Trojaner-Board - Backdoor.bot auf Windows-7 Home Premium (x64)

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Backdoor.bot auf Windows-7 Home Premium (x64) (https://www.trojaner-board.de/124447-backdoor-bot-windows-7-home-premium-x64.html)

Backdoor.bot auf Windows-7 Home Premium (x64)

Liebe Helfer im Forum,

ich habe eben routinemäßig einen Scan mit Malwarebytes laufen lassen und der brachte mir das folgende Ergebnis:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.21.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ralf :: RALF-PC [Administrator]

21.09.2012 13:31:38
mbam-log-2012-09-21 (14-34-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 366611
Laufzeit: 55 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\HELP\PLAYER\FLASHPLA.EXE (Backdoor.Bot) -> Daten: 3 -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\HP\Digital Imaging\Help\player\FlashPla.exe (Backdoor.Bot) -> Keine Aktion durchgeführt.

(Ende)

Eine Überprüfung mit ESET Nod32 Antivirus 5 hat keine Funde ergeben.
Könnt Ihr mir hier weiterhelfen?
Was ist zu tun?
Kann ich die Daten sichern?

Besten Dank für schnelles Feedback
IT-confused

Aus welchem Anlass hat du mit Malwarebytes gescannt?

Wenn man sich den Pfad mal betrachtet, könnte hier wahrscheinlich ein Fehlalarm vorliegen. Werte die Datei doch einfach mal bei Virustotal aus und poste den Ergebnislink

Hallo Cosinus,

auf meiner anderen Maschine mache ich den Scan rel. regelmäßig. Es gab daher keinen bestimmten Anlass für den Scan.

Hier der Link aus Virustotal:
https://www.virustotal.com/file/2d5160072307353c4514907f0656161532fba6577058493dd75649d433722036/analysis/

Jetzt taucht allerdings ein neues Problem auf.
Ich kann den infizierten Rechner nur noch im abgesicherten Modus starten.
Versuche ich, normal das Windows hochzufahren, hängt er sich auf.

Dank & Gruß
IT-confused

Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?

Abgesicherter Modus zur Bereinigung

Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

ja, das funktioniert noch.
Kann das helfen?

Wenn dieser Modus funktioniert, kannst du erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Hallo Cosinus,

die beiden Dateien sind in Quarantäne.
Der Scan mit Malwarebytes ergibt jetzt keine Funde mehr:

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.26.09

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Ralf :: RALF-PC [Administrator]

26.09.2012 19:04:31
mbam-log-2012-09-26 (19-04-31).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 375770
Laufzeit: 45 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Der frühere Scan brachte den Fund des Trojaners (s.o.):

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.21.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Ralf :: RALF-PC [Administrator]

21.09.2012 13:31:38
mbam-log-2012-09-21 (14-34-40).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 366611
Laufzeit: 55 Minute(n), 55 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs|C:\PROGRAM FILES (X86)\HP\DIGITAL IMAGING\HELP\PLAYER\FLASHPLA.EXE (Backdoor.Bot) -> Daten: 3 -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\HP\Digital Imaging\Help\player\FlashPla.exe (Backdoor.Bot) -> Keine Aktion durchgeführt.

(Ende)

Der Scan mit Eset liefert auch keine Ergebnisse:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=03fdc89d4f7a544e8c7ef4353c363775
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-26 07:25:33
# local_time=2012-09-26 09:25:33 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776573 100 94 463538 100312330 0 0
# compatibility_mode=8204 39157246 100 74 443082 31993244 0 0
# scanned=180627
# found=0
# cleaned=0
# scan_time=5053
# nod_component=V3 Build:0x30000000

Trotzdem fährt das System nicht hoch.
Woran kann´s liegen?

Gruß
IT-confused

Warum postest du die Logs nicht in CODE-Tags? Ignoriert, vergessen oder nicht gesehen?

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Suche.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

sorry, hatte die CODE-Tags schlicht vergessen.

Hier der log von AdwCleaner>

# AdwCleaner v2.003 - Datei am 09/27/2012 um 18:27:58 erstellt
# Aktualisiert am 23/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Ralf - RALF-PC
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\Ralf\Desktop\adwcleaner.exe
# Option [Suche]

**** [Dienste] ****

***** [Dateien / Ordner] *****

Ordner Gefunden : C:\ProgramData\Partner

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v15.0 (de)

Profilname : default
Datei : C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\51entowq.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1244 octets] - [27/09/2012 18:25:32]
AdwCleaner[R2].txt - [1173 octets] - [27/09/2012 18:27:58]

########## EOF - C:\AdwCleaner[R2].txt - [1233 octets] ##########

Schon wieder fehlen die CODE-Tags!

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Löschen.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

ab jetzt also alles in CODE-Tags?

Code:


 

# AdwCleaner v2.003 - Datei am 09/27/2012 um 22:06:15 erstellt

# Aktualisiert am 23/09/2012 von Xplode

# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)

# Benutzer : Ralf - RALF-PC

# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung

# Ausgeführt unter : C:\Users\Ralf\Desktop\adwcleaner.exe

# Option [Löschen]
 
 

**** [Dienste] ****
 
 

***** [Dateien / Ordner] *****
 

Ordner Gelöscht : C:\ProgramData\Partner
 

***** [Registrierungsdatenbank] *****
 

Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
 

***** [Internet Browser] *****
 

-\\ Internet Explorer v9.0.8112.16421
 

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
 

-\\ Mozilla Firefox v15.0 (de)
 

Profilname : default 

Datei : C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\51entowq.default\prefs.js
 

[OK] Die Datei ist sauber.
 

-\\ Google Chrome v [Version kann nicht ermittelt werden]
 

Datei : C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Preferences
 

[OK] Die Datei ist sauber.
 

*************************
 

AdwCleaner[R1].txt - [1244 octets] - [27/09/2012 18:25:32]

AdwCleaner[R2].txt - [1302 octets] - [27/09/2012 18:27:58]

AdwCleaner[S1].txt - [1892 octets] - [27/09/2012 22:06:15]
 

########## EOF - C:\AdwCleaner[S1].txt - [1952 octets] ##########

Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Der normale Modus von Windows geht noch nicht wieder.
Beim Hochfahren hängt er sich nach Eingabe des Passworts auf.

Im Startmenü ist soweit alles wie immer. Keine leeren Ordner und das, was sonst auch da ist.

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hallo cosinus,

das sieht dann jetzt so aus:

OTL Logfile:
OTL Logfile:

Code:

OTL logfile created on: 28.09.2012 11:40:36 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Ralf\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,92 Gb Total Physical Memory | 3,11 Gb Available Physical Memory | 79,37% Memory free

7,83 Gb Paging File | 7,14 Gb Available in Paging File | 91,19% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 421,81 Gb Total Space | 99,08 Gb Free Space | 23,49% Space Free | Partition Type: NTFS

Drive D: | 29,00 Gb Total Space | 26,87 Gb Free Space | 92,66% Space Free | Partition Type: NTFS

 

Computer Name: RALF-PC | User Name: Ralf | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.09.28 11:21:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ralf\Desktop\OTL.exe

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Services (SafeList) ==========

 

SRV - [2012.09.14 09:11:58 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012.08.24 08:38:51 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012.07.31 12:18:24 | 000,499,712 | ---- | M] (Manfred Richter) [Auto | Stopped] -- c:\SolarView\Datenlogger.exe -- (Solarlogger)

SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.03.19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2011.12.09 11:55:27 | 000,329,168 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe -- (WTGService)

SRV - [2011.09.22 13:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Stopped] -- C:\Programme\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)

SRV - [2011.09.15 13:06:04 | 000,088,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)

SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2011.02.15 14:26:42 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)

SRV - [2010.12.20 12:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010.12.20 12:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010.12.14 01:59:28 | 000,703,856 | ---- | M] (Egis Technology Inc. ) [Auto | Stopped] -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe -- (EgisTec Service)

SRV - [2010.12.14 01:58:32 | 000,650,096 | ---- | M] (Egis Technology Inc. ) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)

SRV - [2010.11.21 05:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)

SRV - [2010.11.21 05:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)

SRV - [2010.11.21 05:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)

SRV - [2010.10.22 16:37:24 | 000,327,024 | ---- | M] (Egis Technology Inc. ) [Auto | Stopped] -- C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe -- (EgisTec Service Help)

SRV - [2010.10.22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2010.09.22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2010.04.22 12:55:16 | 000,131,872 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Sinfor\SSL\Promote\SinforPromoteService.exe -- (SinforSP)

SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012.03.19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.12.07 07:52:43 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)

DRV:64bit: - [2011.12.07 07:52:43 | 000,116,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake)

DRV:64bit: - [2011.12.07 07:52:43 | 000,112,896 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewsercd.sys -- (ewsercd)

DRV:64bit: - [2011.08.25 01:21:55 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)

DRV:64bit: - [2011.08.25 01:21:55 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)

DRV:64bit: - [2011.08.25 01:20:01 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)

DRV:64bit: - [2011.08.25 01:19:59 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)

DRV:64bit: - [2011.08.25 01:11:21 | 000,055,880 | ---- | M] (Egis Technology Inc.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\EgisTecFF.sys -- (EgisTecFF)

DRV:64bit: - [2011.08.25 01:06:37 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV:64bit: - [2011.08.25 01:06:37 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV:64bit: - [2011.08.25 01:06:37 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV:64bit: - [2011.08.17 01:32:58 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.08.17 01:32:58 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.08.09 15:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)

DRV:64bit: - [2011.08.04 10:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)

DRV:64bit: - [2011.08.04 10:20:38 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)

DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011.02.18 10:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011.02.15 08:45:16 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)

DRV:64bit: - [2011.02.15 08:45:12 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2011.02.15 08:45:12 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2011.02.15 08:45:12 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2011.02.15 08:45:12 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2010.12.24 13:19:56 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)

DRV:64bit: - [2010.12.23 18:45:58 | 003,293,272 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\S6000KNT.sys -- (S6000KNT)

DRV:64bit: - [2010.12.22 14:19:58 | 001,407,024 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010.11.30 08:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)

DRV:64bit: - [2010.11.24 13:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010.10.31 12:36:56 | 000,035,952 | ---- | M] (Egis Technology Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor)

DRV:64bit: - [2010.10.19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010.10.14 19:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010.09.03 05:18:44 | 000,036,960 | ---- | M] (SINFOR, Corp. CHINA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SinforVnic.sys -- (SinforVnic)

DRV:64bit: - [2010.06.25 17:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)

DRV:64bit: - [2009.11.02 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)

DRV:64bit: - [2009.07.21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2011.12.07 07:52:43 | 000,116,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbfake.sys -- (hwusbfake)

DRV - [2011.12.07 07:52:43 | 000,112,896 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewsercd.sys -- (ewsercd)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2008.12.13 12:28:20 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

 

IE - HKU\S-1-5-21-2371013698-2949519152-906224175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN

IE - HKU\S-1-5-21-2371013698-2949519152-906224175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com [binary data]

IE - HKU\S-1-5-21-2371013698-2949519152-906224175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN

IE - HKU\S-1-5-21-2371013698-2949519152-906224175-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKU\S-1-5-21-2371013698-2949519152-906224175-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

IE - HKU\S-1-5-21-2371013698-2949519152-906224175-1000\..\SearchScopes\{3FA0375E-328E-44C5-BF75-28AFB6945384}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}

IE - HKU\S-1-5-21-2371013698-2949519152-906224175-1000\..\SearchScopes\{450A680C-409F-419C-BFB1-992E21D231A2}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}

IE - HKU\S-1-5-21-2371013698-2949519152-906224175-1000\..\SearchScopes\{6614839A-9ABA-46E6-B7DE-E2C000B2B1C7}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie

IE - HKU\S-1-5-21-2371013698-2949519152-906224175-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN

IE - HKU\S-1-5-21-2371013698-2949519152-906224175-1000\..\SearchScopes\{C66CDB43-D087-4F09-9C72-8167D4856825}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}

IE - HKU\S-1-5-21-2371013698-2949519152-906224175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"

FF - prefs.js..extensions.enabledAddons: adblockpopups@jessehakanen.net:0.4

FF - prefs.js..extensions.enabledAddons: autopager@mozilla.org:0.7.1.6

FF - prefs.js..extensions.enabledAddons: isreaditlater@ideashower.com:3.0.0

FF - prefs.js..extensions.enabledAddons: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.98.16

FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68

FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.1

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2011.11.04 11:00:16 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}: C:\Program Files (x86)\EgisTec BioExcess\FFExt [2011.08.25 01:06:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.02.24 15:36:23 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.14 09:11:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.11.04 11:00:16 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.02.24 15:36:23 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.14 09:11:58 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2012.07.03 10:00:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\Extensions

[2012.09.19 09:57:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\Firefox\Profiles\51entowq.default\extensions

[2012.09.04 10:36:02 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Ralf\AppData\Roaming\mozilla\Firefox\Profiles\51entowq.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}

[2012.09.19 09:57:35 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Ralf\AppData\Roaming\mozilla\Firefox\Profiles\51entowq.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

[2012.07.06 16:40:17 | 000,109,964 | ---- | M] () (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\firefox\profiles\51entowq.default\extensions\adblockpopups@jessehakanen.net.xpi

[2012.06.25 10:58:18 | 000,344,664 | ---- | M] () (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\firefox\profiles\51entowq.default\extensions\autopager@mozilla.org.xpi

[2012.07.23 12:22:22 | 000,223,394 | ---- | M] () (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\firefox\profiles\51entowq.default\extensions\isreaditlater@ideashower.com.xpi

[2012.08.08 11:18:11 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\firefox\profiles\51entowq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012.01.27 11:09:58 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\firefox\profiles\51entowq.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi

[2012.09.14 09:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.09.14 09:11:54 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012.09.14 09:11:58 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.08.29 18:02:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.09.04 10:41:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.08.29 18:02:38 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.08.29 18:02:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.08.29 18:02:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.08.29 18:02:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - homepage: hxxp://www.google.de/ig

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: hxxp://www.google.de/ig

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll

CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.6_0\plugins/screen_capture.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.7_0\

CHR - Extension: Cookie Killer for Facebook = C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgonpegbhnjepleakgjdbaepkfedhhnf\1.2_0\

CHR - Extension: YouTube = C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Adblock Plus (Beta) = C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\

CHR - Extension: Google-Suche = C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Privatsph\u00E4re Gef\u00E4llt mir. = C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaamfbchnmobpdgmbefhbfbkncclnbga\1.1.1_0\

CHR - Extension: Ghostery = C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.0.0_0\

CHR - Extension: AutoPager Chrome = C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgagnmbebdebebbcleklifnobamjonh\0.7.1.4_0\

CHR - Extension: Google Mail = C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (SSOClientBHO Class) - {E39B98A8-34A7-4D92-A979-920C48814216} - C:\Program Files (x86)\Sinfor\SSL\ClientComponent\SSOClientPrj.dll ()

O2 - BHO: (SinforIEBHO Class) - {FFD2FD1F-C991-4A2F-8557-CDB11E274215} - C:\Program Files (x86)\Sinfor\SSL\ClientComponent\SinforBHO.dll ()

O3:64bit: - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\51entowq.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin64-0.94.dll File not found

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\51entowq.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.94.dll File not found

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-2371013698-2949519152-906224175-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-2371013698-2949519152-906224175-1000\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.

O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: []  File not found

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-21-2371013698-2949519152-906224175-1000..\RunOnce: [Report] C:\AdwCleaner[S1].txt ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found

O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files (x86)\Sinfor\SSL\ClientComponent\ClientNSPPrj.dll (Sangfor)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000011 [] - C:\Program Files (x86)\Sinfor\SSL\ClientComponent\ClientNSPPrj.dll (Sangfor)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Sinfor\SSL\ClientComponent\ProxyIE.dll (SINFORS)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Sinfor\SSL\ClientComponent\ProxyIE.dll (SINFORS)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Sinfor\SSL\ClientComponent\ProxyIE.dll (SINFORS)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Sinfor\SSL\ClientComponent\ProxyIE.dll (SINFORS)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Sinfor\SSL\ClientComponent\ProxyIE.dll (SINFORS)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Sinfor\SSL\ClientComponent\ProxyIE.dll (SINFORS)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16:64bit: - DPF: {D05678D4-B66E-4269-A556-18E7B1FF7E7A} https://222.190.124.165:6443/com/Deal64SysPrj.CAB (Deal64Sys Class)

O16 - DPF: {250587D2-6704-4479-8718-3C7E163B4216} https://222.190.124.165:6443/com/CSClientManagerPrj.CAB (CSClientManager Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.7.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.42.129

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D0C5E4D-7469-4AC8-BA37-8382648B68B6}: DhcpNameServer = 192.168.42.129

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C05B036-0675-4CAB-9F73-592CD87989AE}: DhcpNameServer = 192.168.2.1 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C05B036-0675-4CAB-9F73-592CD87989AE}: NameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C36D3CF8-62DE-4341-9A03-C3258837C8B8}: DhcpNameServer = 192.168.44.1 192.168.44.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C36D3CF8-62DE-4341-9A03-C3258837C8B8}: NameServer = 202.102.24.35,218.2.135.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\qvp {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Programme\QlikView\QvProtocol\qvp.dll (QlikTech AB)

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\qvp {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Program Files (x86)\QlikView\QvProtocol\qvp.dll (QlikTech AB)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{6d9d11a9-2078-11e1-a16c-3859f9cc954b}\Shell - "" = AutoRun

O33 - MountPoints2\{6d9d11a9-2078-11e1-a16c-3859f9cc954b}\Shell\AutoRun\command - "" = H:\.\Autorun.exe AUTORUN=1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

 

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Programme\Lenovo\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe - (Hewlett-Packard Co.)

MsConfig:64bit - StartUpFolder: C:^Users^Ralf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Ralf\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: EgisTecPMMUpdate - hkey= - key= - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)

MsConfig:64bit - StartUpReg: EgisUpdate - hkey= - key= - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)

MsConfig:64bit - StartUpReg: Energy Management - hkey= - key= - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)

MsConfig:64bit - StartUpReg: EnergyUtility - hkey= - key= - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)

MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

MsConfig:64bit - StartUpReg: HTC Sync Loader - hkey= - key= - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()

MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)

MsConfig:64bit - StartUpReg: PLTSR - hkey= - key= - C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe (Egis Technology Inc. )

MsConfig:64bit - StartUpReg: S6000Mnt - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: Spotify - hkey= - key= - C:\Users\Ralf\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)

MsConfig:64bit - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Users\Ralf\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()

MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig:64bit - StartUpReg: UpdateP2GShortCut - hkey= - key= - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

MsConfig:64bit - StartUpReg: UpdatePRCShortCut - hkey= - key= - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

MsConfig:64bit - StartUpReg: VitaKeyTSR - hkey= - key= - C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. )

MsConfig:64bit - StartUpReg: YouCam Mirage - hkey= - key= - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)

MsConfig:64bit - StartUpReg: YouCam Tray - hkey= - key= - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)

MsConfig:64bit - State: "startup" - Reg Error: Key error.

 

SafeBootMin:64bit: AppMgmt - Service

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: MCODS - Reg Error: Value error.

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: MCODS - Reg Error: Value error.

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - Service

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: MCODS - Reg Error: Value error.

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: MCODS - Reg Error: Value error.

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.clmp3enc - C:\PROGRA~2\Lenovo\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Unable to start System Restore Service. Error code 1084

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.09.28 11:21:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Ralf\Desktop\OTL.exe

[2012.09.26 19:58:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.09.21 13:09:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.09.21 13:09:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012.09.21 13:09:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.09.17 10:17:50 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Local\Vitalwerks

[2012.09.17 10:15:43 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC

[2012.09.17 10:15:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\No-IP

[2012.09.17 09:21:35 | 000,000,000 | ---D | C] -- C:\Users\Ralf\SolarAnalyzer

[2012.09.17 09:21:34 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SolarAnalyzer

[2012.09.14 15:19:46 | 000,000,000 | ---D | C] -- C:\Users\Ralf\Desktop\Tech_Sand

[2012.09.14 09:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012.09.06 14:56:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012.09.06 14:55:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2012.09.06 09:35:48 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\BestPractices

[2012.09.06 09:35:45 | 000,000,000 | ---D | C] -- C:\windows\SysNative\BestPractices

[2012.09.06 09:35:42 | 000,000,000 | ---D | C] -- C:\inetpub

[2012.09.06 09:26:23 | 000,000,000 | ---D | C] -- C:\web

[2012.09.06 09:26:23 | 000,000,000 | ---D | C] -- C:\SolarView

[2012.09.06 09:07:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SolarView

[2012.09.04 17:02:11 | 000,000,000 | ---D | C] -- C:\Users\Ralf\Ubuntu

[2012.08.29 18:02:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012.08.29 18:02:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.09.28 11:22:04 | 001,605,974 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012.09.28 11:22:04 | 000,700,420 | ---- | M] () -- C:\windows\SysNative\perfh007.dat

[2012.09.28 11:22:04 | 000,652,258 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012.09.28 11:22:04 | 000,142,840 | ---- | M] () -- C:\windows\SysNative\perfc007.dat

[2012.09.28 11:22:04 | 000,117,186 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012.09.28 11:21:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Ralf\Desktop\OTL.exe

[2012.09.28 11:16:29 | 000,222,261 | ---- | M] () -- C:\windows\SysNative\fastboot.set

[2012.09.28 11:15:41 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012.09.28 11:15:28 | 3153,727,488 | -HS- | M] () -- C:\hiberfil.sys

[2012.09.27 22:24:50 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.09.27 18:25:09 | 000,513,501 | ---- | M] () -- C:\Users\Ralf\Desktop\adwcleaner.exe

[2012.09.26 19:03:15 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.09.24 07:16:54 | 001,626,384 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2012.09.21 17:20:00 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.09.21 17:00:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012.09.21 09:01:29 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.09.21 09:01:29 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.09.17 17:04:22 | 000,055,868 | ---- | M] () -- C:\Users\Ralf\Desktop\CSUN_availability_20120913.pdf

[2012.09.17 17:03:41 | 000,013,709 | ---- | M] () -- C:\Users\Ralf\Desktop\CSUN_availability_20120913.odt

[2012.09.17 13:31:00 | 000,001,214 | ---- | M] () -- C:\Users\Ralf\Desktop\solaranalyzer_20121005.lic

[2012.09.17 09:21:34 | 000,002,147 | ---- | M] () -- C:\Users\Ralf\Desktop\SolarAnalyzer Pro.lnk

[2012.09.11 18:00:12 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\1

[2012.09.11 08:31:35 | 000,084,590 | ---- | M] () -- C:\Users\Ralf\Desktop\120910 Schreiben Indikationsangebot CSUN 5MW Causilgey Farm UK.pdf

[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012.08.30 08:43:28 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

 
 ========== Files Created - No Company Name ==========

 

[2012.09.27 18:25:06 | 000,513,501 | ---- | C] () -- C:\Users\Ralf\Desktop\adwcleaner.exe

[2012.09.24 07:16:54 | 001,626,384 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2012.09.21 13:09:59 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.09.17 17:04:21 | 000,055,868 | ---- | C] () -- C:\Users\Ralf\Desktop\CSUN_availability_20120913.pdf

[2012.09.17 17:03:39 | 000,013,709 | ---- | C] () -- C:\Users\Ralf\Desktop\CSUN_availability_20120913.odt

[2012.09.17 13:31:00 | 000,001,214 | ---- | C] () -- C:\Users\Ralf\Desktop\solaranalyzer_20121005.lic

[2012.09.17 09:21:34 | 000,002,147 | ---- | C] () -- C:\Users\Ralf\Desktop\SolarAnalyzer Pro.lnk

[2012.09.11 08:31:34 | 000,084,590 | ---- | C] () -- C:\Users\Ralf\Desktop\120910 Schreiben Indikationsangebot CSUN 5MW Causilgey Farm UK.pdf

[2012.09.11 08:05:11 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\1

[2012.04.11 10:57:29 | 000,004,096 | -H-- | C] () -- C:\Users\Ralf\AppData\Local\keyfile3.drm

[2012.03.19 23:31:16 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin

[2012.03.19 23:31:16 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin

[2012.03.19 23:25:58 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll

[2012.03.19 22:21:14 | 013,212,672 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll

[2012.02.24 15:31:50 | 000,251,340 | ---- | C] () -- C:\windows\hpwins14.dat

[2012.02.24 15:31:50 | 000,000,411 | ---- | C] () -- C:\windows\hpwmdl14.dat

[2011.11.06 08:34:50 | 000,000,034 | ---- | C] () -- C:\windows\cdplayer.ini

[2011.08.25 09:52:26 | 000,003,443 | ---- | C] () -- C:\windows\UTILITYDRV.SYS

[2011.08.25 09:52:25 | 000,300,328 | ---- | C] () -- C:\windows\it50.dll

[2011.08.25 09:52:25 | 000,259,368 | ---- | C] () -- C:\windows\FastBR.dll

[2011.08.25 09:52:25 | 000,218,408 | ---- | C] () -- C:\windows\Image.dll

[2011.08.25 09:52:25 | 000,202,024 | ---- | C] () -- C:\windows\HardDisk.dll

[2011.08.25 09:52:25 | 000,010,068 | ---- | C] () -- C:\windows\GT.EXE

[2011.08.25 09:52:24 | 000,259,368 | ---- | C] () -- C:\windows\CopyFile.dll

[2011.08.25 09:52:24 | 000,177,448 | ---- | C] () -- C:\windows\disk.dll

[2011.08.25 09:52:24 | 000,110,592 | ---- | C] () -- C:\windows\BootseqwWmi.exe

[2011.08.25 09:52:24 | 000,081,920 | ---- | C] () -- C:\windows\Bootseqw32.exe

[2011.08.25 09:52:24 | 000,049,152 | ---- | C] () -- C:\windows\CHGBOOTW.EXE

[2011.08.25 09:52:24 | 000,008,704 | ---- | C] () -- C:\windows\Access32.sys

[2011.08.25 00:59:56 | 000,015,190 | ---- | C] () -- C:\windows\S6000Twn.ini

[2011.04.15 07:29:01 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

[2011.04.15 07:28:13 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== LOP Check ==========

 

[2011.12.21 10:07:46 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\1&1 Mail & Media GmbH

[2011.12.23 15:23:09 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Amazon

[2011.12.09 18:14:01 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Canneverbe Limited

[2011.12.16 11:34:30 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012.09.24 13:56:30 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Dropbox

[2012.09.14 16:44:35 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\FileZilla

[2011.11.23 16:04:46 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\FireShot

[2012.02.06 12:30:30 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\GetRightToGo

[2012.01.30 14:08:16 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\HTC

[2012.01.26 13:07:33 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

[2012.05.22 09:09:40 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\IrfanView

[2012.02.03 13:39:16 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\KOSTAL Solar Electric GmbH

[2012.08.07 09:27:06 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\MyPhoneExplorer

[2012.01.30 14:10:09 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Outlook

[2012.01.03 18:36:41 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\QlikTech

[2012.02.21 16:37:33 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\SinforSSL

[2012.08.16 07:53:09 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Spotify

[2012.02.21 16:40:57 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\UCP

[2012.01.05 16:43:32 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Verbindungsassistent

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.12.21 10:07:46 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\1&1 Mail & Media GmbH

[2011.12.16 11:34:10 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Adobe

[2011.12.23 15:23:09 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Amazon

[2011.12.09 18:14:01 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Canneverbe Limited

[2011.12.16 11:34:30 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2011.11.04 11:41:15 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\CyberLink

[2012.09.24 13:56:30 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Dropbox

[2012.09.14 16:44:35 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\FileZilla

[2011.11.23 16:04:46 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\FireShot

[2012.02.06 12:30:30 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\GetRightToGo

[2012.02.24 15:41:04 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\HP

[2012.05.23 10:21:54 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\HpUpdate

[2012.01.30 14:08:16 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\HTC

[2012.01.26 13:07:33 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

[2011.11.03 19:44:23 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Identities

[2012.05.22 09:09:40 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\IrfanView

[2012.02.03 13:39:16 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\KOSTAL Solar Electric GmbH

[2011.11.04 11:43:54 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Macromedia

[2012.07.13 15:17:45 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Malwarebytes

[2011.02.22 13:42:06 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Media Center Programs

[2012.09.06 09:48:37 | 000,000,000 | --SD | M] -- C:\Users\Ralf\AppData\Roaming\Microsoft

[2011.11.04 11:40:49 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Mozilla

[2012.08.07 09:27:06 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\MyPhoneExplorer

[2012.01.30 14:10:09 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Outlook

[2012.01.03 18:36:41 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\QlikTech

[2012.02.21 16:37:33 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\SinforSSL

[2012.09.21 17:20:07 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Skype

[2012.08.16 07:53:09 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Spotify

[2012.02.21 16:40:57 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\UCP

[2012.01.05 16:43:32 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Verbindungsassistent

[2012.08.30 12:37:46 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\vlc

[2012.02.24 15:36:44 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Yahoo!

 
 < %APPDATA%\*.exe /s >

[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ralf\AppData\Roaming\Dropbox\bin\Dropbox.exe

[2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ralf\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe

[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ralf\AppData\Roaming\Dropbox\bin\Uninstall.exe

[2011.12.16 11:34:08 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Ralf\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

[2012.09.06 09:26:24 | 000,001,406 | R--- | M] () -- C:\Users\Ralf\AppData\Roaming\Microsoft\Installer\{D0B66311-04BB-40D9-B260-E53372F7C554}\_79787b7b.exe

[2012.09.06 09:26:24 | 000,001,406 | R--- | M] () -- C:\Users\Ralf\AppData\Roaming\Microsoft\Installer\{D0B66311-04BB-40D9-B260-E53372F7C554}\_797e4f74.exe

[2012.09.06 09:26:24 | 000,001,406 | R--- | M] () -- C:\Users\Ralf\AppData\Roaming\Microsoft\Installer\{D0B66311-04BB-40D9-B260-E53372F7C554}\_79924b5e.exe

[2012.08.17 19:49:00 | 000,060,824 | ---- | M] (getfireshot.com) -- C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\51entowq.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\crashreporter.exe

[2012.08.17 19:49:00 | 000,145,816 | ---- | M] (getfireshot.com) -- C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\51entowq.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-container.exe

[2012.08.17 19:48:38 | 000,074,648 | ---- | M] (getfireshot.com) -- C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\51entowq.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-deploy.exe

[2012.02.21 16:36:55 | 000,014,152 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\SinforSSL\StartIEAsAdmin.exe

[2012.08.15 12:18:24 | 007,601,880 | ---- | M] (Spotify Ltd) -- C:\Users\Ralf\AppData\Roaming\Spotify\spotify.exe

[2012.08.15 12:18:24 | 000,114,904 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Spotify\SpotifyLauncher.exe

[2012.08.15 12:18:24 | 001,193,176 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

[2009.06.15 20:21:54 | 000,135,168 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Ralf\AppData\Roaming\Verbindungsassistent\BackUp\Del_CD_ROM.exe

[2010.02.23 12:02:02 | 000,030,160 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Verbindungsassistent\BackUp\InstallWTGService.exe

[2010.02.23 12:01:36 | 000,409,040 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Verbindungsassistent\BackUp\OSU.exe

[2010.02.23 12:01:20 | 001,148,368 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Verbindungsassistent\BackUp\Setup.exe

[2010.02.23 12:01:58 | 001,091,024 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Verbindungsassistent\BackUp\Uninstaller.exe

[2010.02.23 12:01:50 | 007,226,832 | ---- | M] (WebToGo Mobile Internet GmbH) -- C:\Users\Ralf\AppData\Roaming\Verbindungsassistent\BackUp\Verbindungsassistent.exe

[2010.02.23 12:01:44 | 000,472,528 | ---- | M] (WebToGo Mobiles Internet GmbH) -- C:\Users\Ralf\AppData\Roaming\Verbindungsassistent\BackUp\Verbindungsassistent_SMSMMS.exe

[2010.02.23 12:01:28 | 000,329,168 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Verbindungsassistent\BackUp\WTGService.exe

[2010.02.23 12:01:32 | 000,243,152 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Verbindungsassistent\BackUp\WTGVistaUtil.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2011.02.18 10:11:54 | 000,439,320 | ---- | M] (Intel Corporation) MD5=53CC5BF8B5A219119953C7ABB19A7705 -- C:\windows\SysNative\drivers\iaStor.sys

[2011.02.18 10:11:54 | 000,439,320 | ---- | M] (Intel Corporation) MD5=53CC5BF8B5A219119953C7ABB19A7705 -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_52b32c0ad3e84c62\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.08.17 01:32:58 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.08.17 01:32:58 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys

[2011.08.17 01:32:58 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.08.17 01:32:58 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll

[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.08.17 01:32:58 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.08.17 01:32:58 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys

[2011.08.17 01:32:58 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.08.17 01:32:58 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll

[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll

[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe

[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe

[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 ========== Files - Unicode (All) ==========

[2012.09.07 13:28:36 | 000,041,472 | ---- | M] ()(C:\Users\Ralf\Desktop\Kopie von ??20120908-20121010.xls) -- C:\Users\Ralf\Desktop\Kopie von 副本20120908-20121010.xls

[2012.09.07 13:28:36 | 000,041,472 | ---- | C] ()(C:\Users\Ralf\Desktop\Kopie von ??20120908-20121010.xls) -- C:\Users\Ralf\Desktop\Kopie von 副本20120908-20121010.xls
 

< End of report >

--- --- ---

--- --- ---

[/CODE]

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

FF - user.js - File not found

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\51entowq.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.94.dll File not found

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-2371013698-2949519152-906224175-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-2371013698-2949519152-906224175-1000\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{6d9d11a9-2078-11e1-a16c-3859f9cc954b}\Shell - "" = AutoRun

O33 - MountPoints2\{6d9d11a9-2078-11e1-a16c-3859f9cc954b}\Shell\AutoRun\command - "" = H:\.\Autorun.exe AUTORUN=1

:Files

C:\windows\SysWow64\1

ipconfig /flushdns /c

:Commands

[purity]

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hier das Log-file vom OTL-Fix:

Code:



All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2371013698-2949519152-906224175-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.

Registry value HKEY_USERS\S-1-5-21-2371013698-2949519152-906224175-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C424171E-592A-415A-9EB1-DFD6D95D3530} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C424171E-592A-415A-9EB1-DFD6D95D3530}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d9d11a9-2078-11e1-a16c-3859f9cc954b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d9d11a9-2078-11e1-a16c-3859f9cc954b}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{6d9d11a9-2078-11e1-a16c-3859f9cc954b}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6d9d11a9-2078-11e1-a16c-3859f9cc954b}\ not found.

File H:\.\Autorun.exe AUTORUN=1 not found.

========== FILES ==========

C:\windows\SysWow64\1 moved successfully.
 < ipconfig /flushdns /c >

Windows-IP-Konfiguration

Der DNS-Aufl”sungscache wurde geleert.

C:\Users\Ralf\Desktop\cmd.bat deleted successfully.

C:\Users\Ralf\Desktop\cmd.txt deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56466 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Public

 

User: Ralf

->Temp folder emptied: 8120891 bytes

->Temporary Internet Files folder emptied: 14260602 bytes

->Java cache emptied: 9942517 bytes

->FireFox cache emptied: 79767128 bytes

->Google Chrome cache emptied: 411041776 bytes

->Flash cache emptied: 57124 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 82515017 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes

RecycleBin emptied: 7294175 bytes

 

Total Files Cleaned = 585,00 mb

 

C:\windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.69.0 log created on 09282012_170730
 

Files\Folders moved on Reboot...

File move failed. C:\Users\Ralf\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
 

PendingFileRenameOperations files...
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

Hallo Cosinus,

der normale Windows-Modus geht noch nicht wieder.
Ich bekomme die Fehlermeldung, dass ein Treiber von Malwarebytes nicht gefunden werden konnte.
Ich habe probeweise Malwarebytes aus dem Autostart genommen, aber das hat auch nicht geholfen.

Hilft der TDSS-Killer auch im abgesicherten Modus?
Gruß
IT-confused

Ja mach das dann im abgesicherten Modus mit Netzwerktreibern

Hier das Log-File:

Code:



13:16:20.0855 0376  TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

13:16:21.0050 0376  ============================================================

13:16:21.0050 0376  Current date / time: 2012/10/01 13:16:21.0050

13:16:21.0050 0376  SystemInfo:

13:16:21.0050 0376  

13:16:21.0050 0376  OS Version: 6.1.7601 ServicePack: 1.0

13:16:21.0050 0376  Product type: Workstation

13:16:21.0051 0376  ComputerName: RALF-PC

13:16:21.0051 0376  UserName: Ralf

13:16:21.0051 0376  Windows directory: C:\windows

13:16:21.0051 0376  System windows directory: C:\windows

13:16:21.0051 0376  Running under WOW64

13:16:21.0051 0376  Processor architecture: Intel x64

13:16:21.0051 0376  Number of processors: 4

13:16:21.0051 0376  Page size: 0x1000

13:16:21.0051 0376  Boot type: Safe boot with network

13:16:21.0051 0376  ============================================================

13:16:21.0913 0376  Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

13:16:21.0916 0376  ============================================================

13:16:21.0916 0376  \Device\Harddisk0\DR0:

13:16:21.0916 0376  MBR partitions:

13:16:21.0916 0376  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x64000

13:16:21.0916 0376  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64800, BlocksNum 0x34BA1000

13:16:21.0950 0376  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x34C06000, BlocksNum 0x39FD800

13:16:21.0950 0376  ============================================================

13:16:21.0982 0376  C: <-> \Device\Harddisk0\DR0\Partition2

13:16:22.0031 0376  D: <-> \Device\Harddisk0\DR0\Partition3

13:16:22.0031 0376  ============================================================

13:16:22.0031 0376  Initialize success

13:16:22.0031 0376  ============================================================

13:19:55.0704 2728  ============================================================

13:19:55.0704 2728  Scan started

13:19:55.0704 2728  Mode: Manual; SigCheck; TDLFS; 

13:19:55.0704 2728  ============================================================

13:19:55.0876 2728  ================ Scan system memory ========================

13:19:55.0876 2728  System memory - ok

13:19:55.0876 2728  ================ Scan services =============================

13:19:56.0063 2728  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\windows\system32\drivers\1394ohci.sys

13:19:56.0141 2728  1394ohci - ok

13:19:56.0188 2728  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\windows\system32\drivers\ACPI.sys

13:19:56.0203 2728  ACPI - ok

13:19:56.0250 2728  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\windows\system32\drivers\acpipmi.sys

13:19:56.0297 2728  AcpiPmi - ok

13:19:56.0328 2728  [ 5BBFF8B826EC38D32C26334E079C7EFC ] ACPIVPC         C:\windows\system32\DRIVERS\AcpiVpc.sys

13:19:56.0344 2728  ACPIVPC - ok

13:19:56.0437 2728  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

13:19:56.0437 2728  AdobeARMservice - ok

13:19:56.0531 2728  [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

13:19:56.0546 2728  AdobeFlashPlayerUpdateSvc - ok

13:19:56.0578 2728  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\windows\system32\drivers\adp94xx.sys

13:19:56.0593 2728  adp94xx - ok

13:19:56.0640 2728  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\windows\system32\drivers\adpahci.sys

13:19:56.0656 2728  adpahci - ok

13:19:56.0687 2728  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\windows\system32\drivers\adpu320.sys

13:19:56.0702 2728  adpu320 - ok

13:19:56.0718 2728  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\windows\System32\aelupsvc.dll

13:19:56.0843 2728  AeLookupSvc - ok

13:19:56.0905 2728  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\windows\system32\drivers\afd.sys

13:19:56.0952 2728  AFD - ok

13:19:56.0999 2728  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\windows\system32\drivers\agp440.sys

13:19:56.0999 2728  agp440 - ok

13:19:57.0046 2728  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\windows\System32\alg.exe

13:19:57.0108 2728  ALG - ok

13:19:57.0139 2728  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\windows\system32\drivers\aliide.sys

13:19:57.0155 2728  aliide - ok

13:19:57.0170 2728  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\windows\system32\drivers\amdide.sys

13:19:57.0170 2728  amdide - ok

13:19:57.0186 2728  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\windows\system32\drivers\amdk8.sys

13:19:57.0217 2728  AmdK8 - ok

13:19:57.0233 2728  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\windows\system32\drivers\amdppm.sys

13:19:57.0248 2728  AmdPPM - ok

13:19:57.0264 2728  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\windows\system32\drivers\amdsata.sys

13:19:57.0264 2728  amdsata - ok

13:19:57.0311 2728  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\windows\system32\drivers\amdsbs.sys

13:19:57.0311 2728  amdsbs - ok

13:19:57.0326 2728  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\windows\system32\drivers\amdxata.sys

13:19:57.0342 2728  amdxata - ok

13:19:57.0404 2728  [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc      C:\windows\system32\inetsrv\apphostsvc.dll

13:19:57.0436 2728  AppHostSvc - ok

13:19:57.0467 2728  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\windows\system32\drivers\appid.sys

13:19:57.0701 2728  AppID - ok

13:19:57.0748 2728  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\windows\System32\appidsvc.dll

13:19:57.0794 2728  AppIDSvc - ok

13:19:57.0826 2728  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo         C:\windows\System32\appinfo.dll

13:19:57.0872 2728  Appinfo - ok

13:19:57.0888 2728  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\windows\system32\drivers\arc.sys

13:19:57.0888 2728  arc - ok

13:19:57.0919 2728  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\windows\system32\drivers\arcsas.sys

13:19:57.0919 2728  arcsas - ok

13:19:57.0935 2728  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\windows\system32\DRIVERS\asyncmac.sys

13:19:57.0997 2728  AsyncMac - ok

13:19:58.0013 2728  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\windows\system32\drivers\atapi.sys

13:19:58.0028 2728  atapi - ok

13:19:58.0091 2728  [ 782D36BAD8DDBF008D02E055DBE70F82 ] athr            C:\windows\system32\DRIVERS\athrx.sys

13:19:58.0153 2728  athr - ok

13:19:58.0200 2728  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll

13:19:58.0262 2728  AudioEndpointBuilder - ok

13:19:58.0294 2728  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\windows\System32\Audiosrv.dll

13:19:58.0325 2728  AudioSrv - ok

13:19:58.0356 2728  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\windows\System32\AxInstSV.dll

13:19:58.0403 2728  AxInstSV - ok

13:19:58.0465 2728  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\windows\system32\drivers\bxvbda.sys

13:19:58.0481 2728  b06bdrv - ok

13:19:58.0512 2728  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\windows\system32\DRIVERS\b57nd60a.sys

13:19:58.0543 2728  b57nd60a - ok

13:19:58.0590 2728  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\windows\System32\bdesvc.dll

13:19:58.0606 2728  BDESVC - ok

13:19:58.0637 2728  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\windows\system32\drivers\Beep.sys

13:19:58.0699 2728  Beep - ok

13:19:58.0746 2728  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\windows\System32\bfe.dll

13:19:58.0793 2728  BFE - ok

13:19:58.0824 2728  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\windows\System32\qmgr.dll

13:19:58.0996 2728  BITS - ok

13:19:59.0027 2728  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\windows\system32\DRIVERS\blbdrive.sys

13:19:59.0042 2728  blbdrive - ok

13:19:59.0074 2728  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\windows\system32\DRIVERS\bowser.sys

13:19:59.0105 2728  bowser - ok

13:19:59.0167 2728  [ AAA4F992F879977A000FE8B8C730CD2C ] BPntDrv         C:\windows\system32\drivers\BPntDrv.sys

13:19:59.0167 2728  BPntDrv - ok

13:19:59.0198 2728  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\windows\system32\drivers\BrFiltLo.sys

13:19:59.0230 2728  BrFiltLo - ok

13:19:59.0245 2728  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\windows\system32\drivers\BrFiltUp.sys

13:19:59.0245 2728  BrFiltUp - ok

13:19:59.0276 2728  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\windows\System32\browser.dll

13:19:59.0292 2728  Browser - ok

13:19:59.0308 2728  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\windows\System32\Drivers\Brserid.sys

13:19:59.0339 2728  Brserid - ok

13:19:59.0339 2728  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\windows\System32\Drivers\BrSerWdm.sys

13:19:59.0354 2728  BrSerWdm - ok

13:19:59.0386 2728  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\windows\System32\Drivers\BrUsbMdm.sys

13:19:59.0417 2728  BrUsbMdm - ok

13:19:59.0417 2728  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\windows\System32\Drivers\BrUsbSer.sys

13:19:59.0448 2728  BrUsbSer - ok

13:19:59.0479 2728  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\windows\system32\drivers\BthEnum.sys

13:19:59.0510 2728  BthEnum - ok

13:19:59.0557 2728  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\windows\system32\drivers\bthmodem.sys

13:19:59.0588 2728  BTHMODEM - ok

13:19:59.0604 2728  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\windows\system32\DRIVERS\bthpan.sys

13:19:59.0635 2728  BthPan - ok

13:19:59.0666 2728  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\windows\System32\Drivers\BTHport.sys

13:19:59.0698 2728  BTHPORT - ok

13:19:59.0729 2728  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\windows\system32\bthserv.dll

13:19:59.0744 2728  bthserv - ok

13:19:59.0760 2728  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\windows\System32\Drivers\BTHUSB.sys

13:19:59.0791 2728  BTHUSB - ok

13:19:59.0838 2728  [ A0DFB69ADE3444C78B17636FCF28E898 ] BTWAMPFL        C:\windows\system32\DRIVERS\btwampfl.sys

13:19:59.0854 2728  BTWAMPFL - ok

13:19:59.0869 2728  [ 7CF028CE78696882B327FF13D2DFA534 ] btwaudio        C:\windows\system32\drivers\btwaudio.sys

13:19:59.0869 2728  btwaudio - ok

13:19:59.0900 2728  [ 3DEF2370E414B4E299673558BA171A51 ] btwavdt         C:\windows\system32\drivers\btwavdt.sys

13:19:59.0916 2728  btwavdt - ok

13:19:59.0978 2728  [ 3D5E7FB2CB69A6186C7954C0859173F4 ] btwdins         C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe

13:19:59.0994 2728  btwdins - ok

13:20:00.0041 2728  [ 346B4051B3D7FF70E8F027869B8ECA6E ] btwl2cap        C:\windows\system32\DRIVERS\btwl2cap.sys

13:20:00.0041 2728  btwl2cap - ok

13:20:00.0056 2728  [ 9937E0E4DFC0030560A6DFE9D3A94B39 ] btwrchid        C:\windows\system32\DRIVERS\btwrchid.sys

13:20:00.0072 2728  btwrchid - ok

13:20:00.0072 2728  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\windows\system32\DRIVERS\cdfs.sys

13:20:00.0134 2728  cdfs - ok

13:20:00.0181 2728  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\windows\system32\DRIVERS\cdrom.sys

13:20:00.0197 2728  cdrom - ok

13:20:00.0244 2728  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\windows\System32\certprop.dll

13:20:00.0306 2728  CertPropSvc - ok

13:20:00.0322 2728  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\windows\system32\drivers\circlass.sys

13:20:00.0322 2728  circlass - ok

13:20:00.0368 2728  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\windows\system32\CLFS.sys

13:20:00.0384 2728  CLFS - ok

13:20:00.0446 2728  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

13:20:00.0478 2728  clr_optimization_v2.0.50727_32 - ok

13:20:00.0493 2728  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

13:20:00.0509 2728  clr_optimization_v2.0.50727_64 - ok

13:20:00.0571 2728  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

13:20:00.0634 2728  clr_optimization_v4.0.30319_32 - ok

13:20:00.0680 2728  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

13:20:00.0696 2728  clr_optimization_v4.0.30319_64 - ok

13:20:00.0743 2728  [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd           C:\windows\system32\DRIVERS\clwvd.sys

13:20:00.0743 2728  clwvd - ok

13:20:00.0758 2728  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\windows\system32\DRIVERS\CmBatt.sys

13:20:00.0790 2728  CmBatt - ok

13:20:00.0805 2728  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\windows\system32\drivers\cmdide.sys

13:20:00.0805 2728  cmdide - ok

13:20:00.0836 2728  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG             C:\windows\system32\Drivers\cng.sys

13:20:00.0868 2728  CNG - ok

13:20:00.0899 2728  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\windows\system32\drivers\compbatt.sys

13:20:00.0914 2728  Compbatt - ok

13:20:00.0930 2728  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\windows\system32\DRIVERS\CompositeBus.sys

13:20:00.0961 2728  CompositeBus - ok

13:20:00.0977 2728  COMSysApp - ok

13:20:01.0024 2728  [ F08C6020E57F5E5BF2FD034DB10BEDFB ] cphs            C:\windows\SysWow64\IntelCpHeciSvc.exe

13:20:01.0102 2728  cphs - ok

13:20:01.0117 2728  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\windows\system32\drivers\crcdisk.sys

13:20:01.0133 2728  crcdisk - ok

13:20:01.0180 2728  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\windows\system32\cryptsvc.dll

13:20:01.0226 2728  CryptSvc - ok

13:20:01.0258 2728  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\windows\system32\rpcss.dll

13:20:01.0320 2728  DcomLaunch - ok

13:20:01.0336 2728  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\windows\System32\defragsvc.dll

13:20:01.0382 2728  defragsvc - ok

13:20:01.0414 2728  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\windows\system32\Drivers\dfsc.sys

13:20:01.0445 2728  DfsC - ok

13:20:01.0492 2728  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\windows\system32\dhcpcore.dll

13:20:01.0554 2728  Dhcp - ok

13:20:01.0570 2728  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\windows\system32\drivers\discache.sys

13:20:01.0601 2728  discache - ok

13:20:01.0632 2728  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\windows\system32\drivers\disk.sys

13:20:01.0648 2728  Disk - ok

13:20:01.0663 2728  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\windows\System32\dnsrslvr.dll

13:20:01.0694 2728  Dnscache - ok

13:20:01.0710 2728  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\windows\System32\dot3svc.dll

13:20:01.0741 2728  dot3svc - ok

13:20:01.0788 2728  [ B42ED0320C6E41102FDE0005154849BB ] Dot4            C:\windows\system32\DRIVERS\Dot4.sys

13:20:01.0819 2728  Dot4 - ok

13:20:01.0850 2728  [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print       C:\windows\system32\DRIVERS\Dot4Prt.sys

13:20:01.0882 2728  Dot4Print - ok

13:20:01.0913 2728  [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb         C:\windows\system32\DRIVERS\dot4usb.sys

13:20:01.0928 2728  dot4usb - ok

13:20:01.0944 2728  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\windows\system32\dps.dll

13:20:01.0991 2728  DPS - ok

13:20:02.0022 2728  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\windows\system32\drivers\drmkaud.sys

13:20:02.0038 2728  drmkaud - ok

13:20:02.0069 2728  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl         C:\windows\System32\drivers\dxgkrnl.sys

13:20:02.0100 2728  DXGKrnl - ok

13:20:02.0116 2728  [ 13533557D01B88C83110D5CF749F14D7 ] eamonm          C:\windows\system32\DRIVERS\eamonm.sys

13:20:02.0131 2728  eamonm - ok

13:20:02.0162 2728  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\windows\System32\eapsvc.dll

13:20:02.0209 2728  EapHost - ok

13:20:02.0287 2728  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\windows\system32\drivers\evbda.sys

13:20:02.0381 2728  ebdrv - ok

13:20:02.0412 2728  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\windows\System32\lsass.exe

13:20:02.0443 2728  EFS - ok

13:20:02.0521 2728  [ 2C1A297638E4319179A1112D4D6522B8 ] EgisTec Service C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe

13:20:02.0537 2728  EgisTec Service - ok

13:20:02.0599 2728  [ 0AC3BAA7DF250C76DD9BCFC51565CB5F ] EgisTec Service Help C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe

13:20:02.0599 2728  EgisTec Service Help - ok

13:20:02.0646 2728  [ 7745AAFFB61438C28C75E18CE98D4E64 ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe

13:20:02.0662 2728  EgisTec Ticket Service - ok

13:20:02.0693 2728  [ 33708C6D915F8DE734CF3ABB0731515B ] EgisTecFF       C:\windows\system32\DRIVERS\EgisTecFF.sys

13:20:02.0708 2728  EgisTecFF - ok

13:20:02.0740 2728  [ E097728129E7B79BF1089D7AEF42332B ] ehdrv           C:\windows\system32\DRIVERS\ehdrv.sys

13:20:02.0740 2728  ehdrv - ok

13:20:02.0802 2728  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\windows\ehome\ehRecvr.exe

13:20:02.0833 2728  ehRecvr - ok

13:20:02.0864 2728  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\windows\ehome\ehsched.exe

13:20:02.0864 2728  ehSched - ok

13:20:02.0942 2728  [ C7BB95CF9631AA401E4ADED1648F6AF7 ] ekrn            C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

13:20:02.0958 2728  ekrn - ok

13:20:03.0005 2728  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\windows\system32\drivers\elxstor.sys

13:20:03.0020 2728  elxstor - ok

13:20:03.0052 2728  [ 2380976CF8A4A56611F35633ACD2A74F ] epfwwfpr        C:\windows\system32\DRIVERS\epfwwfpr.sys

13:20:03.0067 2728  epfwwfpr - ok

13:20:03.0067 2728  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\windows\system32\drivers\errdev.sys

13:20:03.0098 2728  ErrDev - ok

13:20:03.0130 2728  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\windows\system32\es.dll

13:20:03.0192 2728  EventSystem - ok

13:20:03.0223 2728  [ 4A158424FE9E32365D67989304733241 ] ewsercd         C:\windows\system32\DRIVERS\ewsercd.sys

13:20:03.0239 2728  ewsercd - ok

13:20:03.0270 2728  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\windows\system32\drivers\exfat.sys

13:20:03.0301 2728  exfat - ok

13:20:03.0332 2728  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\windows\system32\drivers\fastfat.sys

13:20:03.0364 2728  fastfat - ok

13:20:03.0410 2728  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\windows\system32\fxssvc.exe

13:20:03.0442 2728  Fax - ok

13:20:03.0473 2728  [ 3191ACA33088EE2481044FC0DB736442 ] fbfmon          C:\windows\system32\drivers\fbfmon.sys

13:20:03.0473 2728  fbfmon - ok

13:20:03.0504 2728  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\windows\system32\drivers\fdc.sys

13:20:03.0520 2728  fdc - ok

13:20:03.0566 2728  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\windows\system32\fdPHost.dll

13:20:03.0613 2728  fdPHost - ok

13:20:03.0644 2728  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\windows\system32\fdrespub.dll

13:20:03.0676 2728  FDResPub - ok

13:20:03.0691 2728  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\windows\system32\drivers\fileinfo.sys

13:20:03.0707 2728  FileInfo - ok

13:20:03.0722 2728  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\windows\system32\drivers\filetrace.sys

13:20:03.0769 2728  Filetrace - ok

13:20:03.0800 2728  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\windows\system32\drivers\flpydisk.sys

13:20:03.0816 2728  flpydisk - ok

13:20:03.0847 2728  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\windows\system32\drivers\fltmgr.sys

13:20:03.0863 2728  FltMgr - ok

13:20:03.0894 2728  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache       C:\windows\system32\FntCache.dll

13:20:03.0941 2728  FontCache - ok

13:20:03.0972 2728  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

13:20:03.0972 2728  FontCache3.0.0.0 - ok

13:20:04.0003 2728  [ 1899D0FB4C5AD0D6D0BFA258C54903F7 ] FPSensor        C:\windows\system32\Drivers\FPSensor.sys

13:20:04.0019 2728  FPSensor - ok

13:20:04.0050 2728  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\windows\system32\drivers\FsDepends.sys

13:20:04.0050 2728  FsDepends - ok

13:20:04.0066 2728  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\windows\system32\drivers\Fs_Rec.sys

13:20:04.0081 2728  Fs_Rec - ok

13:20:04.0112 2728  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\windows\system32\DRIVERS\fvevol.sys

13:20:04.0128 2728  fvevol - ok

13:20:04.0159 2728  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\windows\system32\drivers\gagp30kx.sys

13:20:04.0159 2728  gagp30kx - ok

13:20:04.0206 2728  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\windows\System32\gpsvc.dll

13:20:04.0237 2728  gpsvc - ok

13:20:04.0300 2728  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

13:20:04.0300 2728  gupdate - ok

13:20:04.0315 2728  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

13:20:04.0315 2728  gupdatem - ok

13:20:04.0331 2728  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\windows\system32\drivers\hcw85cir.sys

13:20:04.0346 2728  hcw85cir - ok

13:20:04.0393 2728  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys

13:20:04.0424 2728  HdAudAddService - ok

13:20:04.0456 2728  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\windows\system32\DRIVERS\HDAudBus.sys

13:20:04.0471 2728  HDAudBus - ok

13:20:04.0487 2728  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\windows\system32\drivers\HidBatt.sys

13:20:04.0502 2728  HidBatt - ok

13:20:04.0549 2728  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\windows\system32\drivers\hidbth.sys

13:20:04.0580 2728  HidBth - ok

13:20:04.0596 2728  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\windows\system32\drivers\hidir.sys

13:20:04.0596 2728  HidIr - ok

13:20:04.0627 2728  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\windows\system32\hidserv.dll

13:20:04.0658 2728  hidserv - ok

13:20:04.0705 2728  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\windows\system32\DRIVERS\hidusb.sys

13:20:04.0721 2728  HidUsb - ok

13:20:04.0736 2728  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\windows\system32\kmsvc.dll

13:20:04.0783 2728  hkmsvc - ok

13:20:04.0814 2728  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll

13:20:04.0830 2728  HomeGroupListener - ok

13:20:04.0846 2728  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll

13:20:04.0877 2728  HomeGroupProvider - ok

13:20:04.0955 2728  [ 08457D8F8149757C70CEA59C71EC5D27 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

13:20:04.0970 2728  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning

13:20:04.0970 2728  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)

13:20:05.0017 2728  [ 75CC8C5146A3FB76221A7606628778D5 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

13:20:05.0033 2728  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning

13:20:05.0033 2728  hpqddsvc - detected UnsignedFile.Multi.Generic (1)

13:20:05.0048 2728  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\windows\system32\drivers\HpSAMD.sys

13:20:05.0064 2728  HpSAMD - ok

13:20:05.0126 2728  [ F37882F128EFACEFE353E0BAE2766909 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL

13:20:05.0220 2728  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning

13:20:05.0220 2728  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)

13:20:05.0251 2728  [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64        C:\windows\system32\Drivers\ANDROIDUSB.sys

13:20:05.0282 2728  HTCAND64 - ok

13:20:05.0329 2728  [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot        C:\windows\system32\DRIVERS\htcnprot.sys

13:20:05.0329 2728  htcnprot - ok

13:20:05.0376 2728  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\windows\system32\drivers\HTTP.sys

13:20:05.0423 2728  HTTP - ok

13:20:05.0454 2728  [ 4B5C07DB91A0099272FAAE732E1152BD ] hwdatacard      C:\windows\system32\DRIVERS\ewusbmdm.sys

13:20:05.0485 2728  hwdatacard - ok

13:20:05.0485 2728  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\windows\system32\drivers\hwpolicy.sys

13:20:05.0501 2728  hwpolicy - ok

13:20:05.0548 2728  [ 1F24CF1F7DB6D4461AC65A86DB8E4BC2 ] hwusbfake       C:\windows\system32\DRIVERS\ewusbfake.sys

13:20:05.0563 2728  hwusbfake - ok

13:20:05.0626 2728  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\windows\system32\DRIVERS\i8042prt.sys

13:20:05.0626 2728  i8042prt - ok

13:20:05.0657 2728  [ 53CC5BF8B5A219119953C7ABB19A7705 ] iaStor          C:\windows\system32\DRIVERS\iaStor.sys

13:20:05.0672 2728  iaStor - ok

13:20:05.0719 2728  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\windows\system32\drivers\iaStorV.sys

13:20:05.0735 2728  iaStorV - ok

13:20:05.0813 2728  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

13:20:05.0828 2728  idsvc - ok

13:20:06.0109 2728  [ 371D7F91C0D2314EB984A4A6CBEABC92 ] igfx            C:\windows\system32\DRIVERS\igdkmd64.sys

13:20:06.0499 2728  igfx - ok

13:20:06.0530 2728  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\windows\system32\drivers\iirsp.sys

13:20:06.0546 2728  iirsp - ok

13:20:06.0577 2728  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\windows\System32\ikeext.dll

13:20:06.0624 2728  IKEEXT - ok

13:20:06.0718 2728  [ 03076F51AF9F78A272CCCDE03E9340CE ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys

13:20:06.0764 2728  IntcAzAudAddService - ok

13:20:06.0811 2728  [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud        C:\windows\system32\DRIVERS\IntcDAud.sys

13:20:06.0842 2728  IntcDAud - ok

13:20:06.0842 2728  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\windows\system32\drivers\intelide.sys

13:20:06.0858 2728  intelide - ok

13:20:06.0874 2728  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\windows\system32\DRIVERS\intelppm.sys

13:20:06.0889 2728  intelppm - ok

13:20:06.0920 2728  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\windows\system32\ipbusenum.dll

13:20:06.0967 2728  IPBusEnum - ok

13:20:06.0998 2728  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\windows\system32\DRIVERS\ipfltdrv.sys

13:20:07.0014 2728  IpFilterDriver - ok

13:20:07.0045 2728  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\windows\System32\iphlpsvc.dll

13:20:07.0092 2728  iphlpsvc - ok

13:20:07.0108 2728  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\windows\system32\drivers\IPMIDrv.sys

13:20:07.0123 2728  IPMIDRV - ok

13:20:07.0154 2728  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\windows\system32\drivers\ipnat.sys

13:20:07.0186 2728  IPNAT - ok

13:20:07.0217 2728  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\windows\system32\drivers\irenum.sys

13:20:07.0248 2728  IRENUM - ok

13:20:07.0264 2728  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\windows\system32\drivers\isapnp.sys

13:20:07.0279 2728  isapnp - ok

13:20:07.0279 2728  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\windows\system32\drivers\msiscsi.sys

13:20:07.0295 2728  iScsiPrt - ok

13:20:07.0326 2728  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\windows\system32\DRIVERS\kbdclass.sys

13:20:07.0326 2728  kbdclass - ok

13:20:07.0357 2728  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\windows\system32\DRIVERS\kbdhid.sys

13:20:07.0373 2728  kbdhid - ok

13:20:07.0388 2728  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\windows\system32\lsass.exe

13:20:07.0404 2728  KeyIso - ok

13:20:07.0420 2728  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\windows\system32\Drivers\ksecdd.sys

13:20:07.0435 2728  KSecDD - ok

13:20:07.0451 2728  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg         C:\windows\system32\Drivers\ksecpkg.sys

13:20:07.0466 2728  KSecPkg - ok

13:20:07.0482 2728  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\windows\system32\drivers\ksthunk.sys

13:20:07.0529 2728  ksthunk - ok

13:20:07.0560 2728  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\windows\system32\msdtckrm.dll

13:20:07.0607 2728  KtmRm - ok

13:20:07.0669 2728  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\windows\system32\srvsvc.dll

13:20:07.0716 2728  LanmanServer - ok

13:20:07.0747 2728  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll

13:20:07.0778 2728  LanmanWorkstation - ok

13:20:07.0794 2728  [ BE166935083F9C38EDFDC21B9A7A679B ] LHDmgr          C:\windows\system32\DRIVERS\LhdX64.sys

13:20:07.0810 2728  LHDmgr - ok

13:20:07.0841 2728  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\windows\system32\DRIVERS\lltdio.sys

13:20:07.0888 2728  lltdio - ok

13:20:07.0903 2728  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\windows\System32\lltdsvc.dll

13:20:07.0950 2728  lltdsvc - ok

13:20:07.0981 2728  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\windows\System32\lmhsvc.dll

13:20:08.0028 2728  lmhosts - ok

13:20:08.0090 2728  [ 2ED1786B7542CDA261029F6B526EDF44 ] LMS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

13:20:08.0106 2728  LMS - ok

13:20:08.0122 2728  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\windows\system32\drivers\lsi_fc.sys

13:20:08.0137 2728  LSI_FC - ok

13:20:08.0153 2728  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\windows\system32\drivers\lsi_sas.sys

13:20:08.0153 2728  LSI_SAS - ok

13:20:08.0168 2728  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\windows\system32\drivers\lsi_sas2.sys

13:20:08.0168 2728  LSI_SAS2 - ok

13:20:08.0184 2728  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\windows\system32\drivers\lsi_scsi.sys

13:20:08.0200 2728  LSI_SCSI - ok

13:20:08.0231 2728  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\windows\system32\drivers\luafv.sys

13:20:08.0278 2728  luafv - ok

13:20:08.0324 2728  [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector   C:\windows\system32\drivers\mbam.sys

13:20:08.0340 2728  MBAMProtector - ok

13:20:08.0402 2728  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler   C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

13:20:08.0418 2728  MBAMScheduler - ok

13:20:08.0449 2728  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService     C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

13:20:08.0465 2728  MBAMService - ok

13:20:08.0496 2728  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\windows\system32\Mcx2Svc.dll

13:20:08.0527 2728  Mcx2Svc - ok

13:20:08.0543 2728  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\windows\system32\drivers\megasas.sys

13:20:08.0558 2728  megasas - ok

13:20:08.0574 2728  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\windows\system32\drivers\MegaSR.sys

13:20:08.0590 2728  MegaSR - ok

13:20:08.0621 2728  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\windows\system32\DRIVERS\HECIx64.sys

13:20:08.0636 2728  MEIx64 - ok

13:20:08.0668 2728  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\windows\system32\mmcss.dll

13:20:08.0683 2728  MMCSS - ok

13:20:08.0714 2728  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\windows\system32\drivers\modem.sys

13:20:08.0746 2728  Modem - ok

13:20:08.0777 2728  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\windows\system32\DRIVERS\monitor.sys

13:20:08.0808 2728  monitor - ok

13:20:08.0824 2728  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\windows\system32\DRIVERS\mouclass.sys

13:20:08.0824 2728  mouclass - ok

13:20:08.0839 2728  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\windows\system32\DRIVERS\mouhid.sys

13:20:08.0855 2728  mouhid - ok

13:20:08.0870 2728  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\windows\system32\drivers\mountmgr.sys

13:20:08.0886 2728  mountmgr - ok

13:20:08.0933 2728  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

13:20:08.0948 2728  MozillaMaintenance - ok

13:20:08.0964 2728  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\windows\system32\drivers\mpio.sys

13:20:08.0980 2728  mpio - ok

13:20:08.0995 2728  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\windows\system32\drivers\mpsdrv.sys

13:20:09.0026 2728  mpsdrv - ok

13:20:09.0058 2728  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\windows\system32\mpssvc.dll

13:20:09.0089 2728  MpsSvc - ok

13:20:09.0104 2728  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\windows\system32\drivers\mrxdav.sys

13:20:09.0136 2728  MRxDAV - ok

13:20:09.0167 2728  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\windows\system32\DRIVERS\mrxsmb.sys

13:20:09.0198 2728  mrxsmb - ok

13:20:09.0229 2728  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\windows\system32\DRIVERS\mrxsmb10.sys

13:20:09.0260 2728  mrxsmb10 - ok

13:20:09.0276 2728  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\windows\system32\DRIVERS\mrxsmb20.sys

13:20:09.0292 2728  mrxsmb20 - ok

13:20:09.0307 2728  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\windows\system32\drivers\msahci.sys

13:20:09.0323 2728  msahci - ok

13:20:09.0338 2728  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\windows\system32\drivers\msdsm.sys

13:20:09.0354 2728  msdsm - ok

13:20:09.0385 2728  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\windows\System32\msdtc.exe

13:20:09.0401 2728  MSDTC - ok

13:20:09.0448 2728  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\windows\system32\drivers\Msfs.sys

13:20:09.0479 2728  Msfs - ok

13:20:09.0494 2728  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\windows\System32\drivers\mshidkmdf.sys

13:20:09.0541 2728  mshidkmdf - ok

13:20:09.0557 2728  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\windows\system32\drivers\msisadrv.sys

13:20:09.0557 2728  msisadrv - ok

13:20:09.0604 2728  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\windows\system32\iscsiexe.dll

13:20:09.0635 2728  MSiSCSI - ok

13:20:09.0635 2728  msiserver - ok

13:20:09.0682 2728  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\windows\system32\drivers\MSKSSRV.sys

13:20:09.0713 2728  MSKSSRV - ok

13:20:09.0728 2728  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\windows\system32\drivers\MSPCLOCK.sys

13:20:09.0775 2728  MSPCLOCK - ok

13:20:09.0806 2728  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\windows\system32\drivers\MSPQM.sys

13:20:09.0838 2728  MSPQM - ok

13:20:09.0853 2728  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\windows\system32\drivers\MsRPC.sys

13:20:09.0869 2728  MsRPC - ok

13:20:09.0900 2728  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\windows\system32\DRIVERS\mssmbios.sys

13:20:09.0900 2728  mssmbios - ok

13:20:09.0931 2728  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\windows\system32\drivers\MSTEE.sys

13:20:09.0978 2728  MSTEE - ok

13:20:09.0994 2728  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\windows\system32\drivers\MTConfig.sys

13:20:09.0994 2728  MTConfig - ok

13:20:10.0025 2728  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\windows\system32\Drivers\mup.sys

13:20:10.0040 2728  Mup - ok

13:20:10.0056 2728  [ 9B1EAC6FAF6F37305E822F5588DC8056 ] mwlPSDFilter    C:\windows\system32\DRIVERS\mwlPSDFilter.sys

13:20:10.0056 2728  mwlPSDFilter - ok

13:20:10.0072 2728  [ AD55C1524B296280ED9C6E0D730D35DA ] mwlPSDNServ     C:\windows\system32\DRIVERS\mwlPSDNServ.sys

13:20:10.0087 2728  mwlPSDNServ - ok

13:20:10.0087 2728  [ 2B599E6EC8843637BDD62E7F8F3BA201 ] mwlPSDVDisk     C:\windows\system32\DRIVERS\mwlPSDVDisk.sys

13:20:10.0103 2728  mwlPSDVDisk - ok

13:20:10.0134 2728  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\windows\system32\qagentRT.dll

13:20:10.0181 2728  napagent - ok

13:20:10.0228 2728  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\windows\system32\DRIVERS\nwifi.sys

13:20:10.0259 2728  NativeWifiP - ok

13:20:10.0306 2728  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\windows\system32\drivers\ndis.sys

13:20:10.0321 2728  NDIS - ok

13:20:10.0368 2728  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\windows\system32\DRIVERS\ndiscap.sys

13:20:10.0399 2728  NdisCap - ok

13:20:10.0415 2728  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\windows\system32\DRIVERS\ndistapi.sys

13:20:10.0446 2728  NdisTapi - ok

13:20:10.0477 2728  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\windows\system32\DRIVERS\ndisuio.sys

13:20:10.0508 2728  Ndisuio - ok

13:20:10.0524 2728  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\windows\system32\DRIVERS\ndiswan.sys

13:20:10.0555 2728  NdisWan - ok

13:20:10.0586 2728  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\windows\system32\drivers\NDProxy.sys

13:20:10.0618 2728  NDProxy - ok

13:20:10.0649 2728  [ 2334DC48997BA203B794DF3EE70521DB ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll

13:20:10.0680 2728  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

13:20:10.0680 2728  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

13:20:10.0696 2728  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\windows\system32\DRIVERS\netbios.sys

13:20:10.0727 2728  NetBIOS - ok

13:20:10.0758 2728  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\windows\system32\DRIVERS\netbt.sys

13:20:10.0789 2728  NetBT - ok

13:20:10.0805 2728  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\windows\system32\lsass.exe

13:20:10.0805 2728  Netlogon - ok

13:20:10.0836 2728  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\windows\System32\netman.dll

13:20:10.0883 2728  Netman - ok

13:20:10.0914 2728  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\windows\System32\netprofm.dll

13:20:10.0976 2728  netprofm - ok

13:20:10.0992 2728  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

13:20:11.0008 2728  NetTcpPortSharing - ok

13:20:11.0039 2728  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\windows\system32\drivers\nfrd960.sys

13:20:11.0039 2728  nfrd960 - ok

13:20:11.0070 2728  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\windows\System32\nlasvc.dll

13:20:11.0117 2728  NlaSvc - ok

13:20:11.0148 2728  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\windows\system32\drivers\Npfs.sys

13:20:11.0179 2728  Npfs - ok

13:20:11.0210 2728  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\windows\system32\nsisvc.dll

13:20:11.0242 2728  nsi - ok

13:20:11.0273 2728  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\windows\system32\drivers\nsiproxy.sys

13:20:11.0304 2728  nsiproxy - ok

13:20:11.0351 2728  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\windows\system32\drivers\Ntfs.sys

13:20:11.0398 2728  Ntfs - ok

13:20:11.0413 2728  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\windows\system32\drivers\Null.sys

13:20:11.0444 2728  Null - ok

13:20:11.0476 2728  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\windows\system32\drivers\nvraid.sys

13:20:11.0491 2728  nvraid - ok

13:20:11.0507 2728  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\windows\system32\drivers\nvstor.sys

13:20:11.0522 2728  nvstor - ok

13:20:11.0522 2728  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\windows\system32\drivers\nv_agp.sys

13:20:11.0538 2728  nv_agp - ok

13:20:11.0538 2728  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\windows\system32\drivers\ohci1394.sys

13:20:11.0569 2728  ohci1394 - ok

13:20:11.0616 2728  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

13:20:11.0632 2728  ose - ok

13:20:11.0756 2728  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

13:20:11.0928 2728  osppsvc - ok

13:20:11.0944 2728  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\windows\system32\pnrpsvc.dll

13:20:11.0975 2728  p2pimsvc - ok

13:20:11.0990 2728  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\windows\system32\p2psvc.dll

13:20:12.0006 2728  p2psvc - ok

13:20:12.0037 2728  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\windows\system32\drivers\parport.sys

13:20:12.0037 2728  Parport - ok

13:20:12.0068 2728  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\windows\system32\drivers\partmgr.sys

13:20:12.0068 2728  partmgr - ok

13:20:12.0146 2728  [ 39B9DCD7040654C2E57D7396736C718E ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

13:20:12.0162 2728  PassThru Service ( UnsignedFile.Multi.Generic ) - warning

13:20:12.0162 2728  PassThru Service - detected UnsignedFile.Multi.Generic (1)

13:20:12.0178 2728  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\windows\System32\pcasvc.dll

13:20:12.0209 2728  PcaSvc - ok

13:20:12.0240 2728  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\windows\system32\drivers\pci.sys

13:20:12.0256 2728  pci - ok

13:20:12.0271 2728  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\windows\system32\drivers\pciide.sys

13:20:12.0287 2728  pciide - ok

13:20:12.0287 2728  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\windows\system32\drivers\pcmcia.sys

13:20:12.0302 2728  pcmcia - ok

13:20:12.0302 2728  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\windows\system32\drivers\pcw.sys

13:20:12.0318 2728  pcw - ok

13:20:12.0349 2728  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\windows\system32\drivers\peauth.sys

13:20:12.0396 2728  PEAUTH - ok

13:20:12.0458 2728  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\windows\SysWow64\perfhost.exe

13:20:12.0505 2728  PerfHost - ok

13:20:12.0552 2728  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\windows\system32\pla.dll

13:20:12.0614 2728  pla - ok

13:20:12.0646 2728  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\windows\system32\umpnpmgr.dll

13:20:12.0677 2728  PlugPlay - ok

13:20:12.0708 2728  [ AC78DF349F0E4CFB8B667C0CFFF83CCE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll

13:20:12.0724 2728  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

13:20:12.0724 2728  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

13:20:12.0755 2728  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\windows\system32\pnrpauto.dll

13:20:12.0770 2728  PNRPAutoReg - ok

13:20:12.0802 2728  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\windows\system32\pnrpsvc.dll

13:20:12.0802 2728  PNRPsvc - ok

13:20:12.0833 2728  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\windows\System32\ipsecsvc.dll

13:20:12.0880 2728  PolicyAgent - ok

13:20:12.0911 2728  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\windows\system32\umpo.dll

13:20:12.0958 2728  Power - ok

13:20:12.0989 2728  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\windows\system32\DRIVERS\raspptp.sys

13:20:13.0020 2728  PptpMiniport - ok

13:20:13.0036 2728  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\windows\system32\drivers\processr.sys

13:20:13.0067 2728  Processor - ok

13:20:13.0098 2728  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\windows\system32\profsvc.dll

13:20:13.0129 2728  ProfSvc - ok

13:20:13.0145 2728  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe

13:20:13.0160 2728  ProtectedStorage - ok

13:20:13.0176 2728  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\windows\system32\DRIVERS\pacer.sys

13:20:13.0223 2728  Psched - ok

13:20:13.0270 2728  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\windows\system32\drivers\ql2300.sys

13:20:13.0316 2728  ql2300 - ok

13:20:13.0316 2728  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\windows\system32\drivers\ql40xx.sys

13:20:13.0316 2728  ql40xx - ok

13:20:13.0348 2728  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\windows\system32\qwave.dll

13:20:13.0379 2728  QWAVE - ok

13:20:13.0410 2728  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\windows\system32\drivers\qwavedrv.sys

13:20:13.0441 2728  QWAVEdrv - ok

13:20:13.0457 2728  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\windows\system32\DRIVERS\rasacd.sys

13:20:13.0488 2728  RasAcd - ok

13:20:13.0519 2728  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\windows\system32\DRIVERS\AgileVpn.sys

13:20:13.0550 2728  RasAgileVpn - ok

13:20:13.0582 2728  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\windows\System32\rasauto.dll

13:20:13.0628 2728  RasAuto - ok

13:20:13.0660 2728  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\windows\system32\DRIVERS\rasl2tp.sys

13:20:13.0691 2728  Rasl2tp - ok

13:20:13.0722 2728  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\windows\System32\rasmans.dll

13:20:13.0769 2728  RasMan - ok

13:20:13.0784 2728  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\windows\system32\DRIVERS\raspppoe.sys

13:20:13.0831 2728  RasPppoe - ok

13:20:13.0847 2728  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\windows\system32\DRIVERS\rassstp.sys

13:20:13.0894 2728  RasSstp - ok

13:20:13.0909 2728  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\windows\system32\DRIVERS\rdbss.sys

13:20:13.0956 2728  rdbss - ok

13:20:13.0972 2728  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\windows\system32\drivers\rdpbus.sys

13:20:13.0987 2728  rdpbus - ok

13:20:14.0003 2728  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\windows\system32\DRIVERS\RDPCDD.sys

13:20:14.0034 2728  RDPCDD - ok

13:20:14.0050 2728  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\windows\system32\drivers\rdpencdd.sys

13:20:14.0096 2728  RDPENCDD - ok

13:20:14.0128 2728  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\windows\system32\drivers\rdprefmp.sys

13:20:14.0159 2728  RDPREFMP - ok

13:20:14.0174 2728  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\windows\system32\drivers\RDPWD.sys

13:20:14.0206 2728  RDPWD - ok

13:20:14.0237 2728  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\windows\system32\drivers\rdyboost.sys

13:20:14.0252 2728  rdyboost - ok

13:20:14.0299 2728  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\windows\System32\mprdim.dll

13:20:14.0346 2728  RemoteAccess - ok

13:20:14.0362 2728  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\windows\system32\regsvc.dll

13:20:14.0408 2728  RemoteRegistry - ok

13:20:14.0440 2728  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\windows\system32\DRIVERS\rfcomm.sys

13:20:14.0471 2728  RFCOMM - ok

13:20:14.0486 2728  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\windows\System32\RpcEpMap.dll

13:20:14.0533 2728  RpcEptMapper - ok

13:20:14.0564 2728  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\windows\system32\locator.exe

13:20:14.0564 2728  RpcLocator - ok

13:20:14.0580 2728  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\windows\system32\rpcss.dll

13:20:14.0627 2728  RpcSs - ok

13:20:14.0642 2728  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\windows\system32\DRIVERS\rspndr.sys

13:20:14.0674 2728  rspndr - ok

13:20:14.0705 2728  [ E54A5586A28D0630A79A68BBAB84BFCF ] RSUSBVSTOR      C:\windows\system32\Drivers\RtsUVStor.sys

13:20:14.0720 2728  RSUSBVSTOR - ok

13:20:14.0767 2728  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\windows\system32\DRIVERS\Rt64win7.sys

13:20:14.0783 2728  RTL8167 - ok

13:20:14.0876 2728  [ 8E5297D5747A90636D5EFAEC8E466623 ] S6000KNT        C:\windows\system32\Drivers\S6000KNT.sys

13:20:14.0986 2728  S6000KNT - ok

13:20:15.0001 2728  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\windows\system32\lsass.exe

13:20:15.0001 2728  SamSs - ok

13:20:15.0017 2728  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\windows\system32\drivers\sbp2port.sys

13:20:15.0032 2728  sbp2port - ok

13:20:15.0064 2728  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\windows\System32\SCardSvr.dll

13:20:15.0110 2728  SCardSvr - ok

13:20:15.0126 2728  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\windows\system32\DRIVERS\scfilter.sys

13:20:15.0173 2728  scfilter - ok

13:20:15.0220 2728  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\windows\system32\schedsvc.dll

13:20:15.0266 2728  Schedule - ok

13:20:15.0298 2728  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\windows\System32\certprop.dll

13:20:15.0329 2728  SCPolicySvc - ok

13:20:15.0360 2728  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\windows\System32\SDRSVC.dll

13:20:15.0376 2728  SDRSVC - ok

13:20:15.0422 2728  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\windows\system32\drivers\secdrv.sys

13:20:15.0454 2728  secdrv - ok

13:20:15.0485 2728  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\windows\system32\seclogon.dll

13:20:15.0516 2728  seclogon - ok

13:20:15.0547 2728  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\windows\System32\sens.dll

13:20:15.0594 2728  SENS - ok

13:20:15.0594 2728  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\windows\system32\sensrsvc.dll

13:20:15.0610 2728  SensrSvc - ok

13:20:15.0641 2728  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\windows\system32\drivers\serenum.sys

13:20:15.0656 2728  Serenum - ok

13:20:15.0688 2728  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\windows\system32\drivers\serial.sys

13:20:15.0719 2728  Serial - ok

13:20:15.0719 2728  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\windows\system32\drivers\sermouse.sys

13:20:15.0734 2728  sermouse - ok

13:20:15.0766 2728  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\windows\system32\sessenv.dll

13:20:15.0812 2728  SessionEnv - ok

13:20:15.0828 2728  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\windows\system32\drivers\sffdisk.sys

13:20:15.0844 2728  sffdisk - ok

13:20:15.0859 2728  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\windows\system32\drivers\sffp_mmc.sys

13:20:15.0875 2728  sffp_mmc - ok

13:20:15.0875 2728  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\windows\system32\drivers\sffp_sd.sys

13:20:15.0906 2728  sffp_sd - ok

13:20:15.0906 2728  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\windows\system32\drivers\sfloppy.sys

13:20:15.0922 2728  sfloppy - ok

13:20:15.0953 2728  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\windows\System32\ipnathlp.dll

13:20:16.0000 2728  SharedAccess - ok

13:20:16.0015 2728  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll

13:20:16.0062 2728  ShellHWDetection - ok

13:20:16.0124 2728  [ 83CBB0D52BCE7A2E9A1D8666ED31F540 ] SinforSP        C:\Program Files (x86)\Sinfor\SSL\Promote\SinforPromoteService.exe

13:20:16.0124 2728  SinforSP - ok

13:20:16.0156 2728  [ 75D7225AE8FC98E1EBCE753A7DEC9CBF ] SinforVnic      C:\windows\system32\DRIVERS\SinforVnic.sys

13:20:16.0156 2728  SinforVnic - ok

13:20:16.0187 2728  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\windows\system32\drivers\SiSRaid2.sys

13:20:16.0187 2728  SiSRaid2 - ok

13:20:16.0187 2728  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\windows\system32\drivers\sisraid4.sys

13:20:16.0202 2728  SiSRaid4 - ok

13:20:16.0343 2728  [ 753D254205E0A62100A050BD8B458D06 ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

13:20:16.0468 2728  Skype C2C Service - ok

13:20:16.0499 2728  [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate     C:\Program Files (x86)\Skype\Updater\Updater.exe

13:20:16.0514 2728  SkypeUpdate - ok

13:20:16.0546 2728  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\windows\system32\DRIVERS\smb.sys

13:20:16.0592 2728  Smb - ok

13:20:16.0608 2728  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\windows\System32\snmptrap.exe

13:20:16.0639 2728  SNMPTRAP - ok

13:20:16.0702 2728  [ 26285A248DE28435ACDC89E6A7AE0070 ] Solarlogger     c:\SolarView\Datenlogger.exe

13:20:16.0717 2728  Solarlogger ( UnsignedFile.Multi.Generic ) - warning

13:20:16.0717 2728  Solarlogger - detected UnsignedFile.Multi.Generic (1)

13:20:16.0717 2728  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\windows\system32\drivers\spldr.sys

13:20:16.0733 2728  spldr - ok

13:20:16.0764 2728  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\windows\System32\spoolsv.exe

13:20:16.0780 2728  Spooler - ok

13:20:16.0858 2728  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\windows\system32\sppsvc.exe

13:20:16.0982 2728  sppsvc - ok

13:20:16.0998 2728  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\windows\system32\sppuinotify.dll

13:20:17.0029 2728  sppuinotify - ok

13:20:17.0060 2728  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\windows\system32\DRIVERS\srv.sys

13:20:17.0092 2728  srv - ok

13:20:17.0107 2728  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\windows\system32\DRIVERS\srv2.sys

13:20:17.0138 2728  srv2 - ok

13:20:17.0170 2728  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\windows\system32\DRIVERS\srvnet.sys

13:20:17.0170 2728  srvnet - ok

13:20:17.0201 2728  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\windows\System32\ssdpsrv.dll

13:20:17.0232 2728  SSDPSRV - ok

13:20:17.0248 2728  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\windows\system32\sstpsvc.dll

13:20:17.0279 2728  SstpSvc - ok

13:20:17.0310 2728  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\windows\system32\drivers\stexstor.sys

13:20:17.0310 2728  stexstor - ok

13:20:17.0341 2728  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\windows\System32\wiaservc.dll

13:20:17.0372 2728  stisvc - ok

13:20:17.0404 2728  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\windows\system32\DRIVERS\swenum.sys

13:20:17.0419 2728  swenum - ok

13:20:17.0435 2728  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\windows\System32\swprv.dll

13:20:17.0482 2728  swprv - ok

13:20:17.0560 2728  [ 08425CD92972C6430F350A9697F4A553 ] SynTP           C:\windows\system32\DRIVERS\SynTP.sys

13:20:17.0575 2728  SynTP - ok

13:20:17.0622 2728  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\windows\system32\sysmain.dll

13:20:17.0669 2728  SysMain - ok

13:20:17.0684 2728  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll

13:20:17.0700 2728  TabletInputService - ok

13:20:17.0731 2728  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\windows\System32\tapisrv.dll

13:20:17.0762 2728  TapiSrv - ok

13:20:17.0762 2728  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\windows\System32\tbssvc.dll

13:20:17.0794 2728  TBS - ok

13:20:17.0872 2728  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip           C:\windows\system32\drivers\tcpip.sys

13:20:17.0903 2728  Tcpip - ok

13:20:17.0950 2728  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\windows\system32\DRIVERS\tcpip.sys

13:20:17.0981 2728  TCPIP6 - ok

13:20:18.0028 2728  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\windows\system32\drivers\tcpipreg.sys

13:20:18.0074 2728  tcpipreg - ok

13:20:18.0090 2728  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\windows\system32\drivers\tdpipe.sys

13:20:18.0106 2728  TDPIPE - ok

13:20:18.0121 2728  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\windows\system32\drivers\tdtcp.sys

13:20:18.0137 2728  TDTCP - ok

13:20:18.0152 2728  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\windows\system32\DRIVERS\tdx.sys

13:20:18.0184 2728  tdx - ok

13:20:18.0199 2728  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\windows\system32\DRIVERS\termdd.sys

13:20:18.0215 2728  TermDD - ok

13:20:18.0262 2728  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\windows\System32\termsrv.dll

13:20:18.0308 2728  TermService - ok

13:20:18.0340 2728  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\windows\system32\themeservice.dll

13:20:18.0340 2728  Themes - ok

13:20:18.0355 2728  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\windows\system32\mmcss.dll

13:20:18.0386 2728  THREADORDER - ok

13:20:18.0402 2728  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\windows\System32\trkwks.dll

13:20:18.0449 2728  TrkWks - ok

13:20:18.0496 2728  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe

13:20:18.0542 2728  TrustedInstaller - ok

13:20:18.0574 2728  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\windows\system32\DRIVERS\tssecsrv.sys

13:20:18.0620 2728  tssecsrv - ok

13:20:18.0652 2728  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\windows\system32\drivers\tsusbflt.sys

13:20:18.0667 2728  TsUsbFlt - ok

13:20:18.0667 2728  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD         C:\windows\system32\drivers\TsUsbGD.sys

13:20:18.0667 2728  TsUsbGD - ok

13:20:18.0698 2728  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\windows\system32\DRIVERS\tunnel.sys

13:20:18.0745 2728  tunnel - ok

13:20:18.0761 2728  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\windows\system32\drivers\uagp35.sys

13:20:18.0776 2728  uagp35 - ok

13:20:18.0792 2728  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\windows\system32\DRIVERS\udfs.sys

13:20:18.0839 2728  udfs - ok

13:20:18.0854 2728  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\windows\system32\UI0Detect.exe

13:20:18.0886 2728  UI0Detect - ok

13:20:18.0901 2728  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\windows\system32\drivers\uliagpkx.sys

13:20:18.0901 2728  uliagpkx - ok

13:20:18.0932 2728  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\windows\system32\DRIVERS\umbus.sys

13:20:18.0964 2728  umbus - ok

13:20:18.0979 2728  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\windows\system32\drivers\umpass.sys

13:20:18.0995 2728  UmPass - ok

13:20:19.0073 2728  [ 7E5E1603D0FF2D240AE70295C5C3FEFC ] UNS             C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

13:20:19.0166 2728  UNS - ok

13:20:19.0198 2728  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\windows\System32\upnphost.dll

13:20:19.0244 2728  upnphost - ok

13:20:19.0276 2728  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\windows\system32\DRIVERS\usbccgp.sys

13:20:19.0291 2728  usbccgp - ok

13:20:19.0322 2728  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\windows\system32\drivers\usbcir.sys

13:20:19.0322 2728  usbcir - ok

13:20:19.0354 2728  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\windows\system32\DRIVERS\usbehci.sys

13:20:19.0369 2728  usbehci - ok

13:20:19.0400 2728  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\windows\system32\DRIVERS\usbhub.sys

13:20:19.0432 2728  usbhub - ok

13:20:19.0447 2728  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\windows\system32\drivers\usbohci.sys

13:20:19.0463 2728  usbohci - ok

13:20:19.0494 2728  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\windows\system32\DRIVERS\usbprint.sys

13:20:19.0510 2728  usbprint - ok

13:20:19.0572 2728  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\windows\system32\DRIVERS\usbscan.sys

13:20:19.0572 2728  usbscan - ok

13:20:19.0603 2728  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\windows\system32\DRIVERS\USBSTOR.SYS

13:20:19.0634 2728  USBSTOR - ok

13:20:19.0650 2728  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\windows\system32\drivers\usbuhci.sys

13:20:19.0666 2728  usbuhci - ok

13:20:19.0697 2728  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\windows\system32\Drivers\usbvideo.sys

13:20:19.0712 2728  usbvideo - ok

13:20:19.0775 2728  [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx      C:\windows\system32\drivers\usb8023x.sys

13:20:19.0790 2728  usb_rndisx - ok

13:20:19.0822 2728  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\windows\System32\uxsms.dll

13:20:19.0853 2728  UxSms - ok

13:20:19.0868 2728  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\windows\system32\lsass.exe

13:20:19.0868 2728  VaultSvc - ok

13:20:19.0884 2728  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\windows\system32\drivers\vdrvroot.sys

13:20:19.0900 2728  vdrvroot - ok

13:20:19.0931 2728  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\windows\System32\vds.exe

13:20:19.0978 2728  vds - ok

13:20:19.0993 2728  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\windows\system32\DRIVERS\vgapnp.sys

13:20:20.0009 2728  vga - ok

13:20:20.0009 2728  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\windows\System32\drivers\vga.sys

13:20:20.0056 2728  VgaSave - ok

13:20:20.0071 2728  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\windows\system32\drivers\vhdmp.sys

13:20:20.0087 2728  vhdmp - ok

13:20:20.0087 2728  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\windows\system32\drivers\viaide.sys

13:20:20.0102 2728  viaide - ok

13:20:20.0118 2728  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\windows\system32\drivers\volmgr.sys

13:20:20.0118 2728  volmgr - ok

13:20:20.0149 2728  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\windows\system32\drivers\volmgrx.sys

13:20:20.0165 2728  volmgrx - ok

13:20:20.0180 2728  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\windows\system32\drivers\volsnap.sys

13:20:20.0180 2728  volsnap - ok

13:20:20.0227 2728  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\windows\system32\drivers\vsmraid.sys

13:20:20.0243 2728  vsmraid - ok

13:20:20.0290 2728  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\windows\system32\vssvc.exe

13:20:20.0352 2728  VSS - ok

13:20:20.0368 2728  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\windows\system32\DRIVERS\vwifibus.sys

13:20:20.0383 2728  vwifibus - ok

13:20:20.0399 2728  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\windows\system32\DRIVERS\vwififlt.sys

13:20:20.0430 2728  vwififlt - ok

13:20:20.0461 2728  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\windows\system32\DRIVERS\vwifimp.sys

13:20:20.0492 2728  vwifimp - ok

13:20:20.0524 2728  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\windows\system32\w32time.dll

13:20:20.0555 2728  W32Time - ok

13:20:20.0617 2728  [ B32009DB1972E7F2C227499289C4384A ] W3SVC           C:\windows\system32\inetsrv\iisw3adm.dll

13:20:20.0633 2728  W3SVC - ok

13:20:20.0633 2728  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\windows\system32\drivers\wacompen.sys

13:20:20.0664 2728  WacomPen - ok

13:20:20.0711 2728  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\windows\system32\DRIVERS\wanarp.sys

13:20:20.0742 2728  WANARP - ok

13:20:20.0742 2728  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\windows\system32\DRIVERS\wanarp.sys

13:20:20.0773 2728  Wanarpv6 - ok

13:20:20.0804 2728  [ B32009DB1972E7F2C227499289C4384A ] WAS             C:\windows\system32\inetsrv\iisw3adm.dll

13:20:20.0820 2728  WAS - ok

13:20:20.0867 2728  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\windows\system32\wbengine.exe

13:20:20.0914 2728  wbengine - ok

13:20:20.0929 2728  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\windows\System32\wbiosrvc.dll

13:20:20.0945 2728  WbioSrvc - ok

13:20:20.0960 2728  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\windows\System32\wcncsvc.dll

13:20:20.0992 2728  wcncsvc - ok

13:20:21.0007 2728  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll

13:20:21.0038 2728  WcsPlugInService - ok

13:20:21.0070 2728  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\windows\system32\drivers\wd.sys

13:20:21.0070 2728  Wd - ok

13:20:21.0101 2728  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\windows\system32\drivers\Wdf01000.sys

13:20:21.0116 2728  Wdf01000 - ok

13:20:21.0148 2728  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\windows\system32\wdi.dll

13:20:21.0179 2728  WdiServiceHost - ok

13:20:21.0179 2728  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\windows\system32\wdi.dll

13:20:21.0194 2728  WdiSystemHost - ok

13:20:21.0210 2728  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\windows\System32\webclnt.dll

13:20:21.0241 2728  WebClient - ok

13:20:21.0272 2728  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\windows\system32\wecsvc.dll

13:20:21.0319 2728  Wecsvc - ok

13:20:21.0335 2728  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\windows\System32\wercplsupport.dll

13:20:21.0382 2728  wercplsupport - ok

13:20:21.0413 2728  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\windows\System32\WerSvc.dll

13:20:21.0444 2728  WerSvc - ok

13:20:21.0475 2728  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\windows\system32\DRIVERS\wfplwf.sys

13:20:21.0506 2728  WfpLwf - ok

13:20:21.0553 2728  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\windows\system32\drivers\wimmount.sys

13:20:21.0553 2728  WIMMount - ok

13:20:21.0584 2728  WinDefend - ok

13:20:21.0584 2728  WinHttpAutoProxySvc - ok

13:20:21.0647 2728  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\windows\system32\wbem\WMIsvc.dll

13:20:21.0678 2728  Winmgmt - ok

13:20:21.0725 2728  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\windows\system32\WsmSvc.dll

13:20:21.0787 2728  WinRM - ok

13:20:21.0818 2728  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\windows\system32\DRIVERS\WinUsb.sys

13:20:21.0834 2728  WinUsb - ok

13:20:21.0865 2728  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\windows\System32\wlansvc.dll

13:20:21.0912 2728  Wlansvc - ok

13:20:21.0928 2728  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

13:20:21.0943 2728  wlcrasvc - ok

13:20:22.0052 2728  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

13:20:22.0099 2728  wlidsvc - ok

13:20:22.0115 2728  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\windows\system32\DRIVERS\wmiacpi.sys

13:20:22.0130 2728  WmiAcpi - ok

13:20:22.0162 2728  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\windows\system32\wbem\WmiApSrv.exe

13:20:22.0193 2728  wmiApSrv - ok

13:20:22.0224 2728  WMPNetworkSvc - ok

13:20:22.0240 2728  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\windows\System32\wpcsvc.dll

13:20:22.0255 2728  WPCSvc - ok

13:20:22.0271 2728  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\windows\system32\wpdbusenum.dll

13:20:22.0286 2728  WPDBusEnum - ok

13:20:22.0318 2728  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\windows\system32\drivers\ws2ifsl.sys

13:20:22.0349 2728  ws2ifsl - ok

13:20:22.0380 2728  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\windows\System32\wscsvc.dll

13:20:22.0411 2728  wscsvc - ok

13:20:22.0427 2728  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\windows\system32\DRIVERS\WSDPrint.sys

13:20:22.0442 2728  WSDPrintDevice - ok

13:20:22.0442 2728  WSearch - ok

13:20:22.0474 2728  [ 83575C43B2BFE9AB0661A7F957E843C0 ] wsvd            C:\windows\system32\DRIVERS\wsvd.sys

13:20:22.0489 2728  wsvd - ok

13:20:22.0536 2728  [ C07FFEAB4E6CE0ED2808417D1336063F ] WTGService      C:\Program Files (x86)\Verbindungsassistent\WTGService.exe

13:20:22.0552 2728  WTGService - ok

13:20:22.0630 2728  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\windows\system32\wuaueng.dll

13:20:22.0676 2728  wuauserv - ok

13:20:22.0692 2728  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\windows\system32\drivers\WudfPf.sys

13:20:22.0723 2728  WudfPf - ok

13:20:22.0739 2728  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\windows\system32\DRIVERS\WUDFRd.sys

13:20:22.0786 2728  WUDFRd - ok

13:20:22.0801 2728  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc         C:\windows\System32\WUDFSvc.dll

13:20:22.0832 2728  wudfsvc - ok

13:20:22.0848 2728  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\windows\System32\wwansvc.dll

13:20:22.0879 2728  WwanSvc - ok

13:20:22.0910 2728  ================ Scan global ===============================

13:20:22.0942 2728  [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll

13:20:22.0973 2728  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll

13:20:22.0973 2728  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\windows\system32\winsrv.dll

13:20:23.0004 2728  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll

13:20:23.0020 2728  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe

13:20:23.0035 2728  [Global] - ok

13:20:23.0035 2728  ================ Scan MBR ==================================

13:20:23.0051 2728  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0

13:20:23.0347 2728  \Device\Harddisk0\DR0 - ok

13:20:23.0347 2728  ================ Scan VBR ==================================

13:20:23.0363 2728  [ D37FEA94DC2CBD6EE0147BC23ECB2274 ] \Device\Harddisk0\DR0\Partition1

13:20:23.0363 2728  \Device\Harddisk0\DR0\Partition1 - ok

13:20:23.0378 2728  [ 04915B7E6DEF0D327443C05C5E8818AC ] \Device\Harddisk0\DR0\Partition2

13:20:23.0378 2728  \Device\Harddisk0\DR0\Partition2 - ok

13:20:23.0410 2728  [ 15FD58406257AA30A1DC797A9ED6F57F ] \Device\Harddisk0\DR0\Partition3

13:20:23.0410 2728  \Device\Harddisk0\DR0\Partition3 - ok

13:20:23.0410 2728  ============================================================

13:20:23.0410 2728  Scan finished

13:20:23.0410 2728  ============================================================

13:20:23.0425 2432  Detected object count: 7

13:20:23.0425 2432  Actual detected object count: 7

13:20:37.0668 2432  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user

13:20:37.0668 2432  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

13:20:37.0668 2432  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user

13:20:37.0668 2432  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 

13:20:37.0668 2432  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user

13:20:37.0668 2432  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip 

13:20:37.0684 2432  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

13:20:37.0684 2432  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

13:20:37.0684 2432  PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user

13:20:37.0684 2432  PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

13:20:37.0684 2432  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

13:20:37.0684 2432  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

13:20:37.0684 2432  Solarlogger ( UnsignedFile.Multi.Generic ) - skipped by user

13:20:37.0684 2432  Solarlogger ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hallo Cosinus,

ESET lässt sich im abgesicherten Modus nicht schließen, da man gar nicht auf die Konsole kommt. Bei den Diensten erscheint ESET auch nicht, daher Combofix mit ESET.
Das sieht dann so aus:

[CODE]

Combofix Logfile:

Code:

ComboFix 12-09-30.03 - Ralf 01.10.2012  17:53:56.1.4 - x64 NETWORK

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4010.3293 [GMT 2:00]

ausgeführt von:: c:\users\Ralf\Desktop\ComboFix.exe

AV: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivirus 5.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 * Neuer Wiederherstellungspunkt wurde erstellt

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\gt.exe

c:\windows\s.bat

c:\windows\SysWow64\FlashPlayerInstaller.exe

c:\windows\version.txt

.

.

(((((((((((((((((((((((   Dateien erstellt von 2012-09-01 bis 2012-10-01  ))))))))))))))))))))))))))))))

.

.

2012-10-01 15:58 . 2012-10-01 15:58        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-09-28 15:07 . 2012-09-28 15:07        --------        d-----w-        C:\_OTL

2012-09-26 17:58 . 2012-09-26 17:58        --------        d-----w-        c:\program files (x86)\ESET

2012-09-21 11:09 . 2012-09-26 17:03        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware

2012-09-21 11:09 . 2012-09-07 15:04        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys

2012-09-21 07:08 . 2012-08-30 07:27        9308616        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{E0174621-F3FD-474C-A3F3-CED2562B6C4C}\mpengine.dll

2012-09-17 08:17 . 2012-09-17 08:17        --------        d-----w-        c:\users\Ralf\AppData\Local\Vitalwerks

2012-09-17 08:15 . 2012-09-17 08:15        --------        d-----w-        c:\program files (x86)\No-IP

2012-09-17 07:21 . 2012-09-17 12:16        --------        d-----w-        c:\users\Ralf\SolarAnalyzer

2012-09-12 06:35 . 2012-08-22 18:12        950128        ----a-w-        c:\windows\system32\drivers\ndis.sys

2012-09-12 06:35 . 2012-07-04 20:26        41472        ----a-w-        c:\windows\system32\drivers\rndismpx.sys

2012-09-12 06:35 . 2012-07-04 20:26        41472        ----a-w-        c:\windows\system32\drivers\RNDISMP.sys

2012-09-12 06:35 . 2012-08-22 18:12        1913200        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2012-09-12 06:35 . 2012-08-22 18:12        376688        ----a-w-        c:\windows\system32\drivers\netio.sys

2012-09-12 06:35 . 2012-08-22 18:12        288624        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS

2012-09-12 06:35 . 2012-08-02 17:58        574464        ----a-w-        c:\windows\system32\d3d10level9.dll

2012-09-12 06:35 . 2012-08-02 16:57        490496        ----a-w-        c:\windows\SysWow64\d3d10level9.dll

2012-09-06 12:56 . 2012-09-06 12:56        --------        d-----w-        c:\program files (x86)\Common Files\Java

2012-09-06 12:56 . 2012-09-06 12:56        95208        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-09-06 12:55 . 2012-09-06 12:55        --------        d-----w-        c:\program files (x86)\Java

2012-09-06 07:35 . 2012-09-06 07:35        --------        d-----w-        c:\windows\SysWow64\BestPractices

2012-09-06 07:35 . 2012-09-06 07:35        --------        d-----w-        c:\windows\system32\BestPractices

2012-09-06 07:35 . 2012-09-06 07:35        --------        d-----w-        C:\inetpub

2012-09-06 07:26 . 2012-10-01 14:25        --------        d-----w-        C:\SolarView

2012-09-06 07:26 . 2012-09-06 07:26        --------        d-----w-        C:\web

2012-09-06 07:07 . 2012-09-06 07:21        --------        d-----w-        c:\program files (x86)\SolarView

2012-09-04 15:02 . 2012-09-04 15:03        --------        d-----w-        c:\users\Ralf\Ubuntu

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-09-12 06:36 . 2011-11-04 11:34        64462936        ----a-w-        c:\windows\system32\MRT.exe

2012-09-06 12:55 . 2012-06-05 11:46        821736        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll

2012-09-06 12:55 . 2011-12-11 13:04        746984        ----a-w-        c:\windows\SysWow64\deployJava1.dll

2012-08-24 06:38 . 2012-04-13 05:29        696520        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2012-08-24 06:38 . 2011-11-09 13:53        73416        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-08-23 08:26 . 2012-10-01 16:03        9310152        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{E10A5113-2312-4F84-A121-0416B0094CDB}\mpengine.dll

2012-07-18 18:15 . 2012-08-15 06:22        3148800        ----a-w-        c:\windows\system32\win32k.sys

2012-07-06 20:07 . 2012-08-15 07:49        552960        ----a-w-        c:\windows\system32\drivers\bthport.sys

2012-07-04 22:16 . 2012-08-15 06:22        73216        ----a-w-        c:\windows\system32\netapi32.dll

2012-07-04 22:13 . 2012-08-15 06:22        59392        ----a-w-        c:\windows\system32\browcli.dll

2012-07-04 22:13 . 2012-08-15 06:22        136704        ----a-w-        c:\windows\system32\browser.dll

2012-07-04 21:14 . 2012-08-15 06:22        41984        ----a-w-        c:\windows\SysWow64\browcli.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{E39B98A8-34A7-4D92-A979-920C48814216}]

2010-07-27 07:54        144064        ----a-w-        c:\program files (x86)\Sinfor\SSL\ClientComponent\SSOClientPrj.dll

.

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{FFD2FD1F-C991-4A2F-8557-CDB11E274215}]

2010-07-30 13:48        123656        ----a-w-        c:\program files (x86)\Sinfor\SSL\ClientComponent\SinforBHO.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49        94208        ----a-w-        c:\users\Ralf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49        94208        ----a-w-        c:\users\Ralf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49        94208        ----a-w-        c:\users\Ralf\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer2"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages        REG_MULTI_SZ           kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

R1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [2011-08-24 13408]

R1 EgisTecFF;EgisTecFF;c:\windows\system32\DRIVERS\EgisTecFF.sys [2011-08-24 55880]

R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]

R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2011-08-24 22912]

R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2011-08-24 20328]

R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2011-08-24 62584]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]

R2 EgisTec Service Help;EgisTec Service Help;c:\program files (x86)\EgisTec Port Locker\Egishlpsvc.exe [2010-10-22 327024]

R2 EgisTec Service;EgisTec Service;c:\program files (x86)\EgisTec BioExcess\EgisService.exe [2010-12-13 703856]

R2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2010-12-13 650096]

R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-09-22 974944]

R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]

R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2010-10-31 35952]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 136176]

R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]

R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]

R2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2011-09-15 88576]

R2 SinforSP;SinforSP;c:\program files (x86)\Sinfor\SSL\Promote\SinforPromoteService.exe [2010-04-22 131872]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R2 Solarlogger;Solarlogger;c:\solarview\Datenlogger.exe [2012-07-31 499712]

R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-20 2656280]

R2 WTGService;WTGService;c:\program files (x86)\Verbindungsassistent\WTGService.exe [2011-12-09 329168]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-24 250568]

R3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys [2011-02-15 349736]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-15 39464]

R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-12-24 31088]

R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-03-19 276248]

R3 ewsercd;Huawei DataCard USB Serial Port;c:\windows\system32\DRIVERS\ewsercd.sys [2011-12-07 112896]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 136176]

R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]

R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]

R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2011-12-07 116224]

R3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-14 114144]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys [2010-12-23 3293272]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

R3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [2011-08-24 57952]

S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys [2011-08-24 39008]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]

S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2011-08-24 29792]

S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]

S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-11-30 307304]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

S3 SinforVnic;SINFOR SSL VPN CS Support System VNIC;c:\windows\system32\DRIVERS\SinforVnic.sys [2010-09-03 36960]

S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]

.

.

--- Andere Dienste/Treiber im Speicher ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

hpdevmgmt        REG_MULTI_SZ           hpqcxs08 hpqddsvc

iissvcs        REG_MULTI_SZ           w3svc was

apphost        REG_MULTI_SZ           apphostsvc

.

Inhalt des "geplante Tasks" Ordners

.

2012-09-21 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-13 06:38]

.

2012-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 23:17]

.

2012-09-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-24 23:17]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49        97792        ----a-w-        c:\users\Ralf\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49        97792        ----a-w-        c:\users\Ralf\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49        97792        ----a-w-        c:\users\Ralf\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-01-18 18:49        97792        ----a-w-        c:\users\Ralf\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-04 11772520]

"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-08-24 114688]

"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-09-22 4035152]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-19 170264]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-19 398616]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-19 439064]

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN

uLocal Page = c:\windows\system32\blank.htm

mStart Page = hxxp://lenovo.msn.com

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Bild an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html

IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Seite an &Bluetooth-Gerät senden... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm

LSP: c:\program files (x86)\Sinfor\SSL\ClientComponent\ProxyIE.dll

TCP: DhcpNameServer = 192.168.2.1

TCP: Interfaces\{1C05B036-0675-4CAB-9F73-592CD87989AE}: NameServer = 192.168.2.1

TCP: Interfaces\{1C05B036-0675-4CAB-9F73-592CD87989AE}\343555E4: NameServer = 192.168.2.1

TCP: Interfaces\{1C05B036-0675-4CAB-9F73-592CD87989AE}\3544747457563747: NameServer = 192.168.2.1

TCP: Interfaces\{1C05B036-0675-4CAB-9F73-592CD87989AE}\77F6D656E6: NameServer = 192.168.2.1

TCP: Interfaces\{1C05B036-0675-4CAB-9F73-592CD87989AE}\94E4455425E45445: NameServer = 192.168.2.1

TCP: Interfaces\{C36D3CF8-62DE-4341-9A03-C3258837C8B8}: NameServer = 202.102.24.35,218.2.135.1

DPF: {250587D2-6704-4479-8718-3C7E163B4216} - hxxps://222.190.124.165:6443/com/CSClientManagerPrj.CAB

FF - ProfilePath - c:\users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\51entowq.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ig

FF - prefs.js: network.proxy.type - 0

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

Wow6432Node-HKLM-RunOnce-Malwarebytes Anti-Malware (cleanup) - c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]

@Denied: (A 2) (Everyone)

@="IFlashBroker3"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2012-10-01  18:06:40 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2012-10-01 16:06

.

Vor Suchlauf: 13 Verzeichnis(se), 106.672.181.248 Bytes frei

Nach Suchlauf: 18 Verzeichnis(se), 106.330.537.984 Bytes frei

.

- - End Of File - - AF5F1CCCF69896747162C87943B66490

--- --- ---

Funktioniert der normale Modus wieder?

Leider nein.
Die Maschine fährt zur Abfrage des Benutzerpasswortes hoch, nach dessen Eingabe bekomme ich jetzt allerdings keinen blauen Lenovo-Bildschirm mehr sondern einen mit dem Zeichen von ESET NOD Antivirus 5.
Dann allerdings hängt er sich wieder hin.

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Hallo Cosinus,

hier die Logfiles

GMER Logfile:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-10-02 17:23:29

Windows 6.1.7601 Service Pack 1 

Running: 5logimck.exe
 
 

---- Registry - GMER 1.0.15 ----
 

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fc1a13                      

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\3859f9cc954b                      

Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fc1a13 (not active ControlSet)  

Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\3859f9cc954b (not active ControlSet)  
 

---- EOF - GMER 1.0.15 --

--- --- ---

OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 17:32:09 on 02.10.2012
 

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit

Default Browser: Google Inc. Google Chrome 21.0.1180.89
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 

[Control Panel Objects]

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----

"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\MLCFG32.CPL
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"BPntDrv" (BPntDrv) - "Lenovo" - C:\windows\System32\drivers\BPntDrv.sys

"btwampfl" (BTWAMPFL) - "Broadcom Corporation." - C:\windows\System32\DRIVERS\btwampfl.sys

"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)

"fbfmon" (fbfmon) - "Lenovo" - C:\windows\System32\drivers\fbfmon.sys

"LHDmgr" (LHDmgr) - "Lenovo." - C:\windows\System32\DRIVERS\LhdX64.sys

"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\windows\system32\drivers\mbam.sys

"SINFOR SSL VPN CS Support System VNIC" (SinforVnic) - "SINFOR, Corp. CHINA" - C:\windows\System32\DRIVERS\SinforVnic.sys
 

[Explorer]

-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Filter )-----

{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

-----( HKLM\Software\Classes\Protocols\Handler )-----

{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll

{4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} "QVPPlugProt Class" - "QlikTech AB" - C:\Program Files (x86)\QlikView\QvProtocol\qvp.dll

{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files (x86)\7-Zip\7-zip.dll

{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL

{B089FE88-FB52-11D3-BDF1-0050DA34150D} "ESET Smart Security - Context Menu Shell Extension" - "ESET" - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\shellExt.dll

{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL

{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll

{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll

{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL

{00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\MLSHEXT.DLL

{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL

{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -   (File not found | COM-object registry key not found)

{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll

{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -   (File not found | COM-object registry key not found)

{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )-----

{E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? -   (File not found | COM-object registry key not found)
 

[Internet Explorer]

-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

ITBar7Height64 "ITBar7Height64" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout64" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{250587D2-6704-4479-8718-3C7E163B4216} "CSClientManager Class" - ? - C:\Windows\Downloaded Program Files\CSClientManagerPrj.dll / https://222.190.124.165:6443/com/CSClientManagerPrj.CAB

{CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.7.0_05" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.7.2" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----

{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

"Senden an Bluetooth" - ? - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} "EgisPBIE Class" - "Egis Technology Inc." - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll

{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

{FFD2FD1F-C991-4A2F-8557-CDB11E274215} "SinforIEBHO Class" - ? - C:\Program Files (x86)\Sinfor\SSL\ClientComponent\SinforBHO.dll

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

{E39B98A8-34A7-4D92-A979-920C48814216} "SSOClientBHO Class" - ? - C:\Program Files (x86)\Sinfor\SSL\ClientComponent\SSOClientPrj.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
 

[LSA Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----

"Security Packages" - "Microsoft Corp." - C:\windows\system32\livessp.dll
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)

"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)

"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe

"EgisTec Service" (EgisTec Service) - "Egis Technology Inc. " - C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe

"EgisTec Service Help" (EgisTec Service Help) - "Egis Technology Inc. " - C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe

"EgisTec Ticket Service" (EgisTec Ticket Service) - "Egis Technology Inc. " - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe

"ESET Service" (ekrn) - "ESET" - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe

"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll

"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL

"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll

"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

"Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

"Internet Pass-Through Service" (PassThru Service) - ? - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe

"MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll

"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll

"SinforSP" (SinforSP) - ? - C:\Program Files (x86)\Sinfor\SSL\Promote\SinforPromoteService.exe

"Skype C2C Service" (Skype C2C Service) - "Skype Technologies S.A." - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe

"Solarlogger" (Solarlogger) - "Manfred Richter" - c:\SolarView\Datenlogger.exe

"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

"WTGService" (WTGService) - ? - C:\Program Files (x86)\Verbindungsassistent\WTGService.exe  (File found, but it contains no detailed information)
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"Sangfor SSL Name Space Provider" - "Sangfor" - C:\Program Files (x86)\Sinfor\SSL\ClientComponent\ClientNSPPrj.dll

"Sangfor SSL Name Space Provider" - "Sangfor" - C:\Program Files (x86)\Sinfor\SSL\ClientComponent\ClientNSPPrj.dll

"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----

"SinforLSP" - "SINFORS" - C:\Program Files (x86)\Sinfor\SSL\ClientComponent\ProxyIE.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---

und aswMBR:

Code:

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-10-02 17:44:13

-----------------------------

17:44:13.236    OS Version: Windows x64 6.1.7601 Service Pack 1

17:44:13.236    Number of processors: 4 586 0x2A07

17:44:13.236    ComputerName: RALF-PC  UserName: Ralf

17:44:14.156    Initialize success

17:44:20.459    AVAST engine defs: 12100200

17:44:30.178    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1

17:44:30.178    Disk 0 Vendor: HITACHI_ JE3Z Size: 476940MB BusType: 3

17:44:30.209    Disk 0 MBR read successfully

17:44:30.209    Disk 0 MBR scan

17:44:30.224    Disk 0 Windows 7 default MBR code

17:44:30.224    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          200 MB offset 2048

17:44:30.224    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       431938 MB offset 411648

17:44:30.240    Disk 0 Partition - 00     0F Extended LBA             29692 MB offset 885020672

17:44:30.256    Disk 0 Partition 3 00     12  Compaq diag NTFS        15109 MB offset 945829888

17:44:30.287    Disk 0 Partition 4 00     07    HPFS/NTFS NTFS        29691 MB offset 885022720

17:44:30.334    Disk 0 scanning C:\windows\system32\drivers

17:44:38.461    Service scanning

17:45:04.420    Modules scanning

17:45:04.420    Disk 0 trace - called modules:

17:45:04.451    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 

17:45:04.451    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800555d060]

17:45:04.466    3 CLASSPNP.SYS[fffff88001a6b43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800471b050]

17:45:04.466    Scan finished successfully

17:46:37.162    Disk 0 MBR has been saved successfully to "C:\Users\Ralf\Desktop\MBR.dat"

17:46:37.177    The log file has been saved successfully to "C:\Users\Ralf\Desktop\aswMBR.txt"

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Hier die beiden Log-files:

Malwarebytes:

Code:

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.10.03.07
 

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)

Internet Explorer 9.0.8112.16421

Ralf :: RALF-PC [Administrator]
 

03.10.2012 18:14:33

mbam-log-2012-10-03 (18-14-33).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 374007

Laufzeit: 42 Minute(n), 
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

SuperAntiSpyware:

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 10/03/2012 at 09:44 PM
 

Application Version : 5.5.1022
 

Core Rules Database Version : 9333

Trace Rules Database Version: 7145
 

Scan type       : Complete Scan

Total Scan Time : 02:39:48
 

Operating System Information

Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)

UAC Off - Administrator
 

Memory items scanned      : 408

Memory threats detected   : 0

Registry items scanned    : 67401

Registry threats detected : 0

File items scanned        : 177400

File threats detected     : 38
 

Adware.Tracking Cookie

        C:\USERS\RALF\AppData\Roaming\Microsoft\Windows\Cookies\Low\CSUERBH2.txt [ Cookie:ralf@specificclick.net/ ]

        C:\USERS\RALF\AppData\Roaming\Microsoft\Windows\Cookies\Low\IWN0YILP.txt [ Cookie:ralf@doubleclick.net/ ]

        .doubleclick.net [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .invitemedia.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        ad.yieldmanager.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .invitemedia.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .invitemedia.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .invitemedia.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .stats.paypal.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .apmebf.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .mediaplex.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .mediaplex.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .www.beamer-discount.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        statse.webtrendslive.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .generaltracking.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .generaltracking.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .generaltracking.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .generaltracking.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        mediathek.daserste.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        www.ardmediathek.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .solvemedia.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .solvemedia.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .solvemedia.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        pulse-analytics-beacon.reutersmedia.net [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        traffic.brand-wall.net [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        ad.zanox.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        tracking.mobile.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        accounts.google.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        accounts.youtube.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .account.dyn.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .generaltracking.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        ad.zanox.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        tracker.softgarden.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .tracker.vinsight.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .imrworldwide.com [ C:\USERS\RALF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\51ENTOWQ.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\RALF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\51ENTOWQ.DEFAULT\COOKIES.SQLITE ]

        mediathek.daserste.de [ C:\USERS\RALF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\51ENTOWQ.DEFAULT\COOKIES.SQLITE ]

        statse.webtrendslive.com [ C:\USERS\RALF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\51ENTOWQ.DEFAULT\COOKIES.SQLITE ]

p.s.: Der normale Modus unter Windows geht immer noch nicht wieder - nach dem Benutzerpasswort hängt er sich immer noch hin...

Sieht aber eigentlich soweit alles ok aus, nur Cookies wurden gefunden

Kannst du mal im abgesicherten Modus mit Netzwerktreibern einen neuen Windows-Benutzer anlegen und versuchen dich damit im normalen Modus einzuloggen? Vllt klappt das ja

Das klappt leider auch nicht.
Der User ist angelegt, ich habe im normalen Startvorgang den neuen User gewählt. Dann kam die Meldung, dass der Desktop vorbereitet wird und danach landen wir wieder im Nirvana...

Allerdings habe ich auch noch nichts gelöscht oder in Quarantäne verschoben, oder habe ich das verpasst?

Natürlich haben wir die Schädlinge hier in entfernt, ob die komplett entfernt sind oder eine Sicherheitskopie davon in der Q bleibt spielt doch in dem Zusammenhang keine Rolle

Ob die Schädlinge komplett weg sind oder in der Q - das System ist bereinigt und die Schädlinge nicht aktiv (jedenfalls das was wir erkannt haben)
Der Unterschied bei der Q ist, dass man notfalls nochmal in die Elemente in der Q rankommt, wenn sie komplett weg geht das logischweise nicht mehr, und genau deswegen gibt es bei allen Virenscannern eine Q!

Warum der normale Modus bei dir immer noch nicht will weiß ich so nicht, evtl. sehen wir mit einem neuen OTL-Log etwas:

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hier der Scan:

OTL Logfile:

Code:

OTL logfile created on: 04.10.2012 12:19:17 - Run 3

OTL by OldTimer - Version 3.2.70.2     Folder = C:\Users\Ralf\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,92 Gb Total Physical Memory | 3,30 Gb Available Physical Memory | 84,25% Memory free

7,83 Gb Paging File | 7,24 Gb Available in Paging File | 92,47% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 421,81 Gb Total Space | 98,56 Gb Free Space | 23,36% Space Free | Partition Type: NTFS

Drive D: | 29,00 Gb Total Space | 26,87 Gb Free Space | 92,66% Space Free | Partition Type: NTFS

 

Computer Name: RALF-PC | User Name: Ralf | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2012.10.04 12:16:29 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Ralf\Desktop\OTL.exe

 

 
 ========== Modules (No Company Name) ==========

 

 
 ========== Services (SafeList) ==========

 

SRV - [2012.09.14 09:11:58 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)

SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)

SRV - [2012.08.24 08:38:51 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012.08.13 13:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)

SRV - [2012.07.31 12:18:24 | 000,499,712 | ---- | M] (Manfred Richter) [Auto | Stopped] -- c:\SolarView\Datenlogger.exe -- (Solarlogger)

SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2012.07.11 20:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Programme\SUPERAntiSpyware\SASCore64.exe -- (!SASCORE)

SRV - [2012.03.19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2011.12.09 11:55:27 | 000,329,168 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Verbindungsassistent\WTGService.exe -- (WTGService)

SRV - [2011.09.22 13:03:30 | 000,974,944 | ---- | M] (ESET) [Auto | Stopped] -- C:\Programme\ESET\ESET NOD32 Antivirus\x86\ekrn.exe -- (ekrn)

SRV - [2011.09.15 13:06:04 | 000,088,576 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)

SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)

SRV - [2011.02.15 14:26:42 | 000,956,192 | ---- | M] (Broadcom Corporation.) [Auto | Stopped] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins)

SRV - [2010.12.20 12:30:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2010.12.20 12:30:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2010.12.14 01:59:28 | 000,703,856 | ---- | M] (Egis Technology Inc. ) [Auto | Stopped] -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe -- (EgisTec Service)

SRV - [2010.12.14 01:58:32 | 000,650,096 | ---- | M] (Egis Technology Inc. ) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)

SRV - [2010.11.21 05:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)

SRV - [2010.11.21 05:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)

SRV - [2010.11.21 05:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)

SRV - [2010.10.22 16:37:24 | 000,327,024 | ---- | M] (Egis Technology Inc. ) [Auto | Stopped] -- C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe -- (EgisTec Service Help)

SRV - [2010.10.22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)

SRV - [2010.09.22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)

SRV - [2010.04.22 12:55:16 | 000,131,872 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Sinfor\SSL\Promote\SinforPromoteService.exe -- (SinforSP)

SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)

DRV:64bit: - [2012.03.19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2011.12.07 07:52:43 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard)

DRV:64bit: - [2011.12.07 07:52:43 | 000,116,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake)

DRV:64bit: - [2011.12.07 07:52:43 | 000,112,896 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewsercd.sys -- (ewsercd)

DRV:64bit: - [2011.08.25 01:21:55 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon)

DRV:64bit: - [2011.08.25 01:21:55 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv)

DRV:64bit: - [2011.08.25 01:20:01 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr)

DRV:64bit: - [2011.08.25 01:19:59 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)

DRV:64bit: - [2011.08.25 01:11:21 | 000,055,880 | ---- | M] (Egis Technology Inc.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\EgisTecFF.sys -- (EgisTecFF)

DRV:64bit: - [2011.08.25 01:06:37 | 000,062,584 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)

DRV:64bit: - [2011.08.25 01:06:37 | 000,022,912 | ---- | M] (Egis Technology Inc.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)

DRV:64bit: - [2011.08.25 01:06:37 | 000,020,328 | ---- | M] (Egis Technology Inc.) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)

DRV:64bit: - [2011.08.17 01:32:58 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.08.17 01:32:58 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2011.08.09 15:24:52 | 000,202,576 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\Windows\SysNative\drivers\eamonm.sys -- (eamonm)

DRV:64bit: - [2011.08.04 10:20:38 | 000,146,432 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\ehdrv.sys -- (ehdrv)

DRV:64bit: - [2011.08.04 10:20:38 | 000,137,144 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\epfwwfpr.sys -- (epfwwfpr)

DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011.02.18 10:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2011.02.15 08:45:16 | 000,349,736 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL)

DRV:64bit: - [2011.02.15 08:45:12 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)

DRV:64bit: - [2011.02.15 08:45:12 | 000,107,560 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)

DRV:64bit: - [2011.02.15 08:45:12 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)

DRV:64bit: - [2011.02.15 08:45:12 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)

DRV:64bit: - [2010.12.24 13:19:56 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd)

DRV:64bit: - [2010.12.23 18:45:58 | 003,293,272 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\S6000KNT.sys -- (S6000KNT)

DRV:64bit: - [2010.12.22 14:19:58 | 001,407,024 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)

DRV:64bit: - [2010.11.30 08:40:04 | 000,307,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR)

DRV:64bit: - [2010.11.24 13:33:26 | 002,673,664 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)

DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2010.10.31 12:36:56 | 000,035,952 | ---- | M] (Egis Technology Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor)

DRV:64bit: - [2010.10.19 10:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2010.10.14 19:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2010.09.03 05:18:44 | 000,036,960 | ---- | M] (SINFOR, Corp. CHINA) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SinforVnic.sys -- (SinforVnic)

DRV:64bit: - [2010.06.25 17:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)

DRV:64bit: - [2009.11.02 19:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)

DRV:64bit: - [2009.07.21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV - [2011.12.07 07:52:43 | 000,116,224 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbfake.sys -- (hwusbfake)

DRV - [2011.12.07 07:52:43 | 000,112,896 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewsercd.sys -- (ewsercd)

DRV - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)

DRV - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

DRV - [2008.12.13 12:28:20 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\ewusbmdm.sys -- (hwdatacard)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

 

IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

 

IE - HKU\S-1-5-21-2371013698-2949519152-906224175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN

IE - HKU\S-1-5-21-2371013698-2949519152-906224175-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}

IE - HKU\S-1-5-21-2371013698-2949519152-906224175-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox

IE - HKU\S-1-5-21-2371013698-2949519152-906224175-1000\..\SearchScopes\{3FA0375E-328E-44C5-BF75-28AFB6945384}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}

IE - HKU\S-1-5-21-2371013698-2949519152-906224175-1000\..\SearchScopes\{450A680C-409F-419C-BFB1-992E21D231A2}: "URL" = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}

IE - HKU\S-1-5-21-2371013698-2949519152-906224175-1000\..\SearchScopes\{6614839A-9ABA-46E6-B7DE-E2C000B2B1C7}: "URL" = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie

IE - HKU\S-1-5-21-2371013698-2949519152-906224175-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7LENN

IE - HKU\S-1-5-21-2371013698-2949519152-906224175-1000\..\SearchScopes\{C66CDB43-D087-4F09-9C72-8167D4856825}: "URL" = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}

IE - HKU\S-1-5-21-2371013698-2949519152-906224175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig"

FF - prefs.js..extensions.enabledAddons: adblockpopups@jessehakanen.net:0.4

FF - prefs.js..extensions.enabledAddons: isreaditlater@ideashower.com:3.0.0

FF - prefs.js..extensions.enabledAddons: {0b457cAA-602d-484a-8fe7-c1d894a011ba}:0.98.16

FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68

FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.1

FF - prefs.js..extensions.enabledAddons: autopager@mozilla.org:0.7.2.0

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\PROGRAM FILES\ESET\ESET NOD32 ANTIVIRUS\MOZILLA THUNDERBIRD [2011.11.04 11:00:16 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}: C:\Program Files (x86)\EgisTec BioExcess\FFExt [2011.08.25 01:06:18 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.02.24 15:36:23 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.14 09:11:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.11.04 11:00:16 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.02.24 15:36:23 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.14 09:11:58 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

 

[2012.07.03 10:00:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\Extensions

[2012.10.02 09:39:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\Firefox\Profiles\51entowq.default\extensions

[2012.09.04 10:36:02 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Ralf\AppData\Roaming\mozilla\Firefox\Profiles\51entowq.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}

[2012.09.19 09:57:35 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Ralf\AppData\Roaming\mozilla\Firefox\Profiles\51entowq.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}

[2012.07.06 16:40:17 | 000,109,964 | ---- | M] () (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\firefox\profiles\51entowq.default\extensions\adblockpopups@jessehakanen.net.xpi

[2012.10.02 09:39:23 | 000,344,774 | ---- | M] () (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\firefox\profiles\51entowq.default\extensions\autopager@mozilla.org.xpi

[2012.07.23 12:22:22 | 000,223,394 | ---- | M] () (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\firefox\profiles\51entowq.default\extensions\isreaditlater@ideashower.com.xpi

[2012.08.08 11:18:11 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\firefox\profiles\51entowq.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

[2012.01.27 11:09:58 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Ralf\AppData\Roaming\mozilla\firefox\profiles\51entowq.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi

[2012.09.14 09:11:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012.09.14 09:11:54 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}

[2012.09.14 09:11:58 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.08.29 18:02:38 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.09.04 10:41:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.08.29 18:02:38 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.08.29 18:02:38 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.08.29 18:02:38 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.08.29 18:02:38 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 
 ========== Chrome  ==========

 

CHR - homepage: hxxp://www.google.de/ig

CHR - default_search_provider: Google (Enabled)

CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}

CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}

CHR - homepage: hxxp://www.google.de/ig

CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer

CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll

CHR - plugin: Chrome PDF Viewer (Disabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll

CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll

CHR - plugin: Shockwave Flash (Enabled) = C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll

CHR - plugin: Screen Capture Plugin (Enabled) = C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.6_0\plugins/screen_capture.dll

CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

CHR - plugin: Java(TM) Platform SE 7 U4 (Enabled) = C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

CHR - plugin: Java Deployment Toolkit 7.0.40.255 (Enabled) = C:\windows\SysWOW64\npDeployJava1.dll

CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

CHR - Extension: Awesome Screenshot: Capture & Annotate = C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\alelhddbbhepgpmgidjdcjakblofbmce\3.3.7_0\

CHR - Extension: Cookie Killer for Facebook = C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgonpegbhnjepleakgjdbaepkfedhhnf\1.2_0\

CHR - Extension: YouTube = C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\

CHR - Extension: Adblock Plus (Beta) = C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.2_0\

CHR - Extension: Google-Suche = C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\

CHR - Extension: Privatsph\u00E4re Gef\u00E4llt mir. = C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\eaamfbchnmobpdgmbefhbfbkncclnbga\1.1.1_0\

CHR - Extension: Ghostery = C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij\4.0.0_0\

CHR - Extension: AutoPager Chrome = C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgagnmbebdebebbcleklifnobamjonh\0.7.1.4_0\

CHR - Extension: Google Mail = C:\Users\Ralf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

 

O1 HOSTS File: ([2012.10.01 18:02:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2:64bit: - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\x64\EgisPBIE.dll (Egis Technology Inc.)

O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)

O2 - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

O2 - BHO: (SSOClientBHO Class) - {E39B98A8-34A7-4D92-A979-920C48814216} - C:\Program Files (x86)\Sinfor\SSL\ClientComponent\SSOClientPrj.dll ()

O2 - BHO: (SinforIEBHO Class) - {FFD2FD1F-C991-4A2F-8557-CDB11E274215} - C:\Program Files (x86)\Sinfor\SSL\ClientComponent\SinforBHO.dll ()

O3:64bit: - HKLM\..\Toolbar: (FireShot) - {6E6E744E-4D20-4ce3-9A7A-26DFFFE22F68} - C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\51entowq.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fsaddin64-0.94.dll File not found

O4:64bit: - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKU\S-1-5-21-2371013698-2949519152-906224175-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)

O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2371013698-2949519152-906224175-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-2371013698-2949519152-906224175-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()

O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found

O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html File not found

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm ()

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Program Files (x86)\Sinfor\SSL\ClientComponent\ClientNSPPrj.dll (Sangfor)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000011 [] - C:\Program Files (x86)\Sinfor\SSL\ClientComponent\ClientNSPPrj.dll (Sangfor)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Sinfor\SSL\ClientComponent\ProxyIE.dll (SINFORS)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Sinfor\SSL\ClientComponent\ProxyIE.dll (SINFORS)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Sinfor\SSL\ClientComponent\ProxyIE.dll (SINFORS)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Sinfor\SSL\ClientComponent\ProxyIE.dll (SINFORS)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Sinfor\SSL\ClientComponent\ProxyIE.dll (SINFORS)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Program Files (x86)\Sinfor\SSL\ClientComponent\ProxyIE.dll (SINFORS)

O13 - gopher Prefix: missing

O16:64bit: - DPF: {D05678D4-B66E-4269-A556-18E7B1FF7E7A} https://222.190.124.165:6443/com/Deal64SysPrj.CAB (Deal64Sys Class)

O16 - DPF: {250587D2-6704-4479-8718-3C7E163B4216} https://222.190.124.165:6443/com/CSClientManagerPrj.CAB (CSClientManager Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Reg Error: Value error.)

O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.7.2)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0D0C5E4D-7469-4AC8-BA37-8382648B68B6}: DhcpNameServer = 192.168.42.129

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C05B036-0675-4CAB-9F73-592CD87989AE}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1C05B036-0675-4CAB-9F73-592CD87989AE}: NameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C36D3CF8-62DE-4341-9A03-C3258837C8B8}: DhcpNameServer = 192.168.44.1 192.168.44.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C36D3CF8-62DE-4341-9A03-C3258837C8B8}: NameServer = 202.102.24.35,218.2.135.1

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\qvp {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Programme\QlikView\QvProtocol\qvp.dll (QlikTech AB)

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\qvp {4BA78E3D-CA25-4BFF-B8F0-8A3359E4B520} - C:\Program Files (x86)\QlikView\QvProtocol\qvp.dll (QlikTech AB)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

 

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\Programme\Lenovo\Bluetooth Software\BTTray.exe - (Broadcom Corporation.)

MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\PROGRA~2\HP\DIGITA~1\bin\hpqtra08.exe - (Hewlett-Packard Co.)

MsConfig:64bit - StartUpFolder: C:^Users^Ralf^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk - C:\Users\Ralf\AppData\Roaming\Dropbox\bin\Dropbox.exe - (Dropbox, Inc.)

MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig:64bit - StartUpReg: EgisTecPMMUpdate - hkey= - key= - C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)

MsConfig:64bit - StartUpReg: EgisUpdate - hkey= - key= - C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)

MsConfig:64bit - StartUpReg: Energy Management - hkey= - key= - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited)

MsConfig:64bit - StartUpReg: EnergyUtility - hkey= - key= - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited)

MsConfig:64bit - StartUpReg: HP Software Update - hkey= - key= - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe (Hewlett-Packard)

MsConfig:64bit - StartUpReg: HTC Sync Loader - hkey= - key= - C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()

MsConfig:64bit - StartUpReg: Malwarebytes Anti-Malware - hkey= - key= - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

MsConfig:64bit - StartUpReg: msnmsgr - hkey= - key= - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)

MsConfig:64bit - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)

MsConfig:64bit - StartUpReg: PLTSR - hkey= - key= - C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe (Egis Technology Inc. )

MsConfig:64bit - StartUpReg: Report - hkey= - key= - C:\AdwCleaner[S1].txt ()

MsConfig:64bit - StartUpReg: S6000Mnt - hkey= - key= -  File not found

MsConfig:64bit - StartUpReg: Spotify - hkey= - key= - C:\Users\Ralf\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)

MsConfig:64bit - StartUpReg: Spotify Web Helper - hkey= - key= - C:\Users\Ralf\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()

MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig:64bit - StartUpReg: UpdateP2GShortCut - hkey= - key= - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

MsConfig:64bit - StartUpReg: UpdatePRCShortCut - hkey= - key= - C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

MsConfig:64bit - StartUpReg: VitaKeyTSR - hkey= - key= - C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. )

MsConfig:64bit - StartUpReg: YouCam Mirage - hkey= - key= - C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink)

MsConfig:64bit - StartUpReg: YouCam Tray - hkey= - key= - C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.)

MsConfig:64bit - State: "startup" - Reg Error: Unable to open variant key

 

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: MCODS - Reg Error: Value error.

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: MCODS - Reg Error: Value error.

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: MCODS - Reg Error: Value error.

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: !SASCORE - C:\Programme\SUPERAntiSpyware\SASCore64.exe (SUPERAntiSpyware.com)

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: MCODS - Reg Error: Value error.

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.clmp3enc - C:\PROGRA~2\Lenovo\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Unable to start System Restore Service. Error code 1084

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.10.04 12:16:26 | 000,601,088 | ---- | C] (OldTimer Tools) -- C:\Users\Ralf\Desktop\OTL.exe

[2012.10.03 19:01:15 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Roaming\SUPERAntiSpyware.com

[2012.10.03 19:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware

[2012.10.03 19:00:48 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012.10.03 19:00:48 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware

[2012.10.02 17:34:32 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Ralf\Desktop\aswMBR.exe

[2012.10.01 18:02:53 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN

[2012.10.01 16:30:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe

[2012.10.01 16:30:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe

[2012.10.01 16:30:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe

[2012.10.01 16:29:56 | 000,000,000 | ---D | C] -- C:\Qoobox

[2012.10.01 16:29:36 | 000,000,000 | ---D | C] -- C:\windows\erdnt

[2012.10.01 13:52:29 | 004,759,381 | R--- | C] (Swearware) -- C:\Users\Ralf\Desktop\ComboFix.exe

[2012.10.01 13:09:52 | 002,212,440 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Ralf\Desktop\tdsskiller.exe

[2012.09.28 17:07:30 | 000,000,000 | ---D | C] -- C:\_OTL

[2012.09.26 19:58:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012.09.21 13:09:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012.09.21 13:09:57 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

[2012.09.21 13:09:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012.09.17 10:17:50 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Local\Vitalwerks

[2012.09.17 10:15:43 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\No-IP DUC

[2012.09.17 10:15:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\No-IP

[2012.09.17 09:21:35 | 000,000,000 | ---D | C] -- C:\Users\Ralf\SolarAnalyzer

[2012.09.17 09:21:34 | 000,000,000 | ---D | C] -- C:\Users\Ralf\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SolarAnalyzer

[2012.09.14 15:19:46 | 000,000,000 | ---D | C] -- C:\Users\Ralf\Desktop\Tech_Sand

[2012.09.14 09:11:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2012.09.06 14:56:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012.09.06 14:55:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2012.09.06 09:35:48 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\BestPractices

[2012.09.06 09:35:45 | 000,000,000 | ---D | C] -- C:\windows\SysNative\BestPractices

[2012.09.06 09:35:42 | 000,000,000 | ---D | C] -- C:\inetpub

[2012.09.06 09:26:23 | 000,000,000 | ---D | C] -- C:\web

[2012.09.06 09:26:23 | 000,000,000 | ---D | C] -- C:\SolarView

[2012.09.06 09:07:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SolarView

[2012.09.04 17:02:11 | 000,000,000 | ---D | C] -- C:\Users\Ralf\Ubuntu

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.10.04 12:16:29 | 000,601,088 | ---- | M] (OldTimer Tools) -- C:\Users\Ralf\Desktop\OTL.exe

[2012.10.04 09:30:38 | 001,605,974 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI

[2012.10.04 09:30:38 | 000,700,420 | ---- | M] () -- C:\windows\SysNative\perfh007.dat

[2012.10.04 09:30:38 | 000,652,258 | ---- | M] () -- C:\windows\SysNative\perfh009.dat

[2012.10.04 09:30:38 | 000,142,840 | ---- | M] () -- C:\windows\SysNative\perfc007.dat

[2012.10.04 09:30:38 | 000,117,186 | ---- | M] () -- C:\windows\SysNative\perfc009.dat

[2012.10.04 09:27:15 | 000,114,811 | ---- | M] () -- C:\windows\SysNative\fastboot.set

[2012.10.04 09:26:17 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012.10.04 09:26:05 | 3153,727,488 | -HS- | M] () -- C:\hiberfil.sys

[2012.10.04 09:18:26 | 000,001,120 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.10.03 19:01:21 | 000,000,508 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task f9ddf2d6-88ac-4ad1-b721-748df03a8e01.job

[2012.10.03 19:01:21 | 000,000,508 | ---- | M] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task f9d4acf6-52e2-4c2f-9a46-871b9d4df853.job

[2012.10.03 19:00:53 | 000,001,808 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012.10.03 18:12:59 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.10.02 17:46:37 | 000,000,512 | ---- | M] () -- C:\Users\Ralf\Desktop\MBR.dat

[2012.10.02 17:34:43 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Ralf\Desktop\aswMBR.exe

[2012.10.02 17:25:05 | 004,272,474 | ---- | M] () -- C:\Users\Ralf\Desktop\osam_autorun_manager_5_0_portable.rar

[2012.10.02 17:03:22 | 000,302,592 | ---- | M] () -- C:\Users\Ralf\Desktop\5logimck.exe

[2012.10.01 18:02:42 | 000,000,027 | ---- | M] () -- C:\windows\SysNative\drivers\etc\hosts

[2012.10.01 13:52:37 | 004,759,381 | R--- | M] (Swearware) -- C:\Users\Ralf\Desktop\ComboFix.exe

[2012.10.01 13:51:35 | 001,118,419 | ---- | M] () -- C:\Users\Ralf\Desktop\Kurzexposé Bad Freienwalde (1).pdf

[2012.10.01 13:10:02 | 002,212,440 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Ralf\Desktop\tdsskiller.exe

[2012.09.27 18:25:09 | 000,513,501 | ---- | M] () -- C:\Users\Ralf\Desktop\adwcleaner.exe

[2012.09.24 07:16:54 | 001,626,384 | ---- | M] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2012.09.21 17:20:00 | 000,001,124 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.09.21 17:00:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012.09.21 09:01:29 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.09.21 09:01:29 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.09.17 17:04:22 | 000,055,868 | ---- | M] () -- C:\Users\Ralf\Desktop\CSUN_availability_20120913.pdf

[2012.09.17 17:03:41 | 000,013,709 | ---- | M] () -- C:\Users\Ralf\Desktop\CSUN_availability_20120913.odt

[2012.09.17 13:31:00 | 000,001,214 | ---- | M] () -- C:\Users\Ralf\Desktop\solaranalyzer_20121005.lic

[2012.09.17 09:21:34 | 000,002,147 | ---- | M] () -- C:\Users\Ralf\Desktop\SolarAnalyzer Pro.lnk

[2012.09.11 08:31:35 | 000,084,590 | ---- | M] () -- C:\Users\Ralf\Desktop\120910 Schreiben Indikationsangebot CSUN 5MW Causilgey Farm UK.pdf

[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys

 
 ========== Files Created - No Company Name ==========

 

[2012.10.03 19:01:21 | 000,000,508 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task f9ddf2d6-88ac-4ad1-b721-748df03a8e01.job

[2012.10.03 19:01:21 | 000,000,508 | ---- | C] () -- C:\windows\tasks\SUPERAntiSpyware Scheduled Task f9d4acf6-52e2-4c2f-9a46-871b9d4df853.job

[2012.10.03 19:00:53 | 000,001,808 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk

[2012.10.02 17:46:37 | 000,000,512 | ---- | C] () -- C:\Users\Ralf\Desktop\MBR.dat

[2012.10.02 17:24:58 | 004,272,474 | ---- | C] () -- C:\Users\Ralf\Desktop\osam_autorun_manager_5_0_portable.rar

[2012.10.02 17:03:20 | 000,302,592 | ---- | C] () -- C:\Users\Ralf\Desktop\5logimck.exe

[2012.10.01 16:30:22 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe

[2012.10.01 16:30:22 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe

[2012.10.01 16:30:22 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe

[2012.10.01 16:30:22 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe

[2012.10.01 16:30:22 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe

[2012.10.01 13:51:35 | 001,118,419 | ---- | C] () -- C:\Users\Ralf\Desktop\Kurzexposé Bad Freienwalde (1).pdf

[2012.09.27 18:25:06 | 000,513,501 | ---- | C] () -- C:\Users\Ralf\Desktop\adwcleaner.exe

[2012.09.24 07:16:54 | 001,626,384 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI

[2012.09.21 13:09:59 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012.09.17 17:04:21 | 000,055,868 | ---- | C] () -- C:\Users\Ralf\Desktop\CSUN_availability_20120913.pdf

[2012.09.17 17:03:39 | 000,013,709 | ---- | C] () -- C:\Users\Ralf\Desktop\CSUN_availability_20120913.odt

[2012.09.17 13:31:00 | 000,001,214 | ---- | C] () -- C:\Users\Ralf\Desktop\solaranalyzer_20121005.lic

[2012.09.17 09:21:34 | 000,002,147 | ---- | C] () -- C:\Users\Ralf\Desktop\SolarAnalyzer Pro.lnk

[2012.09.11 08:31:34 | 000,084,590 | ---- | C] () -- C:\Users\Ralf\Desktop\120910 Schreiben Indikationsangebot CSUN 5MW Causilgey Farm UK.pdf

[2012.04.11 10:57:29 | 000,004,096 | -H-- | C] () -- C:\Users\Ralf\AppData\Local\keyfile3.drm

[2012.03.19 23:31:16 | 000,963,912 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin

[2012.03.19 23:31:16 | 000,261,208 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin

[2012.03.19 23:25:58 | 000,058,880 | ---- | C] () -- C:\windows\SysWow64\igdde32.dll

[2012.03.19 22:21:14 | 013,212,672 | ---- | C] () -- C:\windows\SysWow64\ig4icd32.dll

[2012.02.24 15:31:50 | 000,251,340 | ---- | C] () -- C:\windows\hpwins14.dat

[2012.02.24 15:31:50 | 000,000,411 | ---- | C] () -- C:\windows\hpwmdl14.dat

[2011.11.06 08:34:50 | 000,000,034 | ---- | C] () -- C:\windows\cdplayer.ini

[2011.08.25 09:52:26 | 000,003,443 | ---- | C] () -- C:\windows\UTILITYDRV.SYS

[2011.08.25 09:52:25 | 000,300,328 | ---- | C] () -- C:\windows\it50.dll

[2011.08.25 09:52:25 | 000,259,368 | ---- | C] () -- C:\windows\FastBR.dll

[2011.08.25 09:52:25 | 000,218,408 | ---- | C] () -- C:\windows\Image.dll

[2011.08.25 09:52:25 | 000,202,024 | ---- | C] () -- C:\windows\HardDisk.dll

[2011.08.25 09:52:24 | 000,259,368 | ---- | C] () -- C:\windows\CopyFile.dll

[2011.08.25 09:52:24 | 000,177,448 | ---- | C] () -- C:\windows\disk.dll

[2011.08.25 09:52:24 | 000,110,592 | ---- | C] () -- C:\windows\BootseqwWmi.exe

[2011.08.25 09:52:24 | 000,081,920 | ---- | C] () -- C:\windows\Bootseqw32.exe

[2011.08.25 09:52:24 | 000,049,152 | ---- | C] () -- C:\windows\CHGBOOTW.EXE

[2011.08.25 09:52:24 | 000,008,704 | ---- | C] () -- C:\windows\Access32.sys

[2011.08.25 00:59:56 | 000,015,190 | ---- | C] () -- C:\windows\S6000Twn.ini

[2011.04.15 07:29:01 | 000,066,856 | ---- | C] () -- C:\windows\SysWow64\SynTPEnhPS.dll

[2011.04.15 07:28:13 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== LOP Check ==========

 

[2011.12.21 10:07:46 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\1&1 Mail & Media GmbH

[2011.12.23 15:23:09 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Amazon

[2011.12.09 18:14:01 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Canneverbe Limited

[2011.12.16 11:34:30 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2012.09.24 13:56:30 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Dropbox

[2012.09.14 16:44:35 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\FileZilla

[2011.11.23 16:04:46 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\FireShot

[2012.02.06 12:30:30 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\GetRightToGo

[2012.01.30 14:08:16 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\HTC

[2012.01.26 13:07:33 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

[2012.05.22 09:09:40 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\IrfanView

[2012.02.03 13:39:16 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\KOSTAL Solar Electric GmbH

[2012.08.07 09:27:06 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\MyPhoneExplorer

[2012.01.30 14:10:09 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Outlook

[2012.01.03 18:36:41 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\QlikTech

[2012.02.21 16:37:33 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\SinforSSL

[2012.08.16 07:53:09 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Spotify

[2012.02.21 16:40:57 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\UCP

[2012.01.05 16:43:32 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Verbindungsassistent

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.12.21 10:07:46 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\1&1 Mail & Media GmbH

[2011.12.16 11:34:10 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Adobe

[2011.12.23 15:23:09 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Amazon

[2011.12.09 18:14:01 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Canneverbe Limited

[2011.12.16 11:34:30 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant

[2011.11.04 11:41:15 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\CyberLink

[2012.09.24 13:56:30 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Dropbox

[2012.09.14 16:44:35 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\FileZilla

[2011.11.23 16:04:46 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\FireShot

[2012.02.06 12:30:30 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\GetRightToGo

[2012.02.24 15:41:04 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\HP

[2012.05.23 10:21:54 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\HpUpdate

[2012.01.30 14:08:16 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\HTC

[2012.01.26 13:07:33 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1

[2011.11.03 19:44:23 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Identities

[2012.05.22 09:09:40 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\IrfanView

[2012.02.03 13:39:16 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\KOSTAL Solar Electric GmbH

[2011.11.04 11:43:54 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Macromedia

[2012.07.13 15:17:45 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Malwarebytes

[2011.02.22 13:42:06 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Media Center Programs

[2012.09.06 09:48:37 | 000,000,000 | --SD | M] -- C:\Users\Ralf\AppData\Roaming\Microsoft

[2011.11.04 11:40:49 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Mozilla

[2012.08.07 09:27:06 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\MyPhoneExplorer

[2012.01.30 14:10:09 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Outlook

[2012.01.03 18:36:41 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\QlikTech

[2012.02.21 16:37:33 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\SinforSSL

[2012.10.04 12:19:03 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Skype

[2012.08.16 07:53:09 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Spotify

[2012.10.03 19:01:15 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\SUPERAntiSpyware.com

[2012.02.21 16:40:57 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\UCP

[2012.01.05 16:43:32 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Verbindungsassistent

[2012.08.30 12:37:46 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\vlc

[2012.02.24 15:36:44 | 000,000,000 | ---D | M] -- C:\Users\Ralf\AppData\Roaming\Yahoo!

 
 < %APPDATA%\*.exe /s >

[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ralf\AppData\Roaming\Dropbox\bin\Dropbox.exe

[2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ralf\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe

[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Ralf\AppData\Roaming\Dropbox\bin\Uninstall.exe

[2012.09.06 09:26:24 | 000,001,406 | R--- | M] () -- C:\Users\Ralf\AppData\Roaming\Microsoft\Installer\{D0B66311-04BB-40D9-B260-E53372F7C554}\_79787b7b.exe

[2012.09.06 09:26:24 | 000,001,406 | R--- | M] () -- C:\Users\Ralf\AppData\Roaming\Microsoft\Installer\{D0B66311-04BB-40D9-B260-E53372F7C554}\_797e4f74.exe

[2012.09.06 09:26:24 | 000,001,406 | R--- | M] () -- C:\Users\Ralf\AppData\Roaming\Microsoft\Installer\{D0B66311-04BB-40D9-B260-E53372F7C554}\_79924b5e.exe

[2012.08.17 19:49:00 | 000,060,824 | ---- | M] (getfireshot.com) -- C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\51entowq.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\crashreporter.exe

[2012.08.17 19:49:00 | 000,145,816 | ---- | M] (getfireshot.com) -- C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\51entowq.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-container.exe

[2012.08.17 19:48:38 | 000,074,648 | ---- | M] (getfireshot.com) -- C:\Users\Ralf\AppData\Roaming\Mozilla\Firefox\Profiles\51entowq.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\library\fireshot-deploy.exe

[2012.02.21 16:36:55 | 000,014,152 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\SinforSSL\StartIEAsAdmin.exe

[2012.08.15 12:18:24 | 007,601,880 | ---- | M] (Spotify Ltd) -- C:\Users\Ralf\AppData\Roaming\Spotify\spotify.exe

[2012.08.15 12:18:24 | 000,114,904 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Spotify\SpotifyLauncher.exe

[2012.08.15 12:18:24 | 001,193,176 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

[2009.06.15 20:21:54 | 000,135,168 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Ralf\AppData\Roaming\Verbindungsassistent\BackUp\Del_CD_ROM.exe

[2010.02.23 12:02:02 | 000,030,160 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Verbindungsassistent\BackUp\InstallWTGService.exe

[2010.02.23 12:01:36 | 000,409,040 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Verbindungsassistent\BackUp\OSU.exe

[2010.02.23 12:01:20 | 001,148,368 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Verbindungsassistent\BackUp\Setup.exe

[2010.02.23 12:01:58 | 001,091,024 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Verbindungsassistent\BackUp\Uninstaller.exe

[2010.02.23 12:01:50 | 007,226,832 | ---- | M] (WebToGo Mobile Internet GmbH) -- C:\Users\Ralf\AppData\Roaming\Verbindungsassistent\BackUp\Verbindungsassistent.exe

[2010.02.23 12:01:44 | 000,472,528 | ---- | M] (WebToGo Mobiles Internet GmbH) -- C:\Users\Ralf\AppData\Roaming\Verbindungsassistent\BackUp\Verbindungsassistent_SMSMMS.exe

[2010.02.23 12:01:28 | 000,329,168 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Verbindungsassistent\BackUp\WTGService.exe

[2010.02.23 12:01:32 | 000,243,152 | ---- | M] () -- C:\Users\Ralf\AppData\Roaming\Verbindungsassistent\BackUp\WTGVistaUtil.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache86\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\erdnt\cache64\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll

[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2011.02.18 10:11:54 | 000,439,320 | ---- | M] (Intel Corporation) MD5=53CC5BF8B5A219119953C7ABB19A7705 -- C:\windows\SysNative\drivers\iaStor.sys

[2011.02.18 10:11:54 | 000,439,320 | ---- | M] (Intel Corporation) MD5=53CC5BF8B5A219119953C7ABB19A7705 -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_52b32c0ad3e84c62\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011.08.17 01:32:58 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011.08.17 01:32:58 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys

[2011.08.17 01:32:58 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011.08.17 01:32:58 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\erdnt\cache64\netlogon.dll

[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll

[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache86\netlogon.dll

[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.08.17 01:32:58 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011.08.17 01:32:58 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys

[2011.08.17 01:32:58 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.08.17 01:32:58 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll

[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll

[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll

[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll

[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll

[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll

[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe

[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe

[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe

[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\erdnt\cache64\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe

[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\erdnt\cache86\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe

[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe

[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys

[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

 
 ========== Files - Unicode (All) ==========

[2012.09.07 13:28:36 | 000,041,472 | ---- | M] ()(C:\Users\Ralf\Desktop\Kopie von ??20120908-20121010.xls) -- C:\Users\Ralf\Desktop\Kopie von 副本20120908-20121010.xls

[2012.09.07 13:28:36 | 000,041,472 | ---- | C] ()(C:\Users\Ralf\Desktop\Kopie von ??20120908-20121010.xls) -- C:\Users\Ralf\Desktop\Kopie von 副本20120908-20121010.xls
 

< End of report >

--- --- ---

[/CODE]

Ich seh dort so leider nichts :(
Weißt du noch in etwa wann der normale Modus nicht mehr ging? Hast du noch eine OTL-Extras-Datei? Wenn nicht, wirst du evtl. in der Ereignisanzeige schlau wenn dort etwas über Fehlern beim Start im normen Modus steht :(

Nach dem Scan mit Virustotal ging der normale Modus nicht mehr

Zitat:

Zitat von IT-confused (Beitrag 922369)

p.s.: ich sehe gerade, dass bei Malwarebytes noch die beiden Backdoor.Bot-Dateinen in der Quarantäne verzeichnet sind.
Ist das richtig so, oder habe ich etwas vergessen/übersehen?

Zitat:

Nach dem Scan mit Virustotal ging der normale Modus nicht mehr

Das ergibt irgendwie keinen Sinn
VT ändert nichts an den Dateien, das muss eine andere Ursache haben

Zitat:

dass bei Malwarebytes noch die beiden Backdoor.Bot-Dateinen in der Quarantäne verzeichnet sind.

Hab ich dir eben nicht schonmal erklärt was eine Q ist :(

Dann funktioniert der normale Windows-Modus nicht mehr, seit dem ich den Malwarebyte-Scan gemacht habe und die Backdoor.Bot in die Quarantäne verschoben wurde.

Das ergibt mehr Sinn ;)
Stelle mal diese beiden Objekte aus der Quarantäne von Malwarebytes wieder her

erledigt

Der normale Modus geht aber trotzdem noch nicht wieder

Du hast auch den von Malwarebytes in die Q geschobenen Reg-Eintrag wiederhergestellt?
Wenn ja hilft evtl. nur noch ein Wiederherstellungspunkt...

Ich habe die beiden Objekte, die in der Q waren wiederhergestellt.

Dann hats eine andere Ursache
Probier einen Wiederherstellungspunkt aus als der normale Modus noch ging

Ansonsten muss eine Reparatur oder Neuinstallation her

Hallo Cosinus,

der Systemwiederherstellungspunkt hat funktioniert.
Ich bin jetzt auf dem Stand vom 19.09.2012
Der normale Windows-Modus funktioniert wieder, yeah...

Jetzt die ganze Prozedur von vorne oder wie geht´s weiter?

Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Und auch ESET zur Kontrolle wieder :pfeiff:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hallo Cosinus,

jetzt scheint alles sauber zu sein.

Malwarebytes:

Code:

Malwarebytes Anti-Malware 1.65.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.10.05.02
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Ralf :: RALF-PC [Administrator]
 

05.10.2012 09:05:07

mbam-log-2012-10-05 (09-05-07).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 389191

Laufzeit: 1 Stunde(n), 1 Minute(n), 8 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

SuperAntiSpyware:

Code:

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 10/04/2012 at 08:38 PM
 

Application Version : 5.5.1022
 

Core Rules Database Version : 9340

Trace Rules Database Version: 7152
 

Scan type       : Complete Scan

Total Scan Time : 02:48:14
 

Operating System Information

Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User
 

Memory items scanned      : 604

Memory threats detected   : 0

Registry items scanned    : 67357

Registry threats detected : 0

File items scanned        : 173316

File threats detected     : 38
 

Adware.Tracking Cookie

        C:\USERS\RALF\AppData\Roaming\Microsoft\Windows\Cookies\Low\CSUERBH2.txt [ Cookie:ralf@specificclick.net/ ]

        C:\USERS\RALF\AppData\Roaming\Microsoft\Windows\Cookies\Low\IWN0YILP.txt [ Cookie:ralf@doubleclick.net/ ]

        .doubleclick.net [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .invitemedia.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        ad.yieldmanager.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .invitemedia.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .invitemedia.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .invitemedia.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .stats.paypal.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .apmebf.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .mediaplex.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .mediaplex.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .www.beamer-discount.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        statse.webtrendslive.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .generaltracking.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .generaltracking.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .generaltracking.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .generaltracking.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        mediathek.daserste.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        www.ardmediathek.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .solvemedia.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .solvemedia.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .solvemedia.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        pulse-analytics-beacon.reutersmedia.net [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        traffic.brand-wall.net [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        ad.zanox.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        tracking.mobile.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        accounts.google.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        accounts.youtube.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .account.dyn.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .generaltracking.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        ad.zanox.com [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        tracker.softgarden.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .tracker.vinsight.de [ C:\USERS\RALF\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]

        .imrworldwide.com [ C:\USERS\RALF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\51ENTOWQ.DEFAULT\COOKIES.SQLITE ]

        .imrworldwide.com [ C:\USERS\RALF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\51ENTOWQ.DEFAULT\COOKIES.SQLITE ]

        mediathek.daserste.de [ C:\USERS\RALF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\51ENTOWQ.DEFAULT\COOKIES.SQLITE ]

        statse.webtrendslive.com [ C:\USERS\RALF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\51ENTOWQ.DEFAULT\COOKIES.SQLITE ]

ESET:

Code:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

ESET wurde wohl mal wieder falsch ausgeführt - du musst den Browser per Rechtsklick als Admin starten!!

Oder wenn du über dem Firefox den ESET-Installer runtergeladen hast muss dieser per Rechtsklick als Admin ausgeführt werden!

Hier nochmal der Scan als Admin:

Code:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner64.ocx - registred OK

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-10-05 04:12:04

# local_time=2012-10-05 06:12:04 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=5893 16776574 100 94 88034 101078273 0 0

# compatibility_mode=8204 39157181 100 74 235 32759187 0 0

# scanned=178245

# found=0

# cleaned=0

# scan_time=5101

Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Hallo Cosinus,

das System läuft jetzt wieder stabil - vielen Dank.
Mein subjektiver Eindruck ist, dass der Startvorgang etwas verlangsamt läuft.
Möglicherweise muss ich da nochmal aufräumen.
Ansonsten ist die Performance beim normalen Arbeiten unverändert gut.
Die MVPS-Hosts habe ich mir schon mal installiert.

Im Forum habe ich andere Einträge entdeckt, die davon ausgehen, dass das mit dem Backdoor.Bot möglicherweise gar nicht so schlimm sei. Eine E-Mail dazu habe ich auch bekommen. O-Ton:

Hallo,

das war ein FP von Malwarebytes.

Flash Player FP - Malwarebytes Forum

Hatte diese Meldung auch. Wurde aber gefixt.

Benutze doch die Lenovo Thinkpad Sicherung und setze Dein System damit zurück. Scheint doch sauber zu sein.

Ich weis ja nicht, ob es damit zusammenhängt aber bei mir wurden zwei E-Mail-Konten gehackt, bevor ich eingreifen konnte. Glücklicherweise konnte ich den Rest vorher absichern. Insofern sollte man das Teil tatsächlich ernst nehmen.

Vielen Dank für die Hilfe
IT-confused

Ja an ein FP hatte ich auch schon gedacht, möglich war auch einfach eine "Erkennung" weil das eine uralte und damit unsichere Version vom Flashplayer ist :confused: aber wer weiß

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach beseitigten Infektionen auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.