:37:51.0051 1112  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
10:37:51.0114 1112  FDResPub - ok
10:37:51.0145 1112  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
10:37:51.0145 1112  FileInfo - ok
10:37:51.0192 1112  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
10:37:51.0254 1112  Filetrace - ok
10:37:51.0270 1112  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
10:37:51.0270 1112  flpydisk - ok
10:37:51.0301 1112  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
10:37:51.0301 1112  FltMgr - ok
10:37:51.0348 1112  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache      C:\Windows\system32\FntCache.dll
10:37:51.0410 1112  FontCache - ok
10:37:51.0457 1112  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:37:51.0473 1112  FontCache3.0.0.0 - ok
10:37:51.0473 1112  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
10:37:51.0488 1112  FsDepends - ok
10:37:51.0504 1112  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
10:37:51.0519 1112  Fs_Rec - ok
10:37:51.0551 1112  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
10:37:51.0566 1112  fvevol - ok
10:37:51.0582 1112  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
10:37:51.0582 1112  gagp30kx - ok
10:37:51.0629 1112  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
10:37:51.0660 1112  gpsvc - ok
10:37:51.0675 1112  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
10:37:51.0707 1112  hcw85cir - ok
10:37:51.0769 1112  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:37:51.0800 1112  HdAudAddService - ok
10:37:51.0831 1112  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
10:37:51.0878 1112  HDAudBus - ok
10:37:51.0909 1112  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\drivers\HidBatt.sys
10:37:51.0941 1112  HidBatt - ok
10:37:51.0956 1112  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
10:37:51.0972 1112  HidBth - ok
10:37:52.0019 1112  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\drivers\hidir.sys
10:37:52.0034 1112  HidIr - ok
10:37:52.0050 1112  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\System32\hidserv.dll
10:37:52.0097 1112  hidserv - ok
10:37:52.0143 1112  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
10:37:52.0143 1112  HidUsb - ok
10:37:52.0175 1112  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
10:37:52.0221 1112  hkmsvc - ok
10:37:52.0253 1112  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:37:52.0299 1112  HomeGroupListener - ok
10:37:52.0331 1112  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:37:52.0362 1112  HomeGroupProvider - ok
10:37:52.0377 1112  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
10:37:52.0393 1112  HpSAMD - ok
10:37:52.0424 1112  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
10:37:52.0487 1112  HTTP - ok
10:37:52.0518 1112  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
10:37:52.0518 1112  hwpolicy - ok
10:37:52.0533 1112  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
10:37:52.0549 1112  i8042prt - ok
10:37:52.0580 1112  [ D469B77687E12FE43E344806740B624D ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
10:37:52.0596 1112  iaStor - ok
10:37:52.0627 1112  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
10:37:52.0643 1112  iaStorV - ok
10:37:52.0736 1112  [ DABFBE88774A3C1A8CEA198348E02740 ] IconMan_R      C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
10:37:52.0783 1112  IconMan_R ( UnsignedFile.Multi.Generic ) - warning
10:37:52.0783 1112  IconMan_R - detected UnsignedFile.Multi.Generic (1)
10:37:52.0814 1112  [ DAF66902F08796F9C694901660E5A64A ] IDriverT        C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
10:37:52.0845 1112  IDriverT ( UnsignedFile.Multi.Generic ) - warning
10:37:52.0845 1112  IDriverT - detected UnsignedFile.Multi.Generic (1)
10:37:52.0908 1112  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:37:52.0923 1112  idsvc - ok
10:37:52.0939 1112  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
10:37:52.0939 1112  iirsp - ok
10:37:52.0986 1112  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
10:37:53.0033 1112  IKEEXT - ok
10:37:53.0126 1112  [ 2CC2F7C5990BB76767038F4B16D17A56 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
10:37:53.0173 1112  IntcAzAudAddService - ok
10:37:53.0204 1112  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
10:37:53.0204 1112  intelide - ok
10:37:53.0220 1112  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
10:37:53.0251 1112  intelppm - ok
10:37:53.0282 1112  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
10:37:53.0313 1112  IPBusEnum - ok
10:37:53.0345 1112  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:37:53.0376 1112  IpFilterDriver - ok
10:37:53.0407 1112  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
10:37:53.0454 1112  iphlpsvc - ok
10:37:53.0485 1112  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
10:37:53.0516 1112  IPMIDRV - ok
10:37:53.0532 1112  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
10:37:53.0579 1112  IPNAT - ok
10:37:53.0610 1112  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
10:37:53.0641 1112  IRENUM - ok
10:37:53.0657 1112  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
10:37:53.0672 1112  isapnp - ok
10:37:53.0703 1112  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
10:37:53.0719 1112  iScsiPrt - ok
10:37:53.0735 1112  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
10:37:53.0750 1112  kbdclass - ok
10:37:53.0766 1112  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
10:37:53.0797 1112  kbdhid - ok
10:37:53.0813 1112  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
10:37:53.0813 1112  KeyIso - ok
10:37:53.0828 1112  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
10:37:53.0828 1112  KSecDD - ok
10:37:53.0844 1112  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
10:37:53.0859 1112  KSecPkg - ok
10:37:53.0891 1112  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
10:37:53.0937 1112  ksthunk - ok
10:37:53.0969 1112  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
10:37:54.0031 1112  KtmRm - ok
10:37:54.0078 1112  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\System32\srvsvc.dll
10:37:54.0125 1112  LanmanServer - ok
10:37:54.0156 1112  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:37:54.0203 1112  LanmanWorkstation - ok
10:37:54.0234 1112  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
10:37:54.0281 1112  lltdio - ok
10:37:54.0312 1112  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
10:37:54.0359 1112  lltdsvc - ok
10:37:54.0374 1112  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
10:37:54.0421 1112  lmhosts - ok
10:37:54.0483 1112  [ 50C7CE53EF461870410355F1F2E7D515 ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
10:37:54.0499 1112  LMS - ok
10:37:54.0546 1112  [ 2825A71E7501CB33B3B9F856610C729D ] LPCFilter      C:\Windows\system32\DRIVERS\LPCFilter.sys
10:37:54.0546 1112  LPCFilter - ok
10:37:54.0593 1112  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
10:37:54.0593 1112  LSI_FC - ok
10:37:54.0624 1112  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
10:37:54.0624 1112  LSI_SAS - ok
10:37:54.0639 1112  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
10:37:54.0655 1112  LSI_SAS2 - ok
10:37:54.0671 1112  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
10:37:54.0671 1112  LSI_SCSI - ok
10:37:54.0702 1112  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
10:37:54.0733 1112  luafv - ok
10:37:54.0780 1112  McAWFwk - ok
10:37:54.0795 1112  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\drivers\megasas.sys
10:37:54.0795 1112  megasas - ok
10:37:54.0811 1112  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
10:37:54.0827 1112  MegaSR - ok
10:37:54.0873 1112  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\DRIVERS\HECIx64.sys
10:37:54.0873 1112  MEIx64 - ok
10:37:54.0889 1112  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
10:37:54.0936 1112  MMCSS - ok
10:37:54.0967 1112  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
10:37:55.0014 1112  Modem - ok
10:37:55.0029 1112  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
10:37:55.0061 1112  monitor - ok
10:37:55.0092 1112  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
10:37:55.0092 1112  mouclass - ok
10:37:55.0123 1112  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
10:37:55.0123 1112  mouhid - ok
10:37:55.0154 1112  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
10:37:55.0154 1112  mountmgr - ok
10:37:55.0170 1112  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
10:37:55.0185 1112  mpio - ok
10:37:55.0201 1112  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
10:37:55.0248 1112  mpsdrv - ok
10:37:55.0295 1112  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
10:37:55.0341 1112  MpsSvc - ok
10:37:55.0357 1112  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
10:37:55.0388 1112  MRxDAV - ok
10:37:55.0404 1112  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
10:37:55.0451 1112  mrxsmb - ok
10:37:55.0482 1112  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:37:55.0513 1112  mrxsmb10 - ok
10:37:55.0529 1112  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:37:55.0560 1112  mrxsmb20 - ok
10:37:55.0575 1112  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
10:37:55.0591 1112  msahci - ok
10:37:55.0607 1112  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
10:37:55.0607 1112  msdsm - ok
10:37:55.0638 1112  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
10:37:55.0653 1112  MSDTC - ok
10:37:55.0685 1112  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
10:37:55.0731 1112  Msfs - ok
10:37:55.0763 1112  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
10:37:55.0809 1112  mshidkmdf - ok
10:37:55.0841 1112  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
10:37:55.0841 1112  msisadrv - ok
10:37:55.0872 1112  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
10:37:55.0903 1112  MSiSCSI - ok
10:37:55.0903 1112  msiserver - ok
10:37:55.0934 1112  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
10:37:55.0950 1112  MSKSSRV - ok
10:37:55.0981 1112  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
10:37:56.0012 1112  MSPCLOCK - ok
10:37:56.0028 1112  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
10:37:56.0075 1112  MSPQM - ok
10:37:56.0106 1112  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
10:37:56.0106 1112  MsRPC - ok
10:37:56.0121 1112  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
10:37:56.0121 1112  mssmbios - ok
10:37:56.0168 1112  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
10:37:56.0199 1112  MSTEE - ok
10:37:56.0231 1112  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
10:37:56.0262 1112  MTConfig - ok
10:37:56.0293 1112  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
10:37:56.0309 1112  Mup - ok
10:37:56.0340 1112  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
10:37:56.0387 1112  napagent - ok
10:37:56.0449 1112  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
10:37:56.0480 1112  NativeWifiP - ok
10:37:56.0543 1112  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
10:37:56.0558 1112  NDIS - ok
10:37:56.0589 1112  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
10:37:56.0636 1112  NdisCap - ok
10:37:56.0652 1112  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
10:37:56.0683 1112  NdisTapi - ok
10:37:56.0714 1112  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
10:37:56.0730 1112  Ndisuio - ok
10:37:56.0761 1112  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
10:37:56.0808 1112  NdisWan - ok
10:37:56.0823 1112  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
10:37:56.0870 1112  NDProxy - ok
10:37:56.0901 1112  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
10:37:56.0948 1112  NetBIOS - ok
10:37:56.0964 1112  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
10:37:57.0011 1112  NetBT - ok
10:37:57.0026 1112  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
10:37:57.0042 1112  Netlogon - ok
10:37:57.0073 1112  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
10:37:57.0120 1112  Netman - ok
10:37:57.0151 1112  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
10:37:57.0198 1112  netprofm - ok
10:37:57.0229 1112  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:37:57.0245 1112  NetTcpPortSharing - ok
10:37:57.0276 1112  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
10:37:57.0291 1112  nfrd960 - ok
10:37:57.0479 1112  [ 7C272C9E8696A63A58D3A835FD446212 ] NIHardwareService C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
10:37:57.0635 1112  NIHardwareService ( UnsignedFile.Multi.Generic ) - warning
10:37:57.0635 1112  NIHardwareService - detected UnsignedFile.Multi.Generic (1)
10:37:57.0666 1112  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
10:37:57.0728 1112  NlaSvc - ok
10:37:57.0759 1112  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
10:37:57.0791 1112  Npfs - ok
10:37:57.0806 1112  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
10:37:57.0853 1112  nsi - ok
10:37:57.0869 1112  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
10:37:57.0884 1112  nsiproxy - ok
10:37:57.0931 1112  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
10:37:57.0962 1112  Ntfs - ok
10:37:57.0978 1112  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
10:37:58.0025 1112  Null - ok
10:37:58.0071 1112  [ 960E39A54E525DF58CB29193147DFFA1 ] NVHDA          C:\Windows\system32\drivers\nvhda64v.sys
10:37:58.0087 1112  NVHDA - ok
10:37:58.0368 1112  [ FB2DC1985AC763AAC1B293441695BA34 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:37:58.0695 1112  nvlddmkm - ok
10:37:58.0727 1112  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
10:37:58.0742 1112  nvraid - ok
10:37:58.0758 1112  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
10:37:58.0773 1112  nvstor - ok
10:37:58.0820 1112  [ 0C0EE3E423AE115363E6C497D6D430E1 ] NVSvc          C:\Windows\system32\nvvsvc.exe
10:37:58.0851 1112  NVSvc - ok
10:37:58.0883 1112  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
10:37:58.0883 1112  nv_agp - ok
10:37:58.0914 1112  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
10:37:58.0929 1112  ohci1394 - ok
10:37:58.0992 1112  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:37:59.0007 1112  ose - ok
10:37:59.0179 1112  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:37:59.0351 1112  osppsvc - ok
10:37:59.0382 1112  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
10:37:59.0429 1112  p2pimsvc - ok
10:37:59.0460 1112  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
10:37:59.0475 1112  p2psvc - ok
10:37:59.0507 1112  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\drivers\parport.sys
10:37:59.0538 1112  Parport - ok
10:37:59.0569 1112  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
10:37:59.0569 1112  partmgr - ok
10:37:59.0600 1112  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
10:37:59.0631 1112  PcaSvc - ok
10:37:59.0663 1112  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
10:37:59.0678 1112  pci - ok
10:37:59.0678 1112  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
10:37:59.0694 1112  pciide - ok
10:37:59.0709 1112  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
10:37:59.0709 1112  pcmcia - ok
10:37:59.0741 1112  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
10:37:59.0741 1112  pcw - ok
10:37:59.0772 1112  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
10:37:59.0819 1112  PEAUTH - ok
10:37:59.0897 1112  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
10:37:59.0928 1112  PerfHost - ok
10:37:59.0959 1112  [ 91111CEBBDE8015E822C46120ED9537C ] PGEffect        C:\Windows\system32\DRIVERS\pgeffect.sys
10:37:59.0959 1112  PGEffect - ok
10:38:00.0006 1112  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
10:38:00.0053 1112  pla - ok
10:38:00.0084 1112  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
10:38:00.0131 1112  PlugPlay - ok
10:38:00.0146 1112  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
10:38:00.0162 1112  PNRPAutoReg - ok
10:38:00.0193 1112  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
10:38:00.0209 1112  PNRPsvc - ok
10:38:00.0240 1112  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
10:38:00.0302 1112  PolicyAgent - ok
10:38:00.0333 1112  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
10:38:00.0380 1112  Power - ok
10:38:00.0411 1112  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
10:38:00.0458 1112  PptpMiniport - ok
10:38:00.0474 1112  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\drivers\processr.sys
10:38:00.0505 1112  Processor - ok
10:38:00.0536 1112  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\Windows\system32\profsvc.dll
10:38:00.0583 1112  ProfSvc - ok
10:38:00.0599 1112  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:38:00.0599 1112  ProtectedStorage - ok
10:38:00.0630 1112  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
10:38:00.0677 1112  Psched - ok
10:38:00.0723 1112  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
10:38:00.0770 1112  ql2300 - ok
10:38:00.0786 1112  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
10:38:00.0801 1112  ql40xx - ok
10:38:00.0833 1112  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
10:38:00.0833 1112  QWAVE - ok
10:38:00.0848 1112  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
10:38:00.0879 1112  QWAVEdrv - ok
10:38:00.0895 1112  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
10:38:00.0911 1112  RasAcd - ok
10:38:00.0957 1112  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
10:38:01.0004 1112  RasAgileVpn - ok
10:38:01.0035 1112  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
10:38:01.0082 1112  RasAuto - ok
10:38:01.0098 1112  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
10:38:01.0145 1112  Rasl2tp - ok
10:38:01.0176 1112  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
10:38:01.0207 1112  RasMan - ok
10:38:01.0223 1112  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
10:38:01.0269 1112  RasPppoe - ok
10:38:01.0285 1112  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
10:38:01.0332 1112  RasSstp - ok
10:38:01.0363 1112  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
10:38:01.0410 1112  rdbss - ok
10:38:01.0425 1112  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
10:38:01.0457 1112  rdpbus - ok
10:38:01.0472 1112  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
10:38:01.0519 1112  RDPCDD - ok
10:38:01.0550 1112  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
10:38:01.0566 1112  RDPENCDD - ok
10:38:01.0581 1112  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
10:38:01.0613 1112  RDPREFMP - ok
10:38:01.0628 1112  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
10:38:01.0691 1112  RDPWD - ok
10:38:01.0706 1112  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
10:38:01.0722 1112  rdyboost - ok
10:38:01.0737 1112  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
10:38:01.0769 1112  RemoteAccess - ok
10:38:01.0800 1112  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
10:38:01.0847 1112  RemoteRegistry - ok
10:38:01.0878 1112  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
10:38:01.0925 1112  RpcEptMapper - ok
10:38:01.0956 1112  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
10:38:01.0956 1112  RpcLocator - ok
10:38:01.0987 1112  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
10:38:02.0018 1112  RpcSs - ok
10:38:02.0034 1112  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
10:38:02.0081 1112  rspndr - ok
10:38:02.0143 1112  [ 9BEB5F18A418FF70659CE2E356829568 ] RSUSBSTOR      C:\Windows\system32\Drivers\RtsUStor.sys
10:38:02.0159 1112  RSUSBSTOR - ok
10:38:02.0190 1112  [ 6D3C7E7D82D3DC92DC2A8B0DF9F20F8A ] RTL8167        C:\Windows\system32\DRIVERS\Rt64win7.sys
10:38:02.0205 1112  RTL8167 - ok
10:38:02.0268 1112  [ 64FDF4FE366CA42DA2B7D9D424B6E39B ] RTL8192Ce      C:\Windows\system32\DRIVERS\rtl8192Ce.sys
10:38:02.0283 1112  RTL8192Ce - ok
10:38:02.0299 1112  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\Windows\system32\lsass.exe
10:38:02.0299 1112  SamSs - ok
10:38:02.0330 1112  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
10:38:02.0346 1112  sbp2port - ok
10:38:02.0377 1112  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
10:38:02.0408 1112  SCardSvr - ok
10:38:02.0439 1112  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
10:38:02.0486 1112  scfilter - ok
10:38:02.0533 1112  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
10:38:02.0580 1112  Schedule - ok
10:38:02.0611 1112  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
10:38:02.0642 1112  SCPolicySvc - ok
10:38:02.0658 1112  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
10:38:02.0705 1112  SDRSVC - ok
10:38:02.0736 1112  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
10:38:02.0767 1112  secdrv - ok
10:38:02.0783 1112  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
10:38:02.0814 1112  seclogon - ok
10:38:02.0814 1112  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\system32\sens.dll
10:38:02.0861 1112  SENS - ok
10:38:02.0892 1112  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
10:38:02.0939 1112  SensrSvc - ok
10:38:02.0970 1112  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\drivers\serenum.sys
10:38:02.0985 1112  Serenum - ok
10:38:03.0032 1112  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
10:38:03.0063 1112  Serial - ok
10:38:03.0079 1112  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
10:38:03.0110 1112  sermouse - ok
10:38:03.0126 1112  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
10:38:03.0157 1112  SessionEnv - ok
10:38:03.0173 1112  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
10:38:03.0204 1112  sffdisk - ok
10:38:03.0235 1112  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
10:38:03.0266 1112  sffp_mmc - ok
10:38:03.0266 1112  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
10:38:03.0282 1112  sffp_sd - ok
10:38:03.0297 1112  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
10:38:03.0329 1112  sfloppy - ok
10:38:03.0360 1112  [ C6CC9297BD53E5229653303E556AA539 ] Sftfs          C:\Windows\system32\DRIVERS\Sftfslh.sys
10:38:03.0375 1112  Sftfs - ok
10:38:03.0422 1112  [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist        C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
10:38:03.0438 1112  sftlist - ok
10:38:03.0453 1112  [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay        C:\Windows\system32\DRIVERS\Sftplaylh.sys
10:38:03.0453 1112  Sftplay - ok
10:38:03.0469 1112  [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
10:38:03.0485 1112  Sftredir - ok
10:38:03.0485 1112  [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
10:38:03.0485 1112  Sftvol - ok
10:38:03.0500 1112  [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa          C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
10:38:03.0516 1112  sftvsa - ok
10:38:03.0563 1112  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
10:38:03.0609 1112  SharedAccess - ok
10:38:03.0641 1112  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:38:03.0703 1112  ShellHWDetection - ok
10:38:03.0719 1112  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
10:38:03.0734 1112  SiSRaid2 - ok
10:38:03.0750 1112  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
10:38:03.0765 1112  SiSRaid4 - ok
10:38:03.0843 1112  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
10:38:03.0859 1112  SkypeUpdate - ok
10:38:03.0890 1112  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
10:38:03.0937 1112  Smb - ok
10:38:03.0984 1112  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
10:38:03.0999 1112  SNMPTRAP - ok
10:38:04.0031 1112  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
10:38:04.0046 1112  spldr - ok
10:38:04.0077 1112  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\Windows\System32\spoolsv.exe
10:38:04.0109 1112  Spooler - ok
10:38:04.0187 1112  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
10:38:04.0280 1112  sppsvc - ok
10:38:04.0296 1112  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
10:38:04.0343 1112  sppuinotify - ok
10:38:04.0389 1112  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
10:38:04.0405 1112  srv - ok
10:38:04.0436 1112  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
10:38:04.0467 1112  srv2 - ok
10:38:04.0499 1112  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
10:38:04.0514 1112  srvnet - ok
10:38:04.0561 1112  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
10:38:04.0592 1112  SSDPSRV - ok
10:38:04.0623 1112  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
10:38:04.0655 1112  SstpSvc - ok
10:38:04.0670 1112  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
10:38:04.0686 1112  stexstor - ok
10:38:04.0733 1112  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
10:38:04.0764 1112  stisvc - ok
10:38:04.0779 1112  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
10:38:04.0779 1112  swenum - ok
10:38:04.0826 1112  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
10:38:04.0873 1112  swprv - ok
10:38:04.0935 1112  [ F5B46DF59FEAA48A442AED7EEB754D4B ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
10:38:04.0967 1112  SynTP - ok
10:38:05.0029 1112  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
10:38:05.0076 1112  SysMain - ok
10:38:05.0091 1112  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:38:05.0107 1112  TabletInputService - ok
10:38:05.0138 1112  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
10:38:05.0185 1112  TapiSrv - ok
10:38:05.0201 1112  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
10:38:05.0232 1112  TBS - ok
10:38:05.0310 1112  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
10:38:05.0357 1112  Tcpip - ok
10:38:05.0388 1112  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
10:38:05.0419 1112  TCPIP6 - ok
10:38:05.0435 1112  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
10:38:05.0481 1112  tcpipreg - ok
10:38:05.0544 1112  [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst        C:\Windows\system32\DRIVERS\tdcmdpst.sys
10:38:05.0544 1112  tdcmdpst - ok
10:38:05.0559 1112  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
10:38:05.0591 1112  TDPIPE - ok
10:38:05.0622 1112  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
10:38:05.0637 1112  TDTCP - ok
10:38:05.0669 1112  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
10:38:05.0715 1112  tdx - ok
10:38:05.0778 1112  [ 1B709733A04DCC41A63F9CD1F76A4EBE ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
10:38:05.0778 1112  TemproMonitoringService - ok
10:38:05.0809 1112  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
10:38:05.0809 1112  TermDD - ok
10:38:05.0856 1112  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
10:38:05.0903 1112  TermService - ok
10:38:05.0918 1112  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
10:38:05.0949 1112  Themes - ok
10:38:05.0965 1112  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
10:38:05.0981 1112  THREADORDER - ok
10:38:06.0043 1112  [ 83E91963C4452BE6899503CF9EBFD3ED ] TMachInfo      C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
10:38:06.0059 1112  TMachInfo - ok
10:38:06.0074 1112  [ 8E2C799D3476EAC32C3BA0DF7CE6AF19 ] TODDSrv        C:\Windows\system32\TODDSrv.exe
10:38:06.0090 1112  TODDSrv - ok
10:38:06.0168 1112  [ CDC97FA5C42B07FB0D4600E17C32F582 ] TosCoSrv        C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
10:38:06.0183 1112  TosCoSrv - ok
10:38:06.0215 1112  [ EDB4B432DB13EA3D1EB2356310D33263 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
10:38:06.0215 1112  TOSHIBA HDD SSD Alert Service - ok
10:38:06.0246 1112  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
10:38:06.0277 1112  TrkWks - ok
10:38:06.0324 1112  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:38:06.0371 1112  TrustedInstaller - ok
10:38:06.0402 1112  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
10:38:06.0433 1112  tssecsrv - ok
10:38:06.0464 1112  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
10:38:06.0495 1112  TsUsbFlt - ok
10:38:06.0527 1112  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD        C:\Windows\system32\drivers\TsUsbGD.sys
10:38:06.0542 1112  TsUsbGD - ok
10:38:06.0573 1112  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
10:38:06.0589 1112  tunnel - ok
10:38:06.0636 1112  [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ          C:\Windows\system32\DRIVERS\TVALZ_O.SYS
10:38:06.0651 1112  TVALZ - ok
10:38:06.0651 1112  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
10:38:06.0667 1112  uagp35 - ok
10:38:06.0683 1112  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
10:38:06.0729 1112  udfs - ok
10:38:06.0776 1112  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
10:38:06.0776 1112  UI0Detect - ok
10:38:06.0807 1112  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
10:38:06.0823 1112  uliagpkx - ok
10:38:06.0839 1112  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
10:38:06.0870 1112  umbus - ok
10:38:06.0885 1112  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
10:38:06.0917 1112  UmPass - ok
10:38:07.0010 1112  [ 374EBDA379A8F38E0CFC2211611E7167 ] UNS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
10:38:07.0057 1112  UNS - ok
10:38:07.0088 1112  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
10:38:07.0135 1112  upnphost - ok
10:38:07.0182 1112  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
10:38:07.0197 1112  usbaudio - ok
10:38:07.0229 1112  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
10:38:07.0260 1112  usbccgp - ok
10:38:07.0291 1112  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
10:38:07.0307 1112  usbcir - ok
10:38:07.0322 1112  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
10:38:07.0353 1112  usbehci - ok
10:38:07.0416 1112  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\drivers\usbhub.sys
10:38:07.0431 1112  usbhub - ok
10:38:07.0447 1112  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci        C:\Windows\system32\drivers\usbohci.sys
10:38:07.0478 1112  usbohci - ok
10:38:07.0478 1112  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
10:38:07.0494 1112  usbprint - ok
10:38:07.0509 1112  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:38:07.0556 1112  USBSTOR - ok
10:38:07.0587 1112  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
10:38:07.0603 1112  usbuhci - ok
10:38:07.0650 1112  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
10:38:07.0681 1112  usbvideo - ok
10:38:07.0697 1112  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
10:38:07.0743 1112  UxSms - ok
10:38:07.0759 1112  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
10:38:07.0775 1112  VaultSvc - ok
10:38:07.0806 1112  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
10:38:07.0806 1112  vdrvroot - ok
10:38:07.0837 1112  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
10:38:07.0868 1112  vds - ok
10:38:07.0915 1112  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
10:38:07.0915 1112  vga - ok
10:38:07.0931 1112  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
10:38:07.0977 1112  VgaSave - ok
10:38:07.0993 1112  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
10:38:08.0009 1112  vhdmp - ok
10:38:08.0024 1112  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
10:38:08.0040 1112  viaide - ok
10:38:08.0055 1112  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
10:38:08.0071 1112  volmgr - ok
10:38:08.0087 1112  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
10:38:08.0087 1112  volmgrx - ok
10:38:08.0118 1112  [ DF8126BD41180351A093A3AD2FC8903B ] volsnap        C:\Windows\system32\drivers\volsnap.sys
10:38:08.0118 1112  volsnap - ok
10:38:08.0133 1112  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
10:38:08.0149 1112  vsmraid - ok
10:38:08.0196 1112  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
10:38:08.0243 1112  VSS - ok
10:38:08.0336 1112  [ EF51747440486C23BD466311048BD924 ] vToolbarUpdater12.2.0 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
10:38:08.0352 1112  vToolbarUpdater12.2.0 - ok
10:38:08.0383 1112  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
10:38:08.0414 1112  vwifibus - ok
10:38:08.0461 1112  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
10:38:08.0477 1112  vwififlt - ok
10:38:08.0508 1112  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp        C:\Windows\system32\DRIVERS\vwifimp.sys
10:38:08.0523 1112  vwifimp - ok
10:38:08.0555 1112  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
10:38:08.0586 1112  W32Time - ok
10:38:08.0617 1112  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
10:38:08.0648 1112  WacomPen - ok
10:38:08.0679 1112  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
10:38:08.0695 1112  WANARP - ok
10:38:08.0695 1112  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
10:38:08.0726 1112  Wanarpv6 - ok
10:38:08.0773 1112  [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc    C:\Windows\system32\Wat\WatAdminSvc.exe
10:38:08.0804 1112  WatAdminSvc - ok
10:38:08.0851 1112  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
10:38:08.0898 1112  wbengine - ok
10:38:08.0913 1112  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
10:38:08.0929 1112  WbioSrvc - ok
10:38:08.0945 1112  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
10:38:08.0991 1112  wcncsvc - ok
10:38:09.0007 1112  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:38:09.0054 1112  WcsPlugInService - ok
10:38:09.0085 1112  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
10:38:09.0085 1112  Wd - ok
10:38:09.0116 1112  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
10:38:09.0132 1112  Wdf01000 - ok
10:38:09.0147 1112  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
10:38:09.0225 1112  WdiServiceHost - ok
10:38:09.0225 1112  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
10:38:09.0241 1112  WdiSystemHost - ok
10:38:09.0272 1112  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\Windows\System32\webclnt.dll
10:38:09.0303 1112  WebClient - ok
10:38:09.0335 1112  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
10:38:09.0381 1112  Wecsvc - ok
10:38:09.0397 1112  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
10:38:09.0428 1112  wercplsupport - ok
10:38:09.0459 1112  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
10:38:09.0506 1112  WerSvc - ok
10:38:09.0537 1112  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
10:38:09.0569 1112  WfpLwf - ok
10:38:09.0584 1112  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
10:38:09.0584 1112  WIMMount - ok
10:38:09.0600 1112  WinDefend - ok
10:38:09.0615 1112  WinHttpAutoProxySvc - ok
10:38:09.0647 1112  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
10:38:09.0678 1112  Winmgmt - ok
10:38:09.0725 1112  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\Windows\system32\WsmSvc.dll
10:38:09.0771 1112  WinRM - ok
10:38:09.0834 1112  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
10:38:09.0881 1112  Wlansvc - ok
10:38:09.0943 1112  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
10:38:09.0959 1112  wlcrasvc - ok
10:38:10.0037 1112  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
10:38:10.0083 1112  wlidsvc - ok
10:38:10.0099 1112  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
10:38:10.0130 1112  WmiAcpi - ok
10:38:10.0161 1112  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
10:38:10.0177 1112  wmiApSrv - ok
10:38:10.0193 1112  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
10:38:10.0208 1112  WPCSvc - ok
10:38:10.0224 1112  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
10:38:10.0255 1112  WPDBusEnum - ok
10:38:10.0271 1112  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
10:38:10.0302 1112  ws2ifsl - ok
10:38:10.0317 1112  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\system32\wscsvc.dll
10:38:10.0317 1112  wscsvc - ok
10:38:10.0333 1112  WSearch - ok
10:38:10.0380 1112  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
10:38:10.0442 1112  wuauserv - ok
10:38:10.0458 1112  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
10:38:10.0473 1112  WudfPf - ok
10:38:10.0505 1112  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
10:38:10.0551 1112  WUDFRd - ok
10:38:10.0567 1112  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
10:38:10.0598 1112  wudfsvc - ok
10:38:10.0614 1112  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\Windows\System32\wwansvc.dll
10:38:10.0661 1112  WwanSvc - ok
10:38:10.0692 1112  ================ Scan global ===============================
10:38:10.0707 1112  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:38:10.0754 1112  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
10:38:10.0754 1112  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
10:38:10.0785 1112  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:38:10.0801 1112  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:38:10.0817 1112  [Global] - ok
10:38:10.0817 1112  ================ Scan MBR ==================================
10:38:10.0832 1112  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:38:11.0004 1112  \Device\Harddisk0\DR0 - ok
10:38:11.0004 1112  ================ Scan VBR ==================================
10:38:11.0035 1112  [ 663C0542B6BE61042B4CE6E9991F1A8E ] \Device\Harddisk0\DR0\Partition1
10:38:11.0051 1112  \Device\Harddisk0\DR0\Partition1 - ok
10:38:11.0066 1112  [ 1FE4519FF92FC205B30D159120755FC2 ] \Device\Harddisk0\DR0\Partition2
10:38:11.0066 1112  \Device\Harddisk0\DR0\Partition2 - ok
10:38:11.0066 1112  ============================================================
10:38:11.0066 1112  Scan finished
10:38:11.0066 1112  ============================================================
10:38:11.0066 3620  Detected object count: 3
10:38:11.0066 3620  Actual detected object count: 3
10:38:45.0776 3620  IconMan_R ( UnsignedFile.Multi.Generic ) - skipped by user
10:38:45.0776 3620  IconMan_R ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:38:45.0776 3620  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
10:38:45.0776 3620  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:38:45.0776 3620  NIHardwareService ( UnsignedFile.Multi.Generic ) - skipped by user
10:38:45.0776 3620  NIHardwareService ( UnsignedFile.Multi.Generic ) - User select action: Skip
10:40:41.0903 3064  Deinitialize success
grüße matzeatze

cosinus 17.09.2012 12:16
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

matzepeng 18.09.2012 12:32
Hier der Combo Fix Bericht.
Da der Bericht zu groß ist habe ich mir 7 zip runtergeladen.Danach hat sich My Start als Browser eingeschlichen habe dan 7 zip wieder gelöcht und alles was ich an My Start auf mein Rechner finden konnte.Inzwichen geht der standart Browser.Doch wenn ich einen neuen Tap öffne und nicht Rechzeitig auf das Haus oben rechts klicke dan öffnet sich wieder My Start.Dazu kommt das der Volume Regler in der Task Leiste auch wieder Verschwunden ist.Kann ich jetzt nach den Combo Fix Scan eine Systemwiederherstellung Starten? Um das mit den Volume Regler und My Start zu beenden.grüße matzepeng

matzepeng 19.09.2012 08:43
wollte noch schnell bescheid geben das jetzt wieder der Volume regler in der Taskleiste Funktioniert!

cosinus 19.09.2012 16:01
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

matzepeng 20.09.2012 21:24
Den GMER Log in der Zwichenablage konnte ich nicht finden.Ich glaube das funktioniert anders als bei meinen alte XP.
Hier die anderen beiden Logs

# AdwCleaner v2.001 - Datei am 09/13/2012 um 18:51:53 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Mathias Wehpke - MATHIASWEHPKE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Mathias Wehpke\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Users\Mathias Wehpke\AppData\Local\funmoods.crx
Datei Gelöscht : C:\Users\Mathias Wehpke\AppData\Local\funmoods-speeddial.crx
Datei Gelöscht : C:\Users\Mathias Wehpke\AppData\Roaming\Mozilla\Firefox\Profiles\hrc7l44c.default\searchplugins\search.xml
Gelöscht mit Neustart : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Mathias Wehpke\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Mathias Wehpke\AppData\Roaming\Mozilla\Firefox\Profiles\hrc7l44c.default\extensions\ffxtlbr@funmoods.com

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxps://isearch.avg.com/?cid={A97FE354-88CA-4DAB-B169-C58B3D963240}&mid=af3a64d909244ed8b19557c2ffd64935-e7ea363af7b30adb67d08055fac976fd6a6a4ae0&lang=de&ds=hk011&pr=sa&d=2012-08-17 12:21:31&v=12.2.0.5&sap=hp --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (de)

Profilname : default
Datei : C:\Users\Mathias Wehpke\AppData\Roaming\Mozilla\Firefox\Profiles\hrc7l44c.default\prefs.js

Gelöscht : user_pref("extensions.enabledAddons", "ffxtlbr@funmoods.com:1.5.1,{972ce4c6-7e08-4474-a285-3208198ce[...]

*************************

AdwCleaner[R1].txt - [6678 octets] - [13/09/2012 09:56:33]
AdwCleaner[R2].txt - [6738 octets] - [13/09/2012 09:59:21]
AdwCleaner[S1].txt - [7266 octets] - [13/09/2012 18:51:53]

########## EOF - C:\AdwCleaner[S1].txt - [7326 octets] ##########

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
Online Solutions. Complex Protection for Information Systems
Saved at 18:40:04 on 20.09.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 15.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avgtp" (avgtp) - "AVG Technologies" - C:\Windows\system32\drivers\avgtpx64.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"PPdus ASPI Shell" (Afc) - "Arcsoft, Inc." - C:\Windows\SysWOW64\drivers\Afc.sys
"Sftfs" (Sftfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftfslh.sys
"Sftplay" (Sftplay) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftplaylh.sys
"Sftredir" (Sftredir) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftredirlh.sys
"Sftvol" (Sftvol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftvollh.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{3EF5086B-5478-4598-A054-786C45D75692} "application/x-mfe-ipt" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{5513F07E-936B-4E52-9B00-067394E91CC5} "dssrequest" - ? -  (File not found | COM-object registry key not found)
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{5513F07E-936B-4E52-9B00-067394E91CC5} "sacore" - ? -  (File not found | COM-object registry key not found)
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - ? - C:\Program Files (x86)\7-Zip\7-zip.dll  (File not found)
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -  (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_20" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_20.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
{5D29E593-73A5-400A-B3BD-6B7A1AF05A31} "@C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229" - "TODO: <会社名>" - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
"PokerStars.net" - "PokerStars" - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{F3C88694-EFFA-4d78-B409-54B7B2535B14} "TOSHIBA Media Controller Plug-in" - "<TOSHIBA>" - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
{336D0C35-8A85-403a-B9D2-65C292C39087} "Web Assistant" - ? - C:\Program Files\Web Assistant\Extension32.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Mathias Wehpke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"TOPI.EXE" - "TOSHIBA" - C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\TOPI.exe /STARTUP
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"ArcSoft Connection Service" - "ArcSoft Inc." - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"HWSetup" - "TOSHIBA Electronics, Inc." - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
"KeNotify" - "TOSHIBA CORPORATION" - "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
"SVPWUTIL" - "TOSHIBA CORPORATION" - C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
"Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
"ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
"Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
"ConfigFree Service" (ConfigFree Service) - "TOSHIBA CORPORATION" - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
"ConfigFree WiMAX Service" (cfWiMAXService) - "TOSHIBA CORPORATION" - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
"IconMan_R" (IconMan_R) - "Realsil Microelectronics Inc." - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"McAfee Activation Service" (McAWFwk) - ? - c:\PROGRA~1\mcafee\msc\mcawfwk.exe  (File not found)
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NIHardwareService" (NIHardwareService) - "Native Instruments GmbH" - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
"Notebook Performance Tuning Service (TEMPRO)" (TemproMonitoringService) - "Toshiba Europe GmbH" - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
"NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe
"TMachInfo" (TMachInfo) - "TOSHIBA Corporation" - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
"TOSHIBA HDD SSD Alert Service" (TOSHIBA HDD SSD Alert Service) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
"TOSHIBA Optical Disc Drive Service" (TODDSrv) - "TOSHIBA Corporation" - C:\Windows\system32\TODDSrv.exe
"TOSHIBA Power Saver" (TosCoSrv) - "TOSHIBA Corporation" - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
"vToolbarUpdater12.2.0" (vToolbarUpdater12.2.0) - ? - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.0\ToolbarUpdater.exe
"Web Assistant Updater" (Web Assistant Updater) - ? - C:\Program Files\Web Assistant\ExtensionUpdaterService.exe  (File found, but it contains no detailed information)
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

grüße matzeatze

cosinus 21.09.2012 13:47
Das aswMBR Log fehlt, dafür steht da ein nicht angefordertes Log vom adwCleaner

matzepeng 23.09.2012 17:34
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-20 21:05:47
-----------------------------
21:05:47.418 OS Version: Windows x64 6.1.7601 Service Pack 1
21:05:47.418 Number of processors: 4 586 0x2A07
21:05:47.418 ComputerName: MATHIASWEHPKE UserName:
21:05:48.120 Initialize success
21:05:54.001 AVAST engine defs: 12092000
21:06:39.600 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:06:39.615 Disk 0 Vendor: TOSHIBA_ GT00 Size: 476940MB BusType: 3
21:06:39.631 Disk 0 MBR read successfully
21:06:39.631 Disk 0 MBR scan
21:06:39.662 Disk 0 Windows 7 default MBR code
21:06:39.678 Disk 0 Partition 1 80 (A) 27 Hidden NTFS WinRE NTFS 400 MB offset 2048
21:06:39.693 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 238470 MB offset 821248
21:06:39.725 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 238069 MB offset 489207808
21:06:39.771 Disk 0 scanning C:\Windows\system32\drivers
21:06:52.518 Service scanning
21:07:27.559 Modules scanning
21:07:27.574 Disk 0 trace - called modules:
21:07:27.605 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
21:07:28.136 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800634e060]
21:07:28.136 3 CLASSPNP.SYS[fffff880013cb43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800455d050]
21:07:28.151 Scan finished successfully
21:08:48.929 Disk 0 MBR has been saved successfully to "C:\Users\Public\Documents\MBR.dat"
21:08:48.929 The log file has been saved successfully to "C:\Users\Public\Documents\aswMBR.txt"


grüße matzeatze

cosinus 23.09.2012 19:16
Bitte CODE-Tags für die Logs verwenden!

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:13 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131