Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Windows 7 - Befall von System care antivirus (https://www.trojaner-board.de/134673-windows-7-befall-system-care-antivirus.html)

Dumpty 08.05.2013 19:13
Windows 7 - Befall von System care antivirus
 
Hallo, ich habe jetzt schon viel in eurem Forum über mein Problem gelesen und auch, dass ich mich trotzdem bei Euch melden kann zwecks Fehlerbehebung.
Gestern Abend erschien bei mir die Meldung von System Care Antivirus mit der Info, dass ich Fehler auf meinem Rechner hätte. Ich kappte sofort die w-LAN Verbindung und ließ avira durchlaufen (kostenpflichtige Version). Avira erkannte das Problem nicht, so dass ich avira direkt mit meinem Problem betraute in der Hoffnung, dass mir geholfen wird. Heute erhielt ich eine Antwort von denen in der sie mir beschrieben, wie ich im abgesicherten Modus einen System-Scan durchführen soll. Dies Tat ich, aber avira hat nichts gefunden. Nun schlagen die mir den Download ihrer rescue CD vor, aber ich weiß nicht, ob das was bringt, deshalb wende ich mich nun an euch.

- Aktuell befindet sich der befallene Rechner im abgesicherten Modus
- ich bekomme keine Verbindung zum Internet
- Windows meldet mir, dass ich das Windows-Sicherheitscenter aktivieren soll, funktioniert aber nicht
- auf meinem Desktop befindet sich ein Icon von System care..

Was kann ich tun, damit mein System wieder läuft? Ich wäre Euch dankbar für verständliche Anleitungen, da ich kein PC-Spezialist bin. Aktuell schreibe ich euch von meinem ipad, da ich anders,, also im aktuellen abgesicherten Modus nicht ins www komme.
Bitte um Hilfe. Danke

markusg 08.05.2013 19:15
Hi
versuche mal, ob du in den abgesicherten Modus mit Netzwerk kommst, falls ja, lade von da das jetzt genannte Programm, bzw kopiere es, falls nein, via usb stick auf den PC

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Dumpty 08.05.2013 19:55
Danke für die schnelle Antwort. Ich versuche vergeblich ins www zu kommen, was nicht funktioniert. Ich habe im abgesicherten Modus ein Netzwerkkabel mit dem Router verbunden, aber ich erhalte keine Verbindung .ebenso kann ich über das ipad, sprich Safari den OTL nicht downloaden. ��

markusg 08.05.2013 20:10
hi
bist du im abgesicherten modus mit netzwerk, es gibt verschiedene Modi.
otl sind 2 Links, evtl. den anderen versuchen, oder über einen anderen PC

Dumpty 08.05.2013 20:13
Ich habe den PC jetzt via Systemwiederherstellung auf den 5.5.2013 zurückgesetzt. Da funktionierte ja noch alles. So bin ich normal (kein abgesicherter modus) ins www gekommen und habe mir OTL runtergelaufen. Folge nun im normalen Modus deinen Anweisungen. Okay?

markusg 08.05.2013 20:16
bitte nutze nie wieder die swh bei malware befall, damit kannst du es dann evtl. nur schlimmer machen, aber nu machs halt im normalen modus

Dumpty 08.05.2013 20:22
Okay, hoffentlich ist es nun nicht schlimmer geworden..
OTL scannt nun durch, im normalen Modus. Und ich kopiere dann gleich die Otl und extra in den thread.
Das dauert ganz schön, aber ist sicher normal. Nebenbei Updates avira und Java fragt mich, ob ich Update zulasse.

markusg 08.05.2013 20:23
erst mal nicht, und mache nichts nebenbei.

Dumpty 08.05.2013 20:46
hier nun die otl:OTL Logfile:
Code:
OTL logfile created on: 08.05.2013 21:18:29 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\MEDION\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 60,70% Memory free
6,50 Gb Paging File | 5,22 Gb Available in Paging File | 80,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910,41 Gb Total Space | 830,99 Gb Free Space | 91,28% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 10,76 Gb Free Space | 53,81% Space Free | Partition Type: NTFS
Drive E: | 14,92 Gb Total Space | 5,62 Gb Free Space | 37,71% Space Free | Partition Type: FAT32
 
Computer Name: MEDION-PC | User Name: MEDION | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.08 21:07:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MEDION\Desktop\OTL.exe
PRC - [2013.03.27 15:28:24 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.27 15:27:53 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\MEDION\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE
PRC - [2011.05.18 08:22:53 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.09.16 22:04:06 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
PRC - [2009.12.24 12:17:20 | 000,100,152 | ---- | M] (MICRO-STAR INT'L,.LTD.) -- C:\Programme\msi\OSD hot keys\WMI_Hook_Service.exe
PRC - [2009.07.14 03:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009.07.14 03:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2009.06.03 21:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.03.30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.02 12:40:51 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2010.09.16 22:04:50 | 000,095,528 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010.09.16 22:04:06 | 001,164,584 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe
MOD - [2009.06.03 21:59:14 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.06.03 21:59:02 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.04.12 09:53:50 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.27 15:28:24 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.27 15:28:00 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013.03.27 15:27:56 | 000,374,496 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2013.03.27 15:27:54 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.27 15:27:52 | 000,657,120 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2013.03.13 19:10:06 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.11 16:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012.06.11 16:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Programme\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2011.05.18 08:22:53 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.12.24 12:17:20 | 000,100,152 | ---- | M] (MICRO-STAR INT'L,.LTD.) [Auto | Running] -- C:\Programme\msi\OSD hot keys\WMI_Hook_Service.exe -- (WMI_Hook_Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\DIAGNOSE\WSTGER32\2PART\uxddrv86.sys -- (uxddrv)
DRV - [2013.03.27 15:28:34 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.03.27 15:28:34 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.03.27 15:28:34 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.02.12 21:30:59 | 000,113,024 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2013.02.12 21:30:59 | 000,092,448 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2012.12.24 06:53:24 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2012.10.03 10:26:12 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.12.02 13:13:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.12.02 13:13:28 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.12.02 13:13:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.12.02 13:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.04.01 11:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009.12.22 14:43:16 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap)
DRV - [2009.11.21 04:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.10.29 12:20:40 | 000,010,360 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf)
DRV - [2009.10.29 12:20:38 | 000,022,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NW1950.sys -- (NW1950)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.06.30 17:32:54 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2009.06.29 00:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2009.06.05 01:47:48 | 000,024,608 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvamacpi.sys -- (nvamacpi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?pc=MAMD&ocid=bb7hp
IE - HKCU\..\SearchScopes,DefaultScope = {25D7FF24-1841-4B37-A67D-10DB139504C9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{25D7FF24-1841-4B37-A67D-10DB139504C9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.5
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0039-ABCDEFFEDCBA%7D:6.0.39
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010.02.04 10:23:46 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 09:53:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.12 09:53:44 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 09:53:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.12 09:53:44 | 000,000,000 | ---D | M]
 
[2010.10.13 18:03:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MEDION\AppData\Roaming\mozilla\Extensions
[2013.03.22 19:12:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MEDION\AppData\Roaming\mozilla\Firefox\Profiles\ur11sf9k.default\extensions
[2013.03.22 19:12:04 | 000,549,639 | ---- | M] () (No name found) -- C:\Users\MEDION\AppData\Roaming\mozilla\firefox\profiles\ur11sf9k.default\extensions\toolbar@web.de.xpi
[2013.02.15 11:39:50 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\MEDION\AppData\Roaming\mozilla\firefox\profiles\ur11sf9k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.22 19:12:08 | 000,001,050 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\mozilla\firefox\profiles\ur11sf9k.default\searchplugins\11-suche.xml
[2013.03.22 19:12:08 | 000,002,418 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\mozilla\firefox\profiles\ur11sf9k.default\searchplugins\englische-ergebnisse.xml
[2013.03.22 19:12:07 | 000,010,701 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\mozilla\firefox\profiles\ur11sf9k.default\searchplugins\gmx-suche.xml
[2013.03.22 19:12:08 | 000,002,432 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\mozilla\firefox\profiles\ur11sf9k.default\searchplugins\lastminute.xml
[2013.03.22 19:12:07 | 000,005,682 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\mozilla\firefox\profiles\ur11sf9k.default\searchplugins\webde-suche.xml
[2013.04.12 09:53:38 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.12 09:53:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.04.12 09:53:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.04.12 09:53:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013.04.12 09:53:39 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013.04.12 09:53:50 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.17 16:58:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.10 09:04:44 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.17 16:58:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.17 16:58:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.17 16:58:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.17 16:58:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NWEReboot]  File not found
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - Startup: C:\Users\MEDION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\MEDION\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C05F6D5-4A03-4FC6-B207-445F9F509472}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{f3d757ff-a6af-11e2-8537-406186bfb951}\Shell - "" = AutoRun
O33 - MountPoints2\{f3d757ff-a6af-11e2-8537-406186bfb951}\Shell\AutoRun\command - "" = E:\SISetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.08 21:21:34 | 000,066,656 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.08 21:16:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MEDION\Desktop\OTL.exe
[2013.05.07 21:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\146B3392068476C50000146B1F2B7B59
[2013.04.20 12:13:10 | 000,000,000 | ---D | C] -- C:\Users\MEDION\Desktop\2013-04-20 godi plan 2013
[2013.04.16 18:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013.04.16 18:31:59 | 001,035,408 | ---- | C] (The OpenSSL Project) -- C:\Windows\System32\ltcry15u.dll
[2013.04.12 09:53:35 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011.03.12 20:33:42 | 009,105,656 | ---- | C] (VSO-Software                                                ) -- C:\Users\MEDION\vso_image_resizer4_setup.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.08 21:21:52 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.08 21:21:52 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.08 21:21:28 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.08 21:21:28 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.08 21:21:28 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.08 21:21:28 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.08 21:21:14 | 000,066,656 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.05.08 21:14:49 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.08 21:14:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.08 21:14:29 | 2616,647,680 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.08 21:07:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MEDION\Desktop\OTL.exe
[2013.04.30 08:56:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.30 08:33:05 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.17 11:17:17 | 000,001,195 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2013.04.16 18:55:17 | 003,357,194 | ---- | M] () -- C:\Users\MEDION\Desktop\rügen 001.jpg
[2013.04.16 18:23:52 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_mvusbews_01009.Wdf
[2013.04.14 09:50:14 | 000,456,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.16 18:54:44 | 003,357,194 | ---- | C] () -- C:\Users\MEDION\Desktop\rügen 001.jpg
[2013.04.16 18:27:26 | 001,167,360 | ---- | C] () -- C:\Windows\System32\HPM1210SM.exe
[2013.04.16 18:27:26 | 000,284,672 | ---- | C] () -- C:\Windows\System32\mvhlewsi.DLL
[2013.04.16 18:27:26 | 000,167,936 | ---- | C] () -- C:\Windows\System32\HPM1210LM.DLL
[2013.04.16 18:23:52 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_mvusbews_01009.Wdf
[2012.12.24 06:53:28 | 000,081,920 | ---- | C] () -- C:\Windows\System32\mvusbews.dll
[2012.11.07 05:23:30 | 000,029,184 | ---- | C] () -- C:\Windows\System32\HPImgFlt.dll
[2012.11.07 05:23:04 | 000,053,760 | ---- | C] () -- C:\Windows\System32\HPM1210SMs.dll
[2012.05.08 13:44:00 | 000,185,901 | ---- | C] () -- C:\Windows\hpoins43.dat.temp
[2012.05.08 13:44:00 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp
[2012.02.13 21:30:02 | 000,000,614 | ---- | C] () -- C:\Users\MEDION\AppData\Roaming\wklnhst.dat
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.04.08 22:27:42 | 000,003,584 | ---- | C] () -- C:\Users\MEDION\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.12 21:02:00 | 000,002,112 | ---- | C] () -- C:\Users\MEDION\AppData\Local\Images.fl
[2011.01.23 12:31:17 | 000,077,891 | ---- | C] () -- C:\Users\MEDION\ESt2010_Müller_Antje.elfo
[2010.11.09 13:35:40 | 001,008,736 | ---- | C] () -- C:\Users\MEDION\AmazonMP3Installer-de_DE.exe
[2010.10.20 16:25:01 | 070,621,664 | ---- | C] () -- C:\Users\MEDION\PS_AIO_06_C4700_USW_Basic_Win_deu_140_175.exe
[2010.10.16 11:58:45 | 000,022,777 | ---- | C] () -- C:\Users\MEDION\19666-knecht1.jpg
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.11.09 13:37:43 | 000,000,000 | ---D | M] -- C:\Users\MEDION\AppData\Roaming\Amazon
[2013.05.08 21:15:40 | 000,000,000 | ---D | M] -- C:\Users\MEDION\AppData\Roaming\Dropbox
[2012.01.14 12:50:45 | 000,000,000 | ---D | M] -- C:\Users\MEDION\AppData\Roaming\elsterformular
[2012.05.14 10:05:31 | 000,000,000 | ---D | M] -- C:\Users\MEDION\AppData\Roaming\Pixlromatic
[2012.02.13 21:30:05 | 000,000,000 | ---D | M] -- C:\Users\MEDION\AppData\Roaming\Template
[2013.03.24 21:55:29 | 000,000,000 | ---D | M] -- C:\Users\MEDION\AppData\Roaming\VSO
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.02.26 12:04:00 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2010.01.08 11:23:58 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.05.08 21:04:02 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2010.01.22 15:05:22 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2013.04.14 10:07:12 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.05.08 21:04:06 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.01.08 11:23:58 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.01.08 11:23:59 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.05.08 21:23:53 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.01.08 11:24:08 | 000,000,000 | R--D | M] -- C:\Users
[2013.05.08 21:10:08 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:53:46 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2011.08.07 11:47:46 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011.08.07 11:47:49 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012.05.02 11:21:38 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2008.06.06 15:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2009.06.30 17:32:54 | 000,212,000 | ---- | M] (NVIDIA Corporation) MD5=032EF66DD96692AD3A9D36160F467F67 -- C:\Windows\System32\drivers\nvstor32.sys
[2009.06.30 17:32:54 | 000,212,000 | ---- | M] (NVIDIA Corporation) MD5=032EF66DD96692AD3A9D36160F467F67 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_x86_neutral_68640c3c72cad0af\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:13 | 000,346,112 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2009.07.14 03:15:13 | 000,215,552 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
[2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll
 
< %USERPROFILE%\*.* >
[2010.10.16 11:58:46 | 000,022,777 | ---- | M] () -- C:\Users\MEDION\19666-knecht1.jpg
[2010.11.09 13:35:41 | 001,008,736 | ---- | M] () -- C:\Users\MEDION\AmazonMP3Installer-de_DE.exe
[2011.03.02 19:41:10 | 000,077,891 | ---- | M] () -- C:\Users\MEDION\ESt2010_Müller_Antje.elfo
[2013.05.08 21:28:14 | 002,883,584 | -HS- | M] () -- C:\Users\MEDION\ntuser.dat
[2013.05.08 21:28:13 | 000,262,144 | -HS- | M] () -- C:\Users\MEDION\ntuser.dat.LOG1
[2010.01.08 11:24:10 | 000,000,000 | -HS- | M] () -- C:\Users\MEDION\ntuser.dat.LOG2
[2010.01.08 13:11:23 | 000,065,536 | -HS- | M] () -- C:\Users\MEDION\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.01.08 13:11:23 | 000,524,288 | -HS- | M] () -- C:\Users\MEDION\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.01.08 13:11:23 | 000,524,288 | -HS- | M] () -- C:\Users\MEDION\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2013.05.08 21:09:13 | 000,065,536 | -HS- | M] () -- C:\Users\MEDION\ntuser.dat{a1e8a479-b80d-11e2-883a-ca967c7bdcf1}.TM.blf
[2013.05.08 21:09:13 | 000,524,288 | -HS- | M] () -- C:\Users\MEDION\ntuser.dat{a1e8a479-b80d-11e2-883a-ca967c7bdcf1}.TMContainer00000000000000000001.regtrans-ms
[2013.05.08 21:09:13 | 000,524,288 | -HS- | M] () -- C:\Users\MEDION\ntuser.dat{a1e8a479-b80d-11e2-883a-ca967c7bdcf1}.TMContainer00000000000000000002.regtrans-ms
[2010.01.08 11:24:11 | 000,000,020 | -HS- | M] () -- C:\Users\MEDION\ntuser.ini
[2010.10.20 16:28:55 | 070,621,664 | ---- | M] () -- C:\Users\MEDION\PS_AIO_06_C4700_USW_Basic_Win_deu_140_175.exe
[2011.09.24 10:30:56 | 000,011,264 | -HS- | M] () -- C:\Users\MEDION\Thumbs.db
[2011.03.12 20:34:06 | 009,105,656 | ---- | M] (VSO-Software                                                ) -- C:\Users\MEDION\vso_image_resizer4_setup.exe
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16

< End of report >
--- --- ---


und die extra.txtOTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 08.05.2013 21:18:29 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\MEDION\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,97 Gb Available Physical Memory | 60,70% Memory free
6,50 Gb Paging File | 5,22 Gb Available in Paging File | 80,39% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910,41 Gb Total Space | 830,99 Gb Free Space | 91,28% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 10,76 Gb Free Space | 53,81% Space Free | Partition Type: NTFS
Drive E: | 14,92 Gb Total Space | 5,62 Gb Free Space | 37,71% Space Free | Partition Type: FAT32
 
Computer Name: MEDION-PC | User Name: MEDION | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\OnlineFotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [OnlineFotoservice] -- "C:\Program Files\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01620887-569E-47D1-AF92-B2794C31A0A3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0A38DC91-1013-4F62-8D6F-08A3BEBC5498}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0A5B0242-7F89-4396-AF9E-4AC4774A6B30}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0B521632-C158-41BC-A940-E71ABFD4C416}" = lport=138 | protocol=17 | dir=in | app=system |
"{11AD5A2D-D30A-4946-93A2-AD5036DCD26D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{187E324C-24D0-4F1F-9BAE-BADB373A2806}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2649CE07-BD4F-45ED-BC45-9B7AF6242D32}" = rport=139 | protocol=6 | dir=out | app=system |
"{33340A3E-3AE7-4331-BF39-92C15827D32D}" = rport=445 | protocol=6 | dir=out | app=system |
"{35FA3A0A-A9A7-4B30-AF94-04C625509501}" = lport=2869 | protocol=6 | dir=in | app=system |
"{361E6F13-9C6E-441E-BD5F-674E727CE31C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{38F8EE44-3FE2-4823-B12D-F5D99D6C1542}" = lport=137 | protocol=17 | dir=in | app=system |
"{4A75B34B-036F-4A29-B73F-90B6550D84F6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{58FFE0B6-58FA-4979-B3B7-BCDCE92B694A}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5E8DCCED-86CF-49B8-B812-2AE6D521B95C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{64E589C3-541D-4AE4-B449-8F5E9E272F6A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{667AC8BB-1A77-4F04-AA14-39D6606B3E56}" = lport=139 | protocol=6 | dir=in | app=system |
"{7C485BB5-D8BA-4714-AEE1-AD7C022B077B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8E6D01F5-A482-455F-9F9A-5520D9D185E3}" = lport=5357 | protocol=6 | dir=in | app=system |
"{92AB3CE8-D6E7-45E4-8932-F7341542ADE1}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{973FBC71-3715-4EEB-9BDF-8463AA87398A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A39878E6-2378-41B7-B454-10E08FD77460}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A4337DBB-2234-4D2A-8BDD-EFC29CD29A84}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AFA1F53F-A959-4762-B00E-13CAB983F9A7}" = lport=445 | protocol=6 | dir=in | app=system |
"{B0C1968A-26A5-4856-8A30-A00DD0602D95}" = rport=5358 | protocol=6 | dir=out | app=system |
"{B73078CA-F773-4E6E-94FC-F773E927B920}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BF09127E-2A2D-4347-8F4E-58D02DE6D7F8}" = lport=445 | protocol=6 | dir=in | app=system |
"{D8663BA6-F505-41D9-A128-3DC95C3EA4C5}" = rport=138 | protocol=17 | dir=out | app=system |
"{DB593E6D-8CBD-4E8D-80C9-D5750968DCD2}" = rport=137 | protocol=17 | dir=out | app=system |
"{DFBF274D-35F4-44A6-B81B-D3AC88F592BD}" = lport=5358 | protocol=6 | dir=in | app=system |
"{DFF3A74A-FD9D-49A0-96D9-683C0DA53C6A}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{E6C74909-5F04-44F0-A011-8C81EE236D14}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{EC976CE7-E7AB-44E8-BFF1-CB2A90166CE9}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{FD247FA8-B67D-4639-9B72-12F47C1AA5A1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FD76B103-5057-47F7-8A0F-1B4CAE63A08E}" = rport=5357 | protocol=6 | dir=out | app=system |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0340C827-81ED-4198-8690-B7568B83CBD2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{07B78EA8-79B2-4D13-B47A-2D52F4E75774}" = dir=in | app=c:\program files\cyberlink\powercinema movie\powercinemamovie.exe |
"{0C7DD1B5-43F2-435B-8182-A2D93E54E7A0}" = dir=in | app=c:\program files\cyberlink\youmemo\youmemo.exe |
"{103103C4-023A-4182-92B6-29ADC5D8D075}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{18638D94-DFCD-4F34-880A-34DEE891BB32}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{1DB3C7AB-27BB-49B9-8E04-6ADF175A4ECB}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe |
"{220F1C17-A4C5-4165-A8E8-393202B43E77}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{2BA3DB76-BA9D-48DD-9B9B-90886F179B60}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpfccopy.exe |
"{2CB3D0A3-478D-4446-82C5-DB8C172DF6B6}" = protocol=6 | dir=out | app=system |
"{3266F8C0-F91D-4C64-883B-D7F10359472D}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe |
"{42424C17-F93A-4834-8D0E-67618F453B62}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{491D04CF-C801-44B9-8813-0CF820B32AD4}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{4AE19C23-C6E0-41C5-8823-C13344B7E241}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{5E251CF7-251D-4713-B069-97514B4C2FA6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{602CD244-7453-4F78-B9C5-EE3327030177}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{69ECD1C4-1628-479A-982E-D71DA9215084}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{6E3EB584-3FA9-4E98-8ACA-EA277D77A183}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6F7C5D68-32A8-4393-A8F3-9FF34E1BE398}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7201C861-D326-47F1-8558-66806D7F1DA5}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7F140670-6FFF-4439-ADB5-568887E412F3}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{7FCEB9C8-3D0E-4C4B-BF2F-C0B458180C0C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8909F3AF-0911-4117-BC8E-2C74DD5ED52E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8A19A574-EF9C-42B6-97F1-B575CCA90F2E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8A585F77-0C24-46D3-A349-9621DE545746}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{931A750B-A614-4898-A52A-A406C8AFC9F2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{94EE57A7-B6DC-48CE-BAAA-3373D98DAD1B}" = dir=in | app=c:\program files\cyberlink\powercinema\powercinema.exe |
"{9E464F21-77EE-4B85-BD5C-952FE70CF4C9}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{9F0EAA22-17DE-4086-BA92-3A18DD764CC7}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{A76E5D9A-2D14-48E0-81D1-1B4B59F55806}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A7D0404C-4074-4546-AA2B-7C8775960210}" = protocol=6 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{CAEB1F4A-0C32-46DD-9C99-D3FB288C1A66}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{D0A14B2B-702E-4600-98B5-0B241811CE76}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{D77F7D21-1AC5-4E20-932D-AF608886292C}" = protocol=6 | dir=out | app=%systemroot%\system32\wudfhost.exe |
"{DE669EDE-0F5E-45A5-8B6E-EAB0A8894B2B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DF971AE9-CD92-4B74-A85F-15CD0542F10E}" = dir=in | app=c:\users\medion\appdata\local\temp\7zs5c35\setup\hpznui01.exe |
"{E06BFF73-9BEA-49F2-AE03-8089CE92A80C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EA946BFE-E9CD-4A2C-993B-2ACF78A0474B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EC84D397-832D-4942-9D61-0EF23A8BFA1D}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe |
"{F8D57D21-BD3C-478D-960F-910A2228B637}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Medion Touch Center
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 39
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Bing Maps 3D
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41A63ADA-088B-1C2D-43B3-E4087FE79881}" = Pixlr-o-matic
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{459699C3-9430-4381-964B-4248D87B49F9}" = Apple Mobile Device Support
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5176C4D8-E6C1-422A-8D6F-E13EB996DCEA}" = CyberLink YouMemo
"{537DB9D6-1AB1-4CE9-8DE7-312256B49A98}" = PS_AIO_06_C4700_SW_Min
"{5DDB3393-E08B-447E-925F-6C00B95D0FE7}" = iCloud
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{68550918-63B5-4762-85CB-3C160AA4B213}" = HP Photosmart C4700 All-in-One Driver 14.0 Rel. 6
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70CC0095-AA68-45BE-AE98-D8170182E9EB}" = PowerCinema Movie
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8969CD6F-5B75-40B9-8701-86ECA4C1F263}_is1" = VSO Image Resizer 4.0.3.2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FF90DB8-6DED-44A3-B182-244FEC09012F}" = Microsoft Touch Pack for Windows 7
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A081C347-F821-434F-B75B-3C175163C0D7}" = OSD hot keys
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B0261E53-B6F1-474A-864B-E7C3CBF468E0}" = iTunes
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BC4AE628-81A4-4FC6-863A-7A9BA2E2531F}" = Nokia Connectivity Cable Driver
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E8A34AC8-0137-4515-A94B-0A0946DDC251}" = Scan To
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Avira AntiVir Desktop" = Avira Internet Security
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"ElsterFormular" = ElsterFormular
"HP LaserJet Professional M1130-M1210 MFP Series" = HP LaserJet Professional M1130-M1210 MFP Series
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Medion Touch Center
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{5176C4D8-E6C1-422A-8D6F-E13EB996DCEA}" = CyberLink YouMemo
"InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A081C347-F821-434F-B75B-3C175163C0D7}" = OSD hot keys
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"OnlineFotoservice" = OnlineFotoservice
"Pixlromatic" = Pixlr-o-matic
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.00 (32-Bit)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.03.2013 15:53:23 | Computer Name = MEDION-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Resize.exe, Version: 4.0.3.2, Zeitstempel:
 0x4d10dfee  Name des fehlerhaften Moduls: Resize.exe, Version: 4.0.3.2, Zeitstempel:
 0x4d10dfee  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0063c417  ID des fehlerhaften Prozesses:
 0x1160  Startzeit der fehlerhaften Anwendung: 0x01ce28c9385214e0  Pfad der fehlerhaften
 Anwendung: C:\Program Files\VSO\Image Resizer 4\Resize.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\VSO\Image Resizer 4\Resize.exe  Berichtskennung: 7b78a9a0-94bc-11e2-8a59-406186bfb951
 
Error - 06.05.2013 05:38:30 | Computer Name = MEDION-PC | Source = Avira Antivirus | ID = 4122
Description = Die Datei AVGDLL_InitScan konnte nicht geladen werden.  Fehlercode:
0x2
 
Error - 07.05.2013 16:26:45 | Computer Name = MEDION-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: wlmail.exe, Version: 14.0.8089.726,
 Zeitstempel: 0x4a6ce53d  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00047732  ID des fehlerhaften
 Prozesses: 0x1440  Startzeit der fehlerhaften Anwendung: 0x01ce4b60efb06ec0  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Windows Live\Mail\wlmail.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 6f760e80-b754-11e2-a44b-406186bfb951
 
Error - 08.05.2013 14:28:34 | Computer Name = MEDION-PC | Source = RasClient | ID = 20227
Description =
 
Error - 08.05.2013 14:29:51 | Computer Name = MEDION-PC | Source = RasClient | ID = 20227
Description =
 
Error - 08.05.2013 14:30:18 | Computer Name = MEDION-PC | Source = RasClient | ID = 20227
Description =
 
Error - 08.05.2013 15:05:19 | Computer Name = MEDION-PC | Source = Avira FireWall | ID = 0
Description = Ungültige Lizenz
 
Error - 08.05.2013 15:05:20 | Computer Name = MEDION-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 08.05.2013 15:14:40 | Computer Name = MEDION-PC | Source = Avira FireWall | ID = 0
Description = Ungültige Lizenz
 
Error - 08.05.2013 15:14:41 | Computer Name = MEDION-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
[ System Events ]
Error - 08.05.2013 15:10:33 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 08.05.2013 15:10:33 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 08.05.2013 15:10:33 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 08.05.2013 15:12:09 | Computer Name = MEDION-PC | Source = DCOM | ID = 10005
Description =
 
Error - 08.05.2013 15:12:09 | Computer Name = MEDION-PC | Source = DCOM | ID = 10005
Description =
 
Error - 08.05.2013 15:12:09 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1068
 
Error - 08.05.2013 15:14:41 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit-Scanner" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%306.
 
Error - 08.05.2013 15:14:41 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Avira Email Schutz" ist vom Dienst "Avira Echtzeit-Scanner"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1066
 
Error - 08.05.2013 15:14:41 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Avira Browser-Schutz" ist vom Dienst "Avira Echtzeit-Scanner"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:  %%1066
 
Error - 08.05.2013 15:14:41 | Computer Name = MEDION-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  cdrom
 
 
< End of report >
--- --- ---

markusg 08.05.2013 21:08
Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
:OTL
[2013.05.07 21:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\146B3392068476C50000146B1F2B7B59
:files
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread



Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!

Dumpty 08.05.2013 21:09
was soll ich jetzt tun? malwarebytes?

okay, ich führe fix durch. danke

Der pc rödelt ... Die Icons sind vom Desktop verschwunden und ich sehe das blanko-hintergrundbild. Wie lange soll ich ausharren? Denn der Rechner scheint nicht zu reagieren außer lautstark arbeiten...

das ergebnis von fix

All processes killed
========== OTL ==========
Folder C:\ProgramData\146B3392068476C50000146B1F2B7B59\ not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: MEDION
->Temp folder emptied: 462603580 bytes
->Temporary Internet Files folder emptied: 994574851 bytes
->Java cache emptied: 21061243 bytes
->FireFox cache emptied: 1119285317 bytes
->Flash cache emptied: 30797077 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 200704 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 164338313 bytes
RecycleBin emptied: 191265998 bytes

Total Files Cleaned = 2.846,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05082013_221226

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

markusg 08.05.2013 21:39
ok, weiter hiermit:
Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Dumpty 08.05.2013 21:49
okay, gesagt - getan. tdsskiller hat zwei logdateien auf meinem rechner gespeichert.

nummer 1

22:43:27.0471 3492 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:43:27.0752 3492 ============================================================
22:43:27.0752 3492 Current date / time: 2013/05/08 22:43:27.0752
22:43:27.0752 3492 SystemInfo:
22:43:27.0752 3492
22:43:27.0752 3492 OS Version: 6.1.7601 ServicePack: 1.0
22:43:27.0752 3492 Product type: Workstation
22:43:27.0752 3492 ComputerName: MEDION-PC
22:43:27.0752 3492 UserName: MEDION
22:43:27.0752 3492 Windows directory: C:\Windows
22:43:27.0752 3492 System windows directory: C:\Windows
22:43:27.0752 3492 Processor architecture: Intel x86
22:43:27.0752 3492 Number of processors: 2
22:43:27.0752 3492 Page size: 0x1000
22:43:27.0752 3492 Boot type: Normal boot
22:43:27.0752 3492 ============================================================
22:43:30.0170 3492 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:43:30.0170 3492 Drive \Device\Harddisk1\DR1 - Size: 0x3BB3FFE00 (14.93 Gb), SectorSize: 0x200, Cylinders: 0x79C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:43:30.0170 3492 ============================================================
22:43:30.0170 3492 \Device\Harddisk0\DR0:
22:43:30.0170 3492 MBR partitions:
22:43:30.0170 3492 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:43:30.0170 3492 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x71CD3000
22:43:30.0170 3492 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x71D05800, BlocksNum 0x2800000
22:43:30.0170 3492 \Device\Harddisk1\DR1:
22:43:30.0170 3492 MBR partitions:
22:43:30.0170 3492 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x34, BlocksNum 0x1DD5A92
22:43:30.0170 3492 ============================================================
22:43:30.0186 3492 C: <-> \Device\Harddisk0\DR0\Partition2
22:43:30.0217 3492 D: <-> \Device\Harddisk0\DR0\Partition3
22:43:30.0217 3492 ============================================================
22:43:30.0217 3492 Initialize success
22:43:30.0217 3492 ============================================================
22:43:45.0911 4068 Deinitialize success

und nummer 2

22:43:49.0018 3084 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
22:43:49.0267 3084 ============================================================
22:43:49.0267 3084 Current date / time: 2013/05/08 22:43:49.0267
22:43:49.0267 3084 SystemInfo:
22:43:49.0267 3084
22:43:49.0267 3084 OS Version: 6.1.7601 ServicePack: 1.0
22:43:49.0267 3084 Product type: Workstation
22:43:49.0267 3084 ComputerName: MEDION-PC
22:43:49.0267 3084 UserName: MEDION
22:43:49.0267 3084 Windows directory: C:\Windows
22:43:49.0267 3084 System windows directory: C:\Windows
22:43:49.0267 3084 Processor architecture: Intel x86
22:43:49.0267 3084 Number of processors: 2
22:43:49.0267 3084 Page size: 0x1000
22:43:49.0267 3084 Boot type: Normal boot
22:43:49.0267 3084 ============================================================
22:43:50.0578 3084 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
22:43:50.0578 3084 Drive \Device\Harddisk1\DR1 - Size: 0x3BB3FFE00 (14.93 Gb), SectorSize: 0x200, Cylinders: 0x79C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
22:43:50.0578 3084 ============================================================
22:43:50.0578 3084 \Device\Harddisk0\DR0:
22:43:50.0578 3084 MBR partitions:
22:43:50.0578 3084 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
22:43:50.0578 3084 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x71CD3000
22:43:50.0578 3084 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x71D05800, BlocksNum 0x2800000
22:43:50.0578 3084 \Device\Harddisk1\DR1:
22:43:50.0593 3084 MBR partitions:
22:43:50.0593 3084 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x34, BlocksNum 0x1DD5A92
22:43:50.0593 3084 ============================================================
22:43:50.0609 3084 C: <-> \Device\Harddisk0\DR0\Partition2
22:43:50.0609 3084 D: <-> \Device\Harddisk0\DR0\Partition3
22:43:50.0609 3084 ============================================================
22:43:50.0609 3084 Initialize success
22:43:50.0609 3084 ============================================================
22:44:10.0798 3192 ============================================================
22:44:10.0798 3192 Scan started
22:44:10.0798 3192 Mode: Manual; SigCheck; TDLFS;
22:44:10.0798 3192 ============================================================
22:44:11.0235 3192 ================ Scan system memory ========================
22:44:11.0235 3192 System memory - ok
22:44:11.0235 3192 ================ Scan services =============================
22:44:11.0391 3192 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
22:44:11.0500 3192 1394ohci - ok
22:44:11.0563 3192 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
22:44:11.0594 3192 ACPI - ok
22:44:11.0610 3192 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
22:44:11.0656 3192 AcpiPmi - ok
22:44:11.0734 3192 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
22:44:11.0766 3192 AdobeFlashPlayerUpdateSvc - ok
22:44:11.0812 3192 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:44:11.0844 3192 adp94xx - ok
22:44:11.0890 3192 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:44:11.0922 3192 adpahci - ok
22:44:11.0937 3192 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:44:11.0953 3192 adpu320 - ok
22:44:12.0000 3192 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:44:12.0062 3192 AeLookupSvc - ok
22:44:12.0124 3192 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
22:44:12.0202 3192 AFD - ok
22:44:12.0249 3192 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
22:44:12.0280 3192 agp440 - ok
22:44:12.0312 3192 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
22:44:12.0343 3192 aic78xx - ok
22:44:12.0374 3192 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
22:44:12.0421 3192 ALG - ok
22:44:12.0436 3192 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
22:44:12.0452 3192 aliide - ok
22:44:12.0468 3192 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
22:44:12.0499 3192 amdagp - ok
22:44:12.0514 3192 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
22:44:12.0530 3192 amdide - ok
22:44:12.0561 3192 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:44:12.0608 3192 AmdK8 - ok
22:44:12.0608 3192 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:44:12.0655 3192 AmdPPM - ok
22:44:12.0686 3192 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:44:12.0717 3192 amdsata - ok
22:44:12.0733 3192 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:44:12.0764 3192 amdsbs - ok
22:44:12.0780 3192 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:44:12.0795 3192 amdxata - ok
22:44:12.0904 3192 [ 07B0B7175C61F65483D60577AC864B41 ] AntiVirFirewallService C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe
22:44:12.0936 3192 AntiVirFirewallService - ok
22:44:12.0998 3192 [ 50DDEB8CA3620655B9FF68FFFC41248E ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
22:44:13.0029 3192 AntiVirMailService - ok
22:44:13.0076 3192 [ BD33282EC067551060DC3A9628160E5B ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
22:44:13.0092 3192 AntiVirSchedulerService - ok
22:44:13.0138 3192 [ 2B73EF0F975642509AB66827C4E9D6C8 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
22:44:13.0138 3192 AntiVirService - ok
22:44:13.0201 3192 [ F46BD152C8A9C4EBAE2EC51B063DE0ED ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
22:44:13.0216 3192 AntiVirWebService - ok
22:44:13.0263 3192 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
22:44:13.0294 3192 AppID - ok
22:44:13.0310 3192 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:44:13.0388 3192 AppIDSvc - ok
22:44:13.0419 3192 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
22:44:13.0466 3192 Appinfo - ok
22:44:13.0575 3192 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
22:44:13.0591 3192 Apple Mobile Device - ok
22:44:13.0622 3192 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
22:44:13.0638 3192 arc - ok
22:44:13.0653 3192 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:44:13.0684 3192 arcsas - ok
22:44:13.0700 3192 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:44:13.0747 3192 AsyncMac - ok
22:44:13.0762 3192 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
22:44:13.0778 3192 atapi - ok
22:44:13.0809 3192 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:44:13.0872 3192 AudioEndpointBuilder - ok
22:44:13.0903 3192 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
22:44:13.0934 3192 Audiosrv - ok
22:44:13.0996 3192 [ 662ECAEC0FAE2C2069B75EF8A762BE87 ] avfwim C:\Windows\system32\DRIVERS\avfwim.sys
22:44:14.0308 3192 avfwim - ok
22:44:14.0371 3192 [ E4DC0228AB7492086B96FCC8298CF3B6 ] avfwot C:\Windows\system32\DRIVERS\avfwot.sys
22:44:14.0386 3192 avfwot - ok
22:44:14.0449 3192 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
22:44:14.0464 3192 avgntflt - ok
22:44:14.0496 3192 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
22:44:14.0511 3192 avipbb - ok
22:44:14.0527 3192 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
22:44:14.0542 3192 avkmgr - ok
22:44:14.0605 3192 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:44:14.0714 3192 AxInstSV - ok
22:44:14.0761 3192 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
22:44:14.0823 3192 b06bdrv - ok
22:44:14.0854 3192 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
22:44:14.0886 3192 b57nd60x - ok
22:44:14.0979 3192 [ F48FEB7DA35821DA15E0B006DCB9A169 ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.391.0\BBSvc.exe
22:44:14.0995 3192 BBSvc - ok
22:44:15.0042 3192 [ 8E16F7A85441986FD2B9CE6C879524E4 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.391.0\SeaPort.exe
22:44:15.0057 3192 BBUpdate - ok
22:44:15.0073 3192 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
22:44:15.0135 3192 BDESVC - ok
22:44:15.0151 3192 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
22:44:15.0198 3192 Beep - ok
22:44:15.0244 3192 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
22:44:15.0322 3192 BFE - ok
22:44:15.0354 3192 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
22:44:15.0416 3192 BITS - ok
22:44:15.0416 3192 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:44:15.0447 3192 blbdrive - ok
22:44:15.0510 3192 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
22:44:15.0541 3192 Bonjour Service - ok
22:44:15.0588 3192 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:44:15.0619 3192 bowser - ok
22:44:15.0650 3192 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:44:15.0697 3192 BrFiltLo - ok
22:44:15.0697 3192 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:44:15.0744 3192 BrFiltUp - ok
22:44:15.0790 3192 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
22:44:15.0837 3192 Browser - ok
22:44:15.0853 3192 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:44:15.0900 3192 Brserid - ok
22:44:15.0915 3192 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:44:15.0946 3192 BrSerWdm - ok
22:44:15.0978 3192 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:44:16.0009 3192 BrUsbMdm - ok
22:44:16.0009 3192 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:44:16.0040 3192 BrUsbSer - ok
22:44:16.0040 3192 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:44:16.0071 3192 BTHMODEM - ok
22:44:16.0102 3192 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
22:44:16.0134 3192 bthserv - ok
22:44:16.0180 3192 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:44:16.0227 3192 cdfs - ok
22:44:16.0305 3192 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:44:16.0368 3192 cdrom - ok
22:44:16.0414 3192 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
22:44:16.0492 3192 CertPropSvc - ok
22:44:16.0524 3192 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:44:16.0570 3192 circlass - ok
22:44:16.0586 3192 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
22:44:16.0602 3192 CLFS - ok
22:44:16.0695 3192 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:44:16.0726 3192 clr_optimization_v2.0.50727_32 - ok
22:44:16.0789 3192 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:44:16.0820 3192 clr_optimization_v4.0.30319_32 - ok
22:44:16.0836 3192 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:44:16.0867 3192 CmBatt - ok
22:44:16.0867 3192 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
22:44:16.0898 3192 cmdide - ok
22:44:16.0929 3192 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
22:44:16.0960 3192 CNG - ok
22:44:16.0976 3192 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:44:16.0992 3192 Compbatt - ok
22:44:17.0054 3192 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
22:44:17.0101 3192 CompositeBus - ok
22:44:17.0116 3192 COMSysApp - ok
22:44:17.0148 3192 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:44:17.0179 3192 crcdisk - ok
22:44:17.0241 3192 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:44:17.0304 3192 CryptSvc - ok
22:44:17.0350 3192 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
22:44:17.0397 3192 DcomLaunch - ok
22:44:17.0428 3192 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
22:44:17.0475 3192 defragsvc - ok
22:44:17.0491 3192 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:44:17.0553 3192 DfsC - ok
22:44:17.0584 3192 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
22:44:17.0662 3192 Dhcp - ok
22:44:17.0694 3192 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
22:44:17.0725 3192 discache - ok
22:44:17.0756 3192 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:44:17.0787 3192 Disk - ok
22:44:17.0803 3192 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:44:17.0850 3192 Dnscache - ok
22:44:17.0881 3192 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
22:44:17.0959 3192 dot3svc - ok
22:44:18.0021 3192 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
22:44:18.0037 3192 Dot4 - ok
22:44:18.0052 3192 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
22:44:18.0084 3192 Dot4Print - ok
22:44:18.0115 3192 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
22:44:18.0146 3192 dot4usb - ok
22:44:18.0177 3192 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
22:44:18.0224 3192 DPS - ok
22:44:18.0271 3192 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:44:18.0302 3192 drmkaud - ok
22:44:18.0349 3192 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:44:18.0380 3192 DXGKrnl - ok
22:44:18.0396 3192 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
22:44:18.0442 3192 EapHost - ok
22:44:18.0536 3192 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
22:44:18.0692 3192 ebdrv - ok
22:44:18.0723 3192 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
22:44:18.0754 3192 EFS - ok
22:44:18.0786 3192 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:44:18.0832 3192 ehRecvr - ok
22:44:18.0848 3192 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
22:44:18.0895 3192 ehSched - ok
22:44:18.0926 3192 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:44:18.0957 3192 elxstor - ok
22:44:18.0973 3192 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
22:44:19.0004 3192 ErrDev - ok
22:44:19.0035 3192 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
22:44:19.0098 3192 EventSystem - ok
22:44:19.0129 3192 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
22:44:19.0176 3192 exfat - ok
22:44:19.0222 3192 Fabs - ok
22:44:19.0238 3192 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:44:19.0269 3192 fastfat - ok
22:44:19.0394 3192 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
22:44:19.0519 3192 Fax - ok
22:44:19.0550 3192 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:44:19.0659 3192 fdc - ok
22:44:19.0675 3192 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
22:44:19.0722 3192 fdPHost - ok
22:44:19.0753 3192 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
22:44:19.0815 3192 FDResPub - ok
22:44:19.0831 3192 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:44:19.0846 3192 FileInfo - ok
22:44:19.0862 3192 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:44:19.0893 3192 Filetrace - ok
22:44:19.0971 3192 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
22:44:20.0080 3192 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning
22:44:20.0080 3192 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1)
22:44:20.0112 3192 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:44:20.0143 3192 flpydisk - ok
22:44:20.0158 3192 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:44:20.0190 3192 FltMgr - ok
22:44:20.0252 3192 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
22:44:20.0314 3192 FontCache - ok
22:44:20.0361 3192 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
22:44:20.0392 3192 FontCache3.0.0.0 - ok
22:44:20.0408 3192 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:44:20.0439 3192 FsDepends - ok
22:44:20.0470 3192 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:44:20.0486 3192 Fs_Rec - ok
22:44:20.0533 3192 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:44:20.0564 3192 fvevol - ok
22:44:20.0611 3192 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:44:20.0626 3192 gagp30kx - ok
22:44:20.0689 3192 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
22:44:20.0704 3192 GEARAspiWDM - ok
22:44:20.0751 3192 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
22:44:20.0798 3192 gpsvc - ok
22:44:20.0860 3192 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
22:44:20.0876 3192 gupdate - ok
22:44:20.0892 3192 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
22:44:20.0907 3192 gupdatem - ok
22:44:20.0923 3192 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:44:20.0970 3192 hcw85cir - ok
22:44:21.0016 3192 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:44:21.0079 3192 HdAudAddService - ok
22:44:21.0094 3192 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
22:44:21.0110 3192 HDAudBus - ok
22:44:21.0141 3192 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:44:21.0188 3192 HidBatt - ok
22:44:21.0204 3192 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:44:21.0250 3192 HidBth - ok
22:44:21.0282 3192 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:44:21.0297 3192 HidIr - ok
22:44:21.0328 3192 [ 1FAB2540C1BD6DA847CCD292F4EEE48A ] hidkmdf C:\Windows\system32\DRIVERS\hidkmdf.sys
22:44:21.0344 3192 hidkmdf - ok
22:44:21.0360 3192 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
22:44:21.0406 3192 hidserv - ok
22:44:21.0438 3192 [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb C:\Windows\system32\drivers\hidusb.sys
22:44:21.0453 3192 HidUsb - ok
22:44:21.0484 3192 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:44:21.0547 3192 hkmsvc - ok
22:44:21.0594 3192 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:44:21.0641 3192 HomeGroupListener - ok
22:44:21.0673 3192 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:44:21.0704 3192 HomeGroupProvider - ok
22:44:21.0719 3192 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
22:44:21.0751 3192 HpSAMD - ok
22:44:21.0813 3192 [ 1D387C1F30296D3A24205CC2D09C6926 ] HPSIService C:\Windows\system32\HPSIsvc.exe
22:44:21.0829 3192 HPSIService - ok
22:44:21.0907 3192 [ A04F4AC48895774A2CF9D1C9EAAACEF0 ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
22:44:22.0515 3192 HPSLPSVC - ok
22:44:22.0562 3192 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:44:22.0641 3192 HTTP - ok
22:44:22.0672 3192 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:44:22.0703 3192 hwpolicy - ok
22:44:22.0734 3192 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
22:44:22.0781 3192 i8042prt - ok
22:44:22.0812 3192 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:44:22.0844 3192 iaStorV - ok
22:44:22.0906 3192 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
22:44:22.0968 3192 idsvc - ok
22:44:22.0968 3192 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:44:23.0000 3192 iirsp - ok
22:44:23.0031 3192 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
22:44:23.0078 3192 IKEEXT - ok
22:44:23.0187 3192 [ 4E3F36F7704CBBCD1B32657491A1944F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
22:44:23.0265 3192 IntcAzAudAddService - ok
22:44:23.0280 3192 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
22:44:23.0296 3192 intelide - ok
22:44:23.0327 3192 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:44:23.0343 3192 intelppm - ok
22:44:23.0374 3192 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:44:23.0436 3192 IPBusEnum - ok
22:44:23.0452 3192 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:44:23.0499 3192 IpFilterDriver - ok
22:44:23.0530 3192 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:44:23.0561 3192 iphlpsvc - ok
22:44:23.0592 3192 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
22:44:23.0624 3192 IPMIDRV - ok
22:44:23.0639 3192 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:44:23.0703 3192 IPNAT - ok
22:44:23.0749 3192 [ E8A39D41474BE42FD8830CED32932D6C ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
22:44:23.0765 3192 iPod Service - ok
22:44:23.0796 3192 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:44:23.0827 3192 IRENUM - ok
22:44:23.0859 3192 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
22:44:23.0874 3192 isapnp - ok
22:44:23.0890 3192 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
22:44:23.0921 3192 iScsiPrt - ok
22:44:23.0937 3192 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
22:44:23.0968 3192 kbdclass - ok
22:44:24.0015 3192 [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
22:44:24.0046 3192 kbdhid - ok
22:44:24.0061 3192 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
22:44:24.0077 3192 KeyIso - ok
22:44:24.0093 3192 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:44:24.0124 3192 KSecDD - ok
22:44:24.0139 3192 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:44:24.0171 3192 KSecPkg - ok
22:44:24.0202 3192 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
22:44:24.0264 3192 KtmRm - ok
22:44:24.0280 3192 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
22:44:24.0342 3192 LanmanServer - ok
22:44:24.0358 3192 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:44:24.0389 3192 LanmanWorkstation - ok
22:44:24.0436 3192 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:44:24.0467 3192 lltdio - ok
22:44:24.0498 3192 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:44:24.0529 3192 lltdsvc - ok
22:44:24.0545 3192 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
22:44:24.0607 3192 lmhosts - ok
22:44:24.0623 3192 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:44:24.0654 3192 LSI_FC - ok
22:44:24.0670 3192 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:44:24.0701 3192 LSI_SAS - ok
22:44:24.0779 3192 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:44:24.0873 3192 LSI_SAS2 - ok
22:44:24.0966 3192 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:44:25.0044 3192 LSI_SCSI - ok
22:44:25.0044 3192 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
22:44:25.0091 3192 luafv - ok
22:44:25.0122 3192 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:44:25.0153 3192 Mcx2Svc - ok
22:44:25.0169 3192 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:44:25.0185 3192 megasas - ok
22:44:25.0216 3192 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:44:25.0231 3192 MegaSR - ok
22:44:25.0247 3192 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
22:44:25.0278 3192 MMCSS - ok
22:44:25.0294 3192 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
22:44:25.0356 3192 Modem - ok
22:44:25.0372 3192 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:44:25.0419 3192 monitor - ok
22:44:25.0450 3192 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
22:44:25.0465 3192 mouclass - ok
22:44:25.0481 3192 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:44:25.0512 3192 mouhid - ok
22:44:25.0559 3192 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:44:25.0575 3192 mountmgr - ok
22:44:25.0668 3192 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
22:44:25.0699 3192 MozillaMaintenance - ok
22:44:25.0715 3192 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
22:44:25.0731 3192 mpio - ok
22:44:25.0762 3192 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:44:25.0809 3192 mpsdrv - ok
22:44:25.0855 3192 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:44:25.0918 3192 MpsSvc - ok
22:44:25.0949 3192 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:44:25.0996 3192 MRxDAV - ok
22:44:26.0043 3192 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:44:26.0074 3192 mrxsmb - ok
22:44:26.0121 3192 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:44:26.0152 3192 mrxsmb10 - ok
22:44:26.0167 3192 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:44:26.0199 3192 mrxsmb20 - ok
22:44:26.0214 3192 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
22:44:26.0230 3192 msahci - ok
22:44:26.0261 3192 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
22:44:26.0292 3192 msdsm - ok
22:44:26.0308 3192 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
22:44:26.0339 3192 MSDTC - ok
22:44:26.0355 3192 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:44:26.0401 3192 Msfs - ok
22:44:26.0417 3192 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:44:26.0464 3192 mshidkmdf - ok
22:44:26.0495 3192 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
22:44:26.0511 3192 msisadrv - ok
22:44:26.0526 3192 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:44:26.0573 3192 MSiSCSI - ok
22:44:26.0573 3192 msiserver - ok
22:44:26.0604 3192 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:44:26.0635 3192 MSKSSRV - ok
22:44:26.0682 3192 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:44:26.0729 3192 MSPCLOCK - ok
22:44:26.0760 3192 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:44:26.0807 3192 MSPQM - ok
22:44:26.0838 3192 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:44:26.0854 3192 MsRPC - ok
22:44:26.0885 3192 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
22:44:26.0885 3192 mssmbios - ok
22:44:26.0901 3192 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:44:26.0947 3192 MSTEE - ok
22:44:26.0994 3192 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:44:27.0010 3192 MTConfig - ok
22:44:27.0025 3192 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
22:44:27.0041 3192 Mup - ok
22:44:27.0088 3192 [ 12AAA46852CFD850129881971976F047 ] mvusbews C:\Windows\system32\Drivers\mvusbews.sys
22:44:27.0150 3192 mvusbews - ok
22:44:27.0197 3192 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
22:44:27.0228 3192 napagent - ok
22:44:27.0291 3192 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:44:27.0322 3192 NativeWifiP - ok
22:44:27.0369 3192 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
22:44:27.0384 3192 NDIS - ok
22:44:27.0431 3192 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:44:27.0478 3192 NdisCap - ok
22:44:27.0540 3192 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:44:27.0571 3192 NdisTapi - ok
22:44:27.0603 3192 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:44:27.0634 3192 Ndisuio - ok
22:44:27.0665 3192 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:44:27.0727 3192 NdisWan - ok
22:44:27.0759 3192 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:44:27.0805 3192 NDProxy - ok
22:44:27.0852 3192 [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
22:44:27.0852 3192 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:44:27.0852 3192 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:44:27.0899 3192 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:44:27.0930 3192 NetBIOS - ok
22:44:27.0961 3192 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:44:28.0024 3192 NetBT - ok
22:44:28.0055 3192 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
22:44:28.0071 3192 Netlogon - ok
22:44:28.0117 3192 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
22:44:28.0180 3192 Netman - ok
22:44:28.0195 3192 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
22:44:28.0242 3192 netprofm - ok
22:44:28.0273 3192 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:44:28.0305 3192 NetTcpPortSharing - ok
22:44:28.0336 3192 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:44:28.0351 3192 nfrd960 - ok
22:44:28.0383 3192 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
22:44:28.0414 3192 NlaSvc - ok
22:44:28.0461 3192 [ 712BC0C22BA00B2BA324C6B8DF668EE7 ] nmwcd C:\Windows\system32\drivers\ccdcmb.sys
22:44:28.0539 3192 nmwcd - ok
22:44:28.0570 3192 [ 7312987B6CCDE6F6CEE32C14BED1CA2E ] nmwcdc C:\Windows\system32\drivers\ccdcmbo.sys
22:44:28.0601 3192 nmwcdc - ok
22:44:28.0617 3192 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:44:28.0663 3192 Npfs - ok
22:44:28.0663 3192 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
22:44:28.0710 3192 nsi - ok
22:44:28.0726 3192 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:44:28.0757 3192 nsiproxy - ok
22:44:28.0804 3192 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:44:28.0897 3192 Ntfs - ok
22:44:28.0913 3192 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
22:44:28.0944 3192 Null - ok
22:44:29.0007 3192 [ DD1D4DBA6223A8F512AC4301D4270A7A ] nvamacpi C:\Windows\system32\DRIVERS\NVAMACPI.sys
22:44:29.0038 3192 nvamacpi - ok
22:44:29.0287 3192 [ 19F5C4949B2E4CBD2E95B8ECDFC84D25 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:44:29.0506 3192 nvlddmkm - ok
22:44:29.0553 3192 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:44:29.0584 3192 nvraid - ok
22:44:29.0646 3192 [ F13618F0CB1E95232F4C2401592A59E9 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
22:44:29.0677 3192 nvsmu - ok
22:44:29.0709 3192 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:44:29.0740 3192 nvstor - ok
22:44:29.0771 3192 [ 032EF66DD96692AD3A9D36160F467F67 ] nvstor32 C:\Windows\system32\DRIVERS\nvstor32.sys
22:44:29.0802 3192 nvstor32 - ok
22:44:29.0818 3192 [ 7A68320FA236ED0479EFF93540391568 ] nvsvc C:\Windows\system32\nvvsvc.exe
22:44:29.0833 3192 nvsvc - ok
22:44:29.0865 3192 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
22:44:29.0880 3192 nv_agp - ok
22:44:29.0896 3192 [ F1A718C6C6CD3EDF157FA3D459ADFEF7 ] NW1950 C:\Windows\system32\DRIVERS\NW1950.sys
22:44:29.0911 3192 NW1950 - ok
22:44:30.0005 3192 [ 953E08D5CA0B02697A8145AAA0CA28BE ] NxpCap C:\Windows\system32\DRIVERS\NxpCap.sys
22:44:30.0052 3192 NxpCap - ok
22:44:30.0083 3192 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
22:44:30.0114 3192 ohci1394 - ok
22:44:30.0161 3192 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:44:30.0208 3192 ose - ok
22:44:30.0348 3192 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
22:44:30.0442 3192 osppsvc - ok
22:44:30.0457 3192 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:44:30.0504 3192 p2pimsvc - ok
22:44:30.0535 3192 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
22:44:30.0551 3192 p2psvc - ok
22:44:30.0582 3192 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:44:30.0629 3192 Parport - ok
22:44:30.0660 3192 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:44:30.0691 3192 partmgr - ok
22:44:30.0723 3192 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
22:44:30.0769 3192 Parvdm - ok
22:44:30.0785 3192 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:44:30.0816 3192 PcaSvc - ok
22:44:30.0832 3192 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
22:44:30.0847 3192 pci - ok
22:44:30.0879 3192 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
22:44:30.0894 3192 pciide - ok
22:44:30.0925 3192 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:44:30.0941 3192 pcmcia - ok
22:44:30.0972 3192 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
22:44:30.0988 3192 pcw - ok
22:44:31.0035 3192 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:44:31.0097 3192 PEAUTH - ok
22:44:31.0159 3192 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
22:44:31.0284 3192 pla - ok
22:44:31.0315 3192 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:44:31.0378 3192 PlugPlay - ok
22:44:31.0425 3192 [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
22:44:31.0440 3192 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
22:44:31.0440 3192 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
22:44:31.0440 3192 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:44:31.0471 3192 PNRPAutoReg - ok
22:44:31.0471 3192 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:44:31.0503 3192 PNRPsvc - ok
22:44:31.0518 3192 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:44:31.0565 3192 PolicyAgent - ok
22:44:31.0612 3192 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
22:44:31.0643 3192 Power - ok
22:44:31.0674 3192 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:44:31.0721 3192 PptpMiniport - ok
22:44:31.0721 3192 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:44:31.0768 3192 Processor - ok
22:44:31.0799 3192 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
22:44:31.0877 3192 ProfSvc - ok
22:44:31.0893 3192 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:44:31.0908 3192 ProtectedStorage - ok
22:44:31.0955 3192 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:44:32.0002 3192 Psched - ok
22:44:32.0049 3192 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:44:32.0127 3192 ql2300 - ok
22:44:32.0158 3192 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:44:32.0173 3192 ql40xx - ok
22:44:32.0205 3192 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
22:44:32.0236 3192 QWAVE - ok
22:44:32.0251 3192 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:44:32.0267 3192 QWAVEdrv - ok
22:44:32.0283 3192 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:44:32.0329 3192 RasAcd - ok
22:44:32.0361 3192 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:44:32.0392 3192 RasAgileVpn - ok
22:44:32.0407 3192 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
22:44:32.0454 3192 RasAuto - ok
22:44:32.0454 3192 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:44:32.0501 3192 Rasl2tp - ok
22:44:32.0563 3192 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
22:44:32.0626 3192 RasMan - ok
22:44:32.0657 3192 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:44:32.0704 3192 RasPppoe - ok
22:44:32.0735 3192 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:44:32.0782 3192 RasSstp - ok
22:44:32.0813 3192 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:44:32.0860 3192 rdbss - ok
22:44:32.0875 3192 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:44:32.0891 3192 rdpbus - ok
22:44:32.0922 3192 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:44:32.0969 3192 RDPCDD - ok
22:44:33.0000 3192 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:44:33.0031 3192 RDPENCDD - ok
22:44:33.0047 3192 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:44:33.0078 3192 RDPREFMP - ok
22:44:33.0109 3192 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:44:33.0156 3192 RDPWD - ok
22:44:33.0203 3192 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:44:33.0234 3192 rdyboost - ok
22:44:33.0250 3192 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
22:44:33.0281 3192 RemoteAccess - ok
22:44:33.0312 3192 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:44:33.0343 3192 RemoteRegistry - ok
22:44:33.0421 3192 [ F12A68ED55053940CADD59CA5E3468DD ] RichVideo C:\Program Files\CyberLink\Shared files\RichVideo.exe
22:44:33.0453 3192 RichVideo ( UnsignedFile.Multi.Generic ) - warning
22:44:33.0453 3192 RichVideo - detected UnsignedFile.Multi.Generic (1)
22:44:33.0468 3192 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:44:33.0531 3192 RpcEptMapper - ok
22:44:33.0546 3192 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
22:44:33.0593 3192 RpcLocator - ok
22:44:33.0624 3192 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
22:44:33.0655 3192 RpcSs - ok
22:44:33.0655 3192 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:44:33.0718 3192 rspndr - ok
22:44:33.0749 3192 [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
22:44:33.0797 3192 RTL8167 - ok
22:44:33.0859 3192 [ B5E9979FBB26FC059BD87A81F763D5DA ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys
22:44:33.0890 3192 rtl8192se - ok
22:44:33.0922 3192 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
22:44:33.0937 3192 SamSs - ok
22:44:33.0984 3192 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
22:44:34.0000 3192 sbp2port - ok
22:44:34.0015 3192 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:44:34.0046 3192 SCardSvr - ok
22:44:34.0062 3192 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:44:34.0124 3192 scfilter - ok
22:44:34.0156 3192 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
22:44:34.0218 3192 Schedule - ok
22:44:34.0234 3192 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:44:34.0265 3192 SCPolicySvc - ok
22:44:34.0312 3192 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:44:34.0374 3192 SDRSVC - ok
22:44:34.0390 3192 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:44:34.0436 3192 secdrv - ok
22:44:34.0483 3192 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
22:44:34.0608 3192 seclogon - ok
22:44:34.0639 3192 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
22:44:34.0686 3192 SENS - ok
22:44:34.0702 3192 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:44:34.0733 3192 SensrSvc - ok
22:44:34.0748 3192 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:44:34.0795 3192 Serenum - ok
22:44:34.0826 3192 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:44:34.0858 3192 Serial - ok
22:44:34.0873 3192 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:44:34.0889 3192 sermouse - ok
22:44:34.0920 3192 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
22:44:34.0967 3192 SessionEnv - ok
22:44:34.0998 3192 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
22:44:35.0045 3192 sffdisk - ok
22:44:35.0060 3192 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
22:44:35.0092 3192 sffp_mmc - ok
22:44:35.0107 3192 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
22:44:35.0138 3192 sffp_sd - ok
22:44:35.0154 3192 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:44:35.0185 3192 sfloppy - ok
22:44:35.0216 3192 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:44:35.0279 3192 SharedAccess - ok
22:44:35.0310 3192 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:44:35.0341 3192 ShellHWDetection - ok
22:44:35.0357 3192 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
22:44:35.0388 3192 sisagp - ok
22:44:35.0435 3192 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:44:35.0466 3192 SiSRaid2 - ok
22:44:35.0482 3192 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:44:35.0497 3192 SiSRaid4 - ok
22:44:35.0544 3192 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:44:35.0575 3192 Smb - ok
22:44:35.0591 3192 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:44:35.0638 3192 SNMPTRAP - ok
22:44:35.0669 3192 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
22:44:35.0684 3192 spldr - ok
22:44:35.0731 3192 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
22:44:35.0762 3192 Spooler - ok
22:44:35.0825 3192 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
22:44:35.0887 3192 sppsvc - ok
22:44:35.0950 3192 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:44:35.0981 3192 sppuinotify - ok
22:44:36.0028 3192 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:44:36.0059 3192 srv - ok
22:44:36.0074 3192 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:44:36.0106 3192 srv2 - ok
22:44:36.0137 3192 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:44:36.0168 3192 srvnet - ok
22:44:36.0184 3192 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:44:36.0246 3192 SSDPSRV - ok
22:44:36.0324 3192 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
22:44:36.0355 3192 ssmdrv - ok
22:44:36.0371 3192 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:44:36.0402 3192 SstpSvc - ok
22:44:36.0418 3192 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:44:36.0433 3192 stexstor - ok
22:44:36.0464 3192 [ EDB05BD63148796F23EA78506404A538 ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
22:44:36.0496 3192 StillCam - ok
22:44:36.0542 3192 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
22:44:36.0589 3192 StiSvc - ok
22:44:36.0636 3192 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
22:44:36.0652 3192 swenum - ok
22:44:36.0667 3192 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
22:44:36.0698 3192 swprv - ok
22:44:36.0761 3192 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
22:44:36.0808 3192 SysMain - ok
22:44:36.0823 3192 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:44:36.0839 3192 TabletInputService - ok
22:44:36.0870 3192 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
22:44:36.0901 3192 TapiSrv - ok
22:44:36.0917 3192 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
22:44:36.0964 3192 TBS - ok
22:44:37.0010 3192 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:44:37.0073 3192 Tcpip - ok
22:44:37.0120 3192 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:44:37.0151 3192 TCPIP6 - ok
22:44:37.0182 3192 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:44:37.0213 3192 tcpipreg - ok
22:44:37.0260 3192 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:44:37.0322 3192 TDPIPE - ok
22:44:37.0354 3192 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:44:37.0385 3192 TDTCP - ok
22:44:37.0416 3192 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:44:37.0478 3192 tdx - ok
22:44:37.0478 3192 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
22:44:37.0510 3192 TermDD - ok
22:44:37.0556 3192 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
22:44:37.0619 3192 TermService - ok
22:44:37.0634 3192 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
22:44:37.0666 3192 Themes - ok
22:44:37.0681 3192 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
22:44:37.0712 3192 THREADORDER - ok
22:44:37.0759 3192 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
22:44:37.0837 3192 TrkWks - ok
22:44:37.0900 3192 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:44:37.0962 3192 TrustedInstaller - ok
22:44:37.0993 3192 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:44:38.0024 3192 tssecsrv - ok
22:44:38.0056 3192 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
22:44:38.0087 3192 TsUsbFlt - ok
22:44:38.0102 3192 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:44:38.0149 3192 tunnel - ok
22:44:38.0180 3192 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:44:38.0196 3192 uagp35 - ok
22:44:38.0227 3192 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:44:38.0290 3192 udfs - ok
22:44:38.0321 3192 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:44:38.0352 3192 UI0Detect - ok
22:44:38.0399 3192 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
22:44:38.0414 3192 uliagpkx - ok
22:44:38.0461 3192 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
22:44:38.0508 3192 umbus - ok
22:44:38.0524 3192 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:44:38.0539 3192 UmPass - ok
22:44:38.0555 3192 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
22:44:38.0617 3192 upnphost - ok
22:44:38.0664 3192 [ 7062ED67A10F1C83B2AB951736E24F11 ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
22:44:38.0711 3192 upperdev - ok
22:44:38.0742 3192 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
22:44:38.0773 3192 USBAAPL - ok
22:44:38.0804 3192 [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:44:38.0820 3192 usbccgp - ok
22:44:38.0851 3192 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
22:44:38.0898 3192 usbcir - ok
22:44:38.0929 3192 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
22:44:38.0960 3192 usbehci - ok
22:44:38.0992 3192 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:44:39.0023 3192 usbhub - ok
22:44:39.0038 3192 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
22:44:39.0054 3192 usbohci - ok
22:44:39.0085 3192 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:44:39.0116 3192 usbprint - ok
22:44:39.0148 3192 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
22:44:39.0179 3192 usbscan - ok
22:44:39.0210 3192 [ 31181DE6190B39FC8007DFFD1A48FFD6 ] usbser C:\Windows\system32\drivers\usbser.sys
22:44:39.0257 3192 usbser - ok
22:44:39.0272 3192 [ B76D8039F5B595C4CA551B3D5DD15A98 ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
22:44:39.0304 3192 UsbserFilt - ok
22:44:39.0335 3192 [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:44:39.0350 3192 USBSTOR - ok
22:44:39.0366 3192 [ 78780C3EBCE17405B1CCD07A3A8A7D72 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:44:39.0382 3192 usbuhci - ok
22:44:39.0428 3192 [ F642A7E4BF78CFA359CCA0A3557C28D7 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
22:44:39.0460 3192 usbvideo - ok
22:44:39.0491 3192 uxddrv - ok
22:44:39.0506 3192 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
22:44:39.0538 3192 UxSms - ok
22:44:39.0553 3192 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
22:44:39.0569 3192 VaultSvc - ok
22:44:39.0584 3192 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
22:44:39.0616 3192 vdrvroot - ok
22:44:39.0647 3192 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
22:44:39.0709 3192 vds - ok
22:44:39.0740 3192 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:44:39.0787 3192 vga - ok
22:44:39.0803 3192 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
22:44:39.0834 3192 VgaSave - ok
22:44:39.0850 3192 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
22:44:39.0881 3192 vhdmp - ok
22:44:39.0912 3192 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
22:44:39.0943 3192 viaagp - ok
22:44:39.0959 3192 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
22:44:39.0990 3192 ViaC7 - ok
22:44:40.0006 3192 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
22:44:40.0037 3192 viaide - ok
22:44:40.0052 3192 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
22:44:40.0068 3192 volmgr - ok
22:44:40.0084 3192 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:44:40.0115 3192 volmgrx - ok
22:44:40.0146 3192 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
22:44:40.0177 3192 volsnap - ok
22:44:40.0208 3192 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:44:40.0240 3192 vsmraid - ok
22:44:40.0286 3192 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
22:44:40.0333 3192 VSS - ok
22:44:40.0349 3192 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:44:40.0380 3192 vwifibus - ok
22:44:40.0396 3192 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:44:40.0427 3192 vwififlt - ok
22:44:40.0458 3192 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:44:40.0474 3192 vwifimp - ok
22:44:40.0505 3192 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
22:44:40.0552 3192 W32Time - ok
22:44:40.0567 3192 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:44:40.0614 3192 WacomPen - ok
22:44:40.0645 3192 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:44:40.0692 3192 WANARP - ok
22:44:40.0708 3192 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:44:40.0723 3192 Wanarpv6 - ok
22:44:40.0770 3192 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
22:44:40.0832 3192 wbengine - ok
22:44:40.0864 3192 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:44:40.0895 3192 WbioSrvc - ok
22:44:40.0926 3192 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:44:40.0957 3192 wcncsvc - ok
22:44:40.0973 3192 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:44:41.0035 3192 WcsPlugInService - ok
22:44:41.0051 3192 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:44:41.0082 3192 Wd - ok
22:44:41.0113 3192 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:44:41.0144 3192 Wdf01000 - ok
22:44:41.0160 3192 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:44:41.0207 3192 WdiServiceHost - ok
22:44:41.0222 3192 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:44:41.0238 3192 WdiSystemHost - ok
22:44:41.0269 3192 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
22:44:41.0300 3192 WebClient - ok
22:44:41.0332 3192 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:44:41.0363 3192 Wecsvc - ok
22:44:41.0378 3192 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:44:41.0425 3192 wercplsupport - ok
22:44:41.0425 3192 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
22:44:41.0472 3192 WerSvc - ok
22:44:41.0503 3192 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:44:41.0534 3192 WfpLwf - ok
22:44:41.0566 3192 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:44:41.0581 3192 WIMMount - ok
22:44:41.0628 3192 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
22:44:41.0675 3192 WinDefend - ok
22:44:41.0690 3192 WinHttpAutoProxySvc - ok
22:44:41.0737 3192 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:44:41.0800 3192 Winmgmt - ok
22:44:41.0831 3192 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
22:44:41.0893 3192 WinRM - ok
22:44:41.0956 3192 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
22:44:42.0002 3192 WinUsb - ok
22:44:42.0034 3192 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
22:44:42.0080 3192 Wlansvc - ok
22:44:42.0158 3192 [ D9250B31B353EE3322C1CAD411997E38 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:44:42.0205 3192 wlidsvc - ok
22:44:42.0221 3192 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
22:44:42.0236 3192 WmiAcpi - ok
22:44:42.0268 3192 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:44:42.0299 3192 wmiApSrv - ok
22:44:42.0361 3192 [ 36ED6F108DFA7C7DD329CF103B02C74B ] WMI_Hook_Service C:\Program Files\msi\OSD hot keys\WMI_Hook_Service.exe
22:44:42.0408 3192 WMI_Hook_Service - ok
22:44:42.0470 3192 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
22:44:42.0533 3192 WMPNetworkSvc - ok
22:44:42.0548 3192 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:44:42.0580 3192 WPCSvc - ok
22:44:42.0611 3192 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:44:42.0642 3192 WPDBusEnum - ok
22:44:42.0673 3192 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:44:42.0720 3192 ws2ifsl - ok
22:44:42.0751 3192 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
22:44:42.0782 3192 wscsvc - ok
22:44:42.0829 3192 [ 553F6CCD7C58EB98D4A8FBDAF283D7A9 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
22:44:42.0876 3192 WSDPrintDevice - ok
22:44:42.0876 3192 WSearch - ok
22:44:42.0954 3192 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
22:44:43.0001 3192 wuauserv - ok
22:44:43.0032 3192 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:44:43.0063 3192 WudfPf - ok
22:44:43.0110 3192 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:44:43.0141 3192 WUDFRd - ok
22:44:43.0172 3192 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:44:43.0219 3192 wudfsvc - ok
22:44:43.0250 3192 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
22:44:43.0282 3192 WwanSvc - ok
22:44:43.0313 3192 ================ Scan global ===============================
22:44:43.0360 3192 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
22:44:43.0391 3192 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
22:44:43.0406 3192 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
22:44:43.0438 3192 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
22:44:43.0469 3192 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
22:44:43.0484 3192 [Global] - ok
22:44:43.0484 3192 ================ Scan MBR ==================================
22:44:43.0500 3192 [ 4624822E540EC83CD0819525C65846BA ] \Device\Harddisk0\DR0
22:44:46.0433 3192 \Device\Harddisk0\DR0 - ok
22:44:46.0433 3192 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
22:44:46.0589 3192 \Device\Harddisk1\DR1 - ok
22:44:46.0589 3192 ================ Scan VBR ==================================
22:44:46.0589 3192 [ 137FBB9DB68659101FFE5097EDB2D58B ] \Device\Harddisk0\DR0\Partition1
22:44:46.0589 3192 \Device\Harddisk0\DR0\Partition1 - ok
22:44:46.0620 3192 [ 3F1D14104B5F9652F541BD046C905C53 ] \Device\Harddisk0\DR0\Partition2
22:44:46.0620 3192 \Device\Harddisk0\DR0\Partition2 - ok
22:44:46.0651 3192 [ 6D95BE7D06AE83B714926815C52BAF92 ] \Device\Harddisk0\DR0\Partition3
22:44:46.0651 3192 \Device\Harddisk0\DR0\Partition3 - ok
22:44:46.0667 3192 [ B3C0FF75B36DC1575F89ACF96DD8D6B5 ] \Device\Harddisk1\DR1\Partition1
22:44:46.0667 3192 \Device\Harddisk1\DR1\Partition1 - ok
22:44:46.0667 3192 ============================================================
22:44:46.0667 3192 Scan finished
22:44:46.0667 3192 ============================================================
22:44:46.0682 3628 Detected object count: 4
22:44:46.0682 3628 Actual detected object count: 4
22:45:19.0255 3628 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user
22:45:19.0255 3628 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:45:19.0271 3628 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:45:19.0271 3628 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:45:19.0271 3628 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
22:45:19.0271 3628 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
22:45:19.0271 3628 RichVideo ( UnsignedFile.Multi.Generic ) - skipped by user
22:45:19.0271 3628 RichVideo ( UnsignedFile.Multi.Generic ) - User select action: Skip

markusg 08.05.2013 21:52
Ok, passt.
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Dumpty 08.05.2013 22:11
combofix lief ohne zu meckern.
hier die log:
Combofix Logfile:
Code:
ComboFix 13-05-08.02 - MEDION 08.05.2013  23:00:16.1.2 - x86
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.3327.2283 [GMT 2:00]
ausgeführt von:: c:\users\MEDION\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\MEDION\4.0
c:\users\MEDION\AmazonMP3Installer-de_DE.exe
c:\users\Public\sdelevURL.tmp
c:\windows\security\Database\tmp.edb
c:\windows\system32\pt
c:\windows\system32\pt\Lagoon.resources.dll
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-04-08 bis 2013-05-08  ))))))))))))))))))))))))))))))
.
.
2013-05-08 21:07 . 2013-05-08 21:07        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-05-08 21:05 . 2013-05-08 21:05        60872        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EDF226A-7731-49B0-B432-BBEC21C30E3D}\offreg.dll
2013-05-08 20:12 . 2013-05-08 20:12        --------        d-----w-        C:\_OTL
2013-05-08 19:21 . 2013-05-08 19:21        66656        ----a-w-        c:\windows\system32\drivers\avnetflt.sys
2013-05-08 19:18 . 2013-04-10 03:08        6906960        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9EDF226A-7731-49B0-B432-BBEC21C30E3D}\mpengine.dll
2013-05-07 19:53 . 2013-05-08 19:04        --------        d-----w-        c:\programdata\146B3392068476C50000146B1F2B7B59
2013-04-24 14:37 . 2013-04-12 13:45        1211752        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2013-04-16 16:32 . 2011-05-18 06:22        99896        ----a-w-        c:\windows\system32\HPSIsvc.exe
2013-04-16 16:32 . 2008-12-22 03:02        117904        ----a-w-        c:\windows\system32\Ltimgutl15u.dll
2013-04-16 16:28 . 2012-09-29 11:24        69632        ----a-w-        c:\windows\system32\Spool\prtprocs\w32x86\HPM1210PP.dll
2013-04-16 16:27 . 2012-09-29 11:25        1167360        ----a-w-        c:\windows\system32\HPM1210SM.exe
2013-04-16 16:27 . 2012-09-29 11:24        167936        ----a-w-        c:\windows\system32\HPM1210LM.DLL
2013-04-16 16:27 . 2012-09-29 11:04        284672        ----a-w-        c:\windows\system32\mvhlewsi.DLL
2013-04-12 07:15 . 2013-03-01 03:09        2347008        ----a-w-        c:\windows\system32\win32k.sys
2013-04-12 07:15 . 2013-01-24 04:47        196328        ----a-w-        c:\windows\system32\drivers\fvevol.sys
2013-04-12 07:15 . 2013-03-19 05:04        3913560        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-04-12 07:15 . 2013-03-19 05:04        3968856        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2013-04-12 07:15 . 2013-03-19 04:48        38912        ----a-w-        c:\windows\system32\csrsrv.dll
2013-04-12 07:15 . 2013-03-19 02:49        69632        ----a-w-        c:\windows\system32\smss.exe
2013-04-12 07:15 . 2013-02-15 04:37        3217408        ----a-w-        c:\windows\system32\mstscax.dll
2013-04-12 07:15 . 2013-02-15 04:34        131584        ----a-w-        c:\windows\system32\aaclient.dll
2013-04-12 07:15 . 2013-02-15 03:25        36864        ----a-w-        c:\windows\system32\tsgqec.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-02 00:06 . 2010-01-22 13:33        238872        ------w-        c:\windows\system32\MpSigStub.exe
2013-03-27 18:42 . 2013-03-27 18:43        94112        ----a-w-        c:\windows\system32\WindowsAccessBridge.dll
2013-03-27 18:42 . 2012-09-11 05:37        861088        ----a-w-        c:\windows\system32\npdeployJava1.dll
2013-03-27 18:42 . 2011-05-03 08:13        782240        ----a-w-        c:\windows\system32\deployJava1.dll
2013-03-27 13:28 . 2012-10-03 08:31        84744        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2013-03-27 13:28 . 2012-10-03 08:31        37352        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2013-03-27 13:28 . 2012-10-03 08:31        135136        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2013-03-13 17:10 . 2012-05-02 09:21        693976        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2013-03-13 17:10 . 2011-12-03 19:14        73432        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 19:30 . 2012-10-03 08:31        92448        ----a-w-        c:\windows\system32\drivers\avfwim.sys
2013-02-12 19:30 . 2012-10-03 08:31        113024        ----a-w-        c:\windows\system32\drivers\avfwot.sys
2013-02-12 04:48 . 2013-03-13 09:01        474112        ----a-w-        c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 09:01        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll
2013-02-12 03:32 . 2013-03-26 07:57        15872        ----a-w-        c:\windows\system32\drivers\usb8023.sys
2013-04-12 07:53 . 2013-04-12 07:53        263064        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-12-17 59872]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-12-17 59872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-10 7866912]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-05-08 345312]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\users\MEDION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\MEDION\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-3-12 29106336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 uxddrv;Dynamically loaded UxdDrv;e:\diagnose\WSTGER32\2PART\uxddrv86.sys [x]
S0 nvamacpi;NVIDIA Away Mode System;c:\windows\system32\DRIVERS\NVAMACPI.sys [x]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [x]
S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe [x]
S2 WMI_Hook_Service;WMI_Hook_Service;c:\program files\msi\OSD hot keys\WMI_Hook_Service.exe [x]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [x]
S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
S3 hidkmdf;Microsoft HID Class Shim for KMDF;c:\windows\system32\DRIVERS\hidkmdf.sys [x]
S3 NW1950;NextWindow 1950 Touch Screen;c:\windows\system32\DRIVERS\NW1950.sys [x]
S3 NxpCap;CTX capture service;c:\windows\system32\DRIVERS\NxpCap.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 80862689
*NewlyCreated* - 95995494
*Deregistered* - 80862689
*Deregistered* - 95995494
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation        REG_MULTI_SZ          SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
HPService        REG_MULTI_SZ          HPSLPSVC
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-02 17:10]
.
2013-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-07 09:47]
.
2013-05-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-07 09:47]
.
.
------- Zusätzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ur11sf9k.default\
FF - prefs.js: browser.startup.homepage - Google
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-NWEReboot - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-08  23:09:30
ComboFix-quarantined-files.txt  2013-05-08 21:09
.
Vor Suchlauf: 6 Verzeichnis(se), 894.555.705.344 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 894.229.725.184 Bytes frei
.
- - End Of File - - BE59A2D5E7BBAF87D69D3DE02A4AD3BD
--- --- ---


combofix hat alles entfernt, oder? soll ich noch was zur sicherheit laufen lassen?

markusg 08.05.2013 22:46
Hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Dumpty 08.05.2013 23:56
so, endlich fertig mit dem scan. malwarebytes hat nichts gefunden.
log:

Malwarebytes Anti-Malware (Test) 1.75.0.1300
Malwarebytes : Free anti-malware download

Datenbank Version: v2013.05.08.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
MEDION :: MEDION-PC [Administrator]

Schutz: Aktiviert

08.05.2013 23:51:48
mbam-log-2013-05-08 (23-51-48).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 385990
Laufzeit: 1 Stunde(n), 3 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

okay, ich bin morgen nachmittag bzw. heute nachmittag wieder online. vielen dank erstmal bis hierhin.
ich hoffe, wir können weiter arbeiten, damit wir mein system wieder sicher bekommen. ich nutze vor allem online banking.
was soll ich als nächstes tun?

besten dank und bis morgen.

markusg 11.05.2013 12:03
Hi,

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Dumpty 12.05.2013 17:33
Hallo markusg, anbei meine ccleaner - Liste...

Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 13.03.2013 6,00MB 11.6.602.180 - notwendig
Adobe Flash Player 11 Plugin Adobe Systems Incorporated 13.03.2013 6,00MB 11.6.602.180 - notwendig
Adobe Reader XI (11.0.02) - Deutsch Adobe Systems Incorporated 10.05.2013 132MB 11.0.02 - notwendig
Amazon MP3-Downloader 1.0.17 Amazon Services LLC 12.11.2012 1.0.17 - notwendig
Apple Application Support Apple Inc. 31.12.2012 65,0MB 2.3.2 - notwendig
Apple Mobile Device Support Apple Inc. 31.12.2012 24,5MB 6.0.1.3 - notwendig
Apple Software Update Apple Inc. 05.11.2011 2,38MB 2.1.3.127 - notwendig
Avira Internet Security Avira 08.05.2013 152MB 13.0.0.3640 - notwendig
Bonjour Apple Inc. 05.11.2011 1,02MB 3.0.0.10 - unbekannt
CCleaner Piriform 23.04.2013 4.01 - notwendig
Compatibility Pack für 2007 Office System Microsoft Corporation 10.01.2013 266MB 12.0.6612.1000 - notwendig ?
Dropbox Dropbox, Inc. 28.03.2013 1.6.18 - notwendig
ElsterFormular Landesfinanzdirektion Thüringen 17.04.2013 188MB 14.1.20130301 - notwendig
HP LaserJet Professional M1130-M1210 MFP Series 16.04.2013 - notwendig
iCloud Apple Inc. 31.12.2012 48,3MB 2.1.1.3 - nicht notwendig
iTunes Apple Inc. 31.12.2012 189MB 11.0.1.12 - notwendig
Java 7 Update 21 Oracle 27.03.2013 129MB 7.0.210 - notwendig
Java(TM) 6 Update 39 Oracle 11.09.2012 95,7MB 6.0.390 - nicht notwendig
Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 08.05.2013 19,2MB 1.75.0.1300 - notwendig
Medion Touch Center CyberLink Corp. 04.02.2010 98,1MB 7.0.3707 - nicht notwendig
Mein CEWE FOTOBUCH CEWE COLOR AG u Co. OHG 04.12.2012 266MB 5.0.1 - notwendig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 26.10.2010 38,8MB 4.0.30319 - unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 26.10.2010 2,93MB 4.0.30319 - unbekannt
Microsoft Office Home and Student 2010 Microsoft Corporation 22.11.2011 14.0.6029.1000 - notwendig
Microsoft Office Live Add-in 1.4 Microsoft Corporation 25.01.2010 500KB 2.0.3008.0 - unbekannt
Microsoft Silverlight Microsoft Corporation 13.03.2013 224MB 5.1.20125.0 - unbekannt
Microsoft SQL Server 2005 Compact Edition [DEU] Microsoft Corporation 22.01.2010 333KB 3.1.0000 - unbekannt
Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 22.01.2010 1,72MB 3.1.0000 - unbekannt
Microsoft Sync Framework Runtime Native v1.0 (x86) Microsoft Corporation 22.01.2010 625KB 1.0.1215.0 - unbekannt
Microsoft Sync Framework Services Native v1.0 (x86) Microsoft Corporation 22.01.2010 1,44MB 1.0.1215.0 - unbekannt
Microsoft Touch Pack for Windows 7 Microsoft Corporation 04.02.2010 325MB 1.0.40517.00 - unbekannt
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 22.01.2010 252KB 8.0.50727.4053 - unbekannt
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 300KB 8.0.56336 - unbekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 04.02.2010 200KB 9.0.30729.4148 - unbekannt
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 27.05.2011 598KB 9.0.30729.5570 - unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 08.12.2010 598KB 9.0.30729 - unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 04.02.2010 595KB 9.0.30729 - unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 600KB 9.0.30729.6161 - unbekannt
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 13.10.2011 12,2MB 10.0.40219 - unbekannt
Microsoft Works Microsoft Corporation 10.10.2012 1,18GB 9.7.0621 - nicht notwendig
Microsoft XNA Framework Redistributable 3.0 Microsoft Corporation 04.02.2010 7,61MB 3.0.11010.0 - unbekannt
Mozilla Firefox 20.0.1 (x86 de) Mozilla 14.04.2013 45,9MB 20.0.1 - notwendig
Mozilla Maintenance Service Mozilla 14.04.2013 330KB 20.0.1 - unbekannt
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 04.02.2010 35,0KB 4.20.9870.0 - unbekannt
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 04.02.2010 1,33MB 4.20.9876.0 - unbekannt
Nokia Connectivity Cable Driver 03.11.2011 7.1.32.64 - unbekannt
NVIDIA Display Control Panel NVIDIA Corporation 22.01.2010 1.6 - unbekannt
NVIDIA Drivers NVIDIA Corporation 08.01.2010 1.10 - unbekannt
NVIDIA PhysX NVIDIA Corporation 04.02.2010 83,7MB 9.09.1112 - unbekannt
OnlineFotoservice CEWE COLOR AG u Co. OHG 04.12.2012 266MB 5.0.1 - notwendig
OSD hot keys msi 04.02.2010 1,36MB 1.0.6.8 - unbekannt
PDFCreator Frank Heindörfer, Philip Chinery 07.05.2011 1.2.0 - notwendig
Pixlr-o-matic UNKNOWN 14.05.2012 2.1 - nicht notwendig
QuickTime Apple Inc. 12.11.2012 73,1MB 7.73.80.64 - nicht notwendig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 09.02.2010 6.0.1.5978 - unbekannt
Scan To HP 16.04.2013 18,0MB 2.0.1 - notwendig
Spelling Dictionaries Support For Adobe Reader 9 Adobe Systems Incorporated 22.01.2010 64,6MB 9.0.0 - unbekannt
VSO Image Resizer 4.0.3.2 VSO-Software 12.03.2011 34,3MB 4.0.3.2 - notwendig
Windows Live Essentials Microsoft Corporation 22.01.2010 14.0.8089.0726 - notwendig
Windows Live ID-Anmelde-Assistent Microsoft Corporation 25.01.2010 5,51MB 6.500.3146.0 - unbekannt
Windows Live Sync Microsoft Corporation 22.01.2010 2,79MB 14.0.8089.726 - unbekannt
Windows Live-Uploadtool Microsoft Corporation 22.01.2010 224KB 14.0.8014.1029 - unbekannt
WinRAR 4.00 (32-Bit) win.rar GmbH 09.04.2011 4.00.0 - nicht notwendig

markusg 13.05.2013 12:25
bdeinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden, instalieren.
bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
Sicherheit (erweitert)
Erweiterte Sicherheit anhaken
und alle Dateien auswählen.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok

deinstaliere:

Java : alle
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
Spelling

Öffne CCleaner, analysieren, starten, PC neustarten
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Dumpty 13.05.2013 18:12
Hallo markusg,
anbei die liste vom adw cleanerAdwCleaner Logfile:
Code:
# AdwCleaner v2.300 - Datei am 13/05/2013 um 19:01:49 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : MEDION - MEDION-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\MEDION\Desktop\adwcleaner_2.3.0.0.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ur11sf9k.default\searchplugins\11-suche.xml

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\MEDION\AppData\Roaming\Mozilla\Firefox\Profiles\ur11sf9k.default\prefs.js

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1083 octets] - [13/05/2013 19:01:49]

########## EOF - C:\AdwCleaner[S1].txt - [1143 octets] ##########
--- --- ---

All deine anderen Anweisungen bin ich befolgt (Adobe und java deinastallieren, neuinstallieren etc.) .
nun ist mir aufgefallen, dass der Rechner mehr Zeit beim Neustarten benötigt. Die schwarze Seite mit der Medion-Schrift bleibt lange bevor das Windows Zeichen kommt.

Hinzu kommt das Problem, dass mir das Windows Wartungscenter ständig mit dem Fähnchen meldet, dass ich AVIRA Desktop aktivieren soll und es wichtig sei. Wenn ich das versuche passiert allerdings nichts. Parallel dazu ist der Regenschirm in der Taskleiste aber geöffnet. Und jedes Mal, wenn ich bei Windows prüfe, ob Firewall etc. aktiviert ist, wird mir alles rot angezeigt, obwohl ich es beim letzten öffnen aktiviert habe.
Was ist das bloß?

markusg 13.05.2013 18:19
was wird angezeigt wenn du avira öffnest? wächter aktiv?
das is nämlich das Problem wenn man die swh nutzt, das zerschießt einiges...
Hitman Pro - Download - Filepony

Hitmanpro laden, doppelklick, scan.
Nichts löschen auf weiter, Log als xml exportieren und posten, bzw packen und anhängen

Dumpty 13.05.2013 18:48
Das avira Control Center meldet, dass der Echtzeit-Scanner aktiv ist und meint pc sicher sei. Wenn ich auf dem Regenschirm in der task bin, meldet die Internet Security ebenfalls alles aktiv (Echtzeit, Firewall, Email, Browser). Das Windows Fähnchen meldet Problem lösen, avira Desktop aktivieren (wichtig).
Ich weiß nicht, ob das wichtig ist, aber der rechner arbeitet/ rödelt die ganze zeit, obwohl ich nichts mache.
Ich erledige mal schnell die hitman-Sache und melde mich gleich wieder.

markusg 13.05.2013 18:54
ok, wenn nich reinstalieren wir avira mal.

Dumpty 13.05.2013 18:59
das kann ich machen - avira deinstallieren. oder was ist reinstallieren?

hier die log von hitman. das ging schnell... hoffe, hab es richtig gemacht.
Code:
HitmanPro 3.7.3.194
www.hitmanpro.com

  Computer name . . . . : MEDION-PC
  Windows . . . . . . . : 6.1.1.7601.X86/2
  User name . . . . . . : MEDION-PC\MEDION
  UAC . . . . . . . . . : Enabled
  License . . . . . . . : Free

  Scan date . . . . . . : 2013-05-13 19:52:08
  Scan mode . . . . . . : Normal
  Scan duration . . . . : 4m 6s
  Disk access mode  . . : Direct disk access (SRB)
  Cloud . . . . . . . . : Internet
  Reboot  . . . . . . . : No

  Threats . . . . . . . : 0
  Traces  . . . . . . . : 0

  Objects scanned . . . : 1.619.275
  Files scanned . . . . : 32.166
  Remnants scanned  . . : 522.062 files / 1.065.047 keys

markusg 13.05.2013 19:02
genau, erst mal die neueste Version von deren Homepage holen, dann deinstalieren, dann neustarten und reinstalieren, noch mal neustarten und gucken, was das Sicherheitscenter anzeigt

Dumpty 13.05.2013 19:40
Okay, ich habe avira (ich hab die kostenpflichtige Version) installiert und starte nun Rechner ein zweites mal neu. Bisher scheint alles gut auszusehen.
Frage: avira hat nun die Firewall aktiviert, was ist mit der Windows eigenen, soll die AUS bleiben?
Bisher gibt es kein wartungscenter-Fähnchen.
Malwarebytes habe ich deinstalliert, da von Agora so gewünscht. Kann ich die anderen Anwendungen auch deinstallieren (combofix, tdsskiller USW.)?
Kann ich davon ausgehen, dass der Rechner keine "Schadstoffe" mehr enthält?

markusg 13.05.2013 19:44
sieht alles gut aus.
neues abschließenes otl log.
winfirewall muss nicht ansein.

Dumpty 13.05.2013 20:17
otl logOTL Logfile:
Code:
OTL logfile created on: 13.05.2013 20:48:47 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\MEDION\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 67,75% Memory free
6,50 Gb Paging File | 5,36 Gb Available in Paging File | 82,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 910,41 Gb Total Space | 834,25 Gb Free Space | 91,63% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 10,76 Gb Free Space | 53,81% Space Free | Partition Type: NTFS
Drive E: | 14,92 Gb Total Space | 5,62 Gb Free Space | 37,71% Space Free | Partition Type: FAT32
 
Computer Name: MEDION-PC | User Name: MEDION | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.13 20:25:55 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.05.13 20:25:02 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2013.05.13 20:24:59 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.05.13 20:24:51 | 000,371,768 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2013.05.13 20:24:45 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.05.13 20:24:44 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.05.13 20:24:43 | 000,657,120 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe
PRC - [2013.05.13 19:51:27 | 000,106,280 | ---- | M] (SurfRight B.V.) -- C:\Programme\HitmanPro\hmpsched.exe
PRC - [2013.05.08 21:07:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MEDION\Desktop\OTL.exe
PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\MEDION\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2011.05.18 08:22:53 | 000,099,896 | ---- | M] (HP) -- C:\Windows\System32\HPSIsvc.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.12.24 12:17:20 | 000,100,152 | ---- | M] (MICRO-STAR INT'L,.LTD.) -- C:\Programme\msi\OSD hot keys\WMI_Hook_Service.exe
PRC - [2009.07.14 03:14:42 | 000,181,760 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\TabTip.exe
PRC - [2009.07.14 03:14:21 | 000,294,400 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\ink\InputPersonalization.exe
PRC - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.03.30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.03.02 12:40:51 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.05.13 20:25:55 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.05.13 20:25:02 | 000,562,744 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013.05.13 20:24:51 | 000,371,768 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2013.05.13 20:24:45 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.05.13 20:24:43 | 000,657,120 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2013.05.13 19:51:27 | 000,106,280 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Programme\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2013.05.13 18:40:47 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.12 09:53:50 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.05.18 08:22:53 | 000,099,896 | ---- | M] (HP) [Auto | Running] -- C:\Windows\System32\HPSIsvc.exe -- (HPSIService)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.12.24 12:17:20 | 000,100,152 | ---- | M] (MICRO-STAR INT'L,.LTD.) [Auto | Running] -- C:\Programme\msi\OSD hot keys\WMI_Hook_Service.exe -- (WMI_Hook_Service)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- E:\DIAGNOSE\WSTGER32\2PART\uxddrv86.sys -- (uxddrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2013.05.13 20:26:31 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.05.13 20:26:31 | 000,113,024 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2013.05.13 20:26:31 | 000,092,448 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2013.05.13 20:26:31 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.05.13 20:26:31 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.05.13 20:26:31 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.12.24 06:53:24 | 000,017,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mvusbews.sys -- (mvusbews)
DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.12.02 13:13:30 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010.12.02 13:13:28 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010.12.02 13:13:26 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010.12.02 13:13:22 | 000,018,304 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.04.01 11:13:38 | 001,009,184 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rtl8192se.sys -- (rtl8192se)
DRV - [2009.12.22 14:43:16 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap)
DRV - [2009.11.21 04:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.10.29 12:20:40 | 000,010,360 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\hidkmdf.sys -- (hidkmdf)
DRV - [2009.10.29 12:20:38 | 000,022,392 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NW1950.sys -- (NW1950)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.06.30 17:32:54 | 000,212,000 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2009.06.29 00:36:36 | 000,017,920 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
DRV - [2009.06.05 01:47:48 | 000,024,608 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvamacpi.sys -- (nvamacpi)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login. [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{25D7FF24-1841-4B37-A67D-10DB139504C9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 09:53:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.10 21:33:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 09:53:51 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.10 21:33:15 | 000,000,000 | ---D | M]
 
[2010.10.13 18:03:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MEDION\AppData\Roaming\mozilla\Extensions
[2013.05.13 19:49:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MEDION\AppData\Roaming\mozilla\Firefox\Profiles\ur11sf9k.default\extensions
[2013.05.13 19:49:09 | 000,620,130 | ---- | M] () (No name found) -- C:\Users\MEDION\AppData\Roaming\mozilla\firefox\profiles\ur11sf9k.default\extensions\toolbar@web.de.xpi
[2013.05.08 21:48:42 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\MEDION\AppData\Roaming\mozilla\firefox\profiles\ur11sf9k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.13 19:49:14 | 000,001,050 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\mozilla\firefox\profiles\ur11sf9k.default\searchplugins\11-suche.xml
[2013.05.13 19:49:14 | 000,002,418 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\mozilla\firefox\profiles\ur11sf9k.default\searchplugins\englische-ergebnisse.xml
[2013.05.13 19:49:14 | 000,010,701 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\mozilla\firefox\profiles\ur11sf9k.default\searchplugins\gmx-suche.xml
[2013.05.13 19:49:14 | 000,002,432 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\mozilla\firefox\profiles\ur11sf9k.default\searchplugins\lastminute.xml
[2013.05.13 19:49:14 | 000,005,682 | ---- | M] () -- C:\Users\MEDION\AppData\Roaming\mozilla\firefox\profiles\ur11sf9k.default\searchplugins\webde-suche.xml
[2013.05.13 18:47:01 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.12 09:53:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.04.12 09:53:38 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.04.12 09:53:50 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.06.17 16:58:52 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.10 09:04:44 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.06.17 16:58:52 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.17 16:58:52 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.17 16:58:52 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.17 16:58:52 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.05.08 23:07:40 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Programme\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Programme\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - Startup: C:\Users\MEDION\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\MEDION\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0C05F6D5-4A03-4FC6-B207-445F9F509472}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.13 20:30:41 | 000,000,000 | ---D | C] -- C:\Users\MEDION\AppData\Roaming\Avira
[2013.05.13 20:30:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.05.13 20:29:49 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.05.13 20:29:48 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.05.13 20:29:48 | 000,113,024 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys
[2013.05.13 20:29:48 | 000,092,448 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys
[2013.05.13 20:29:48 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.05.13 20:29:48 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.05.13 20:29:46 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2013.05.13 19:51:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013.05.13 19:51:27 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013.05.13 19:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.05.13 19:50:17 | 009,097,384 | ---- | C] (SurfRight B.V.) -- C:\Users\MEDION\Desktop\HitmanPro.exe
[2013.05.13 18:53:11 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.05.10 21:35:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.05.10 21:35:17 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.05.10 21:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2013.05.08 23:49:45 | 000,000,000 | ---D | C] -- C:\Users\MEDION\AppData\Roaming\Malwarebytes
[2013.05.08 23:49:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.08 23:49:16 | 000,000,000 | ---D | C] -- C:\Users\MEDION\AppData\Local\Programs
[2013.05.08 23:09:35 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.08 22:58:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.08 22:58:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.08 22:58:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.08 22:58:21 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.05.08 22:58:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.08 22:58:01 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.08 22:54:22 | 005,067,786 | R--- | C] (Swearware) -- C:\Users\MEDION\Desktop\ComboFix.exe
[2013.05.08 22:42:28 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\MEDION\Desktop\tdsskiller.exe
[2013.05.08 22:12:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.05.08 21:16:45 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MEDION\Desktop\OTL.exe
[2013.05.07 21:53:54 | 000,000,000 | ---D | C] -- C:\ProgramData\146B3392068476C50000146B1F2B7B59
[2013.04.20 12:13:10 | 000,000,000 | ---D | C] -- C:\Users\MEDION\Desktop\2013-04-20 godi plan 2013
[2013.04.16 18:32:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2013.04.16 18:31:59 | 001,035,408 | ---- | C] (The OpenSSL Project) -- C:\Windows\System32\ltcry15u.dll
[2011.03.12 20:33:42 | 009,105,656 | ---- | C] (VSO-Software                                                ) -- C:\Users\MEDION\vso_image_resizer4_setup.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.13 20:44:29 | 000,009,888 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.13 20:44:29 | 000,009,888 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.13 20:38:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.13 20:37:23 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.13 20:37:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.13 20:36:31 | 2616,647,680 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.13 20:30:27 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.13 20:26:31 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.05.13 20:26:31 | 000,113,024 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys
[2013.05.13 20:26:31 | 000,092,448 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys
[2013.05.13 20:26:31 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.05.13 20:26:31 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.05.13 20:26:31 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.05.13 19:51:27 | 000,001,913 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.05.13 19:50:36 | 009,097,384 | ---- | M] (SurfRight B.V.) -- C:\Users\MEDION\Desktop\HitmanPro.exe
[2013.05.13 19:02:07 | 000,654,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.05.13 19:02:07 | 000,616,032 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.05.13 19:02:07 | 000,130,022 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.05.13 19:02:07 | 000,106,412 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.05.13 18:57:32 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.10 21:35:18 | 000,000,973 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.10 21:33:15 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.05.10 20:39:54 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2013.05.08 23:07:40 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013.05.08 22:57:26 | 005,067,786 | R--- | M] (Swearware) -- C:\Users\MEDION\Desktop\ComboFix.exe
[2013.05.08 22:42:33 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\MEDION\Desktop\tdsskiller.exe
[2013.05.08 21:07:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MEDION\Desktop\OTL.exe
[2013.04.17 11:17:17 | 000,001,195 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2013.04.16 18:23:52 | 000,000,000 | ---- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_mvusbews_01009.Wdf
[2013.04.14 09:50:14 | 000,456,240 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.05.13 20:30:27 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.13 19:51:27 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.05.13 18:40:50 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.10 21:35:18 | 000,000,973 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.05.10 21:33:15 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.05.10 21:33:15 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.05.10 20:39:54 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2013.05.08 22:58:26 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.08 22:58:26 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.08 22:58:26 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.08 22:58:26 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.08 22:58:26 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.16 18:27:26 | 001,167,360 | ---- | C] () -- C:\Windows\System32\HPM1210SM.exe
[2013.04.16 18:27:26 | 000,284,672 | ---- | C] () -- C:\Windows\System32\mvhlewsi.DLL
[2013.04.16 18:27:26 | 000,167,936 | ---- | C] () -- C:\Windows\System32\HPM1210LM.DLL
[2013.04.16 18:23:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_mvusbews_01009.Wdf
[2012.12.24 06:53:28 | 000,081,920 | ---- | C] () -- C:\Windows\System32\mvusbews.dll
[2012.11.07 05:23:30 | 000,029,184 | ---- | C] () -- C:\Windows\System32\HPImgFlt.dll
[2012.11.07 05:23:04 | 000,053,760 | ---- | C] () -- C:\Windows\System32\HPM1210SMs.dll
[2012.05.08 13:44:00 | 000,185,901 | ---- | C] () -- C:\Windows\hpoins43.dat.temp
[2012.05.08 13:44:00 | 000,000,601 | ---- | C] () -- C:\Windows\hpomdl43.dat.temp
[2012.02.13 21:30:02 | 000,000,614 | ---- | C] () -- C:\Users\MEDION\AppData\Roaming\wklnhst.dat
[2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.04.08 22:27:42 | 000,003,584 | ---- | C] () -- C:\Users\MEDION\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.12 21:02:00 | 000,002,112 | ---- | C] () -- C:\Users\MEDION\AppData\Local\Images.fl
[2011.01.23 12:31:17 | 000,077,891 | ---- | C] () -- C:\Users\MEDION\ESt2010_Müller_Antje.elfo
[2010.10.20 16:25:01 | 070,621,664 | ---- | C] () -- C:\Users\MEDION\PS_AIO_06_C4700_USW_Basic_Win_deu_140_175.exe
[2010.10.16 11:58:45 | 000,022,777 | ---- | C] () -- C:\Users\MEDION\19666-knecht1.jpg
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2010.11.09 13:37:43 | 000,000,000 | ---D | M] -- C:\Users\MEDION\AppData\Roaming\Amazon
[2013.05.13 20:37:45 | 000,000,000 | ---D | M] -- C:\Users\MEDION\AppData\Roaming\Dropbox
[2012.01.14 12:50:45 | 000,000,000 | ---D | M] -- C:\Users\MEDION\AppData\Roaming\elsterformular
[2012.05.14 10:05:31 | 000,000,000 | ---D | M] -- C:\Users\MEDION\AppData\Roaming\Pixlromatic
[2012.02.13 21:30:05 | 000,000,000 | ---D | M] -- C:\Users\MEDION\AppData\Roaming\Template
[2013.03.24 21:55:29 | 000,000,000 | ---D | M] -- C:\Users\MEDION\AppData\Roaming\VSO
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2013.05.08 23:09:35 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN
[2013.05.08 23:09:34 | 000,000,000 | ---D | M] -- C:\ComboFix
[2010.01.08 11:23:58 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2013.05.08 21:04:02 | 000,000,000 | R--D | M] -- C:\MSOCache
[2010.01.22 15:05:22 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2013.05.13 20:29:46 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.05.13 20:03:09 | 000,000,000 | ---D | M] -- C:\ProgramData
[2010.01.08 11:23:58 | 000,000,000 | -HSD | M] -- C:\Programme
[2013.05.08 23:09:33 | 000,000,000 | ---D | M] -- C:\Qoobox
[2010.01.08 11:23:59 | 000,000,000 | ---D | M] -- C:\Recovery
[2013.05.13 20:50:59 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.01.08 11:24:08 | 000,000,000 | R--D | M] -- C:\Users
[2013.05.13 18:57:30 | 000,000,000 | ---D | M] -- C:\Windows
[2013.05.08 22:12:26 | 000,000,000 | ---D | M] -- C:\_OTL
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 06:53:46 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2011.08.07 11:47:46 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2011.08.07 11:47:49 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2013.05.13 18:40:50 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\erdnt\cache\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\erdnt\cache\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\erdnt\cache\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
 
< MD5 for: NVSTOR32.SYS  >
[2009.06.30 17:32:54 | 000,212,000 | ---- | M] (NVIDIA Corporation) MD5=032EF66DD96692AD3A9D36160F467F67 -- C:\Windows\System32\drivers\nvstor32.sys
[2009.06.30 17:32:54 | 000,212,000 | ---- | M] (NVIDIA Corporation) MD5=032EF66DD96692AD3A9D36160F467F67 -- C:\Windows\System32\DriverStore\FileRepository\nvstor32.inf_x86_neutral_68640c3c72cad0af\nvstor32.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\erdnt\cache\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\erdnt\cache\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2013.05.10 20:39:54 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2013.05.10 20:39:54 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
[2009.07.14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll
 
< %USERPROFILE%\*.* >
[2010.10.16 11:58:46 | 000,022,777 | ---- | M] () -- C:\Users\MEDION\19666-knecht1.jpg
[2011.03.02 19:41:10 | 000,077,891 | ---- | M] () -- C:\Users\MEDION\ESt2010_Müller_Antje.elfo
[2013.05.13 20:53:02 | 002,883,584 | -HS- | M] () -- C:\Users\MEDION\ntuser.dat
[2013.05.13 20:53:02 | 000,262,144 | -HS- | M] () -- C:\Users\MEDION\ntuser.dat.LOG1
[2010.01.08 11:24:10 | 000,000,000 | -HS- | M] () -- C:\Users\MEDION\ntuser.dat.LOG2
[2010.01.08 13:11:23 | 000,065,536 | -HS- | M] () -- C:\Users\MEDION\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010.01.08 13:11:23 | 000,524,288 | -HS- | M] () -- C:\Users\MEDION\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010.01.08 13:11:23 | 000,524,288 | -HS- | M] () -- C:\Users\MEDION\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2013.05.08 21:09:13 | 000,065,536 | -HS- | M] () -- C:\Users\MEDION\ntuser.dat{a1e8a479-b80d-11e2-883a-ca967c7bdcf1}.TM.blf
[2013.05.08 21:09:13 | 000,524,288 | -HS- | M] () -- C:\Users\MEDION\ntuser.dat{a1e8a479-b80d-11e2-883a-ca967c7bdcf1}.TMContainer00000000000000000001.regtrans-ms
[2013.05.08 21:09:13 | 000,524,288 | -HS- | M] () -- C:\Users\MEDION\ntuser.dat{a1e8a479-b80d-11e2-883a-ca967c7bdcf1}.TMContainer00000000000000000002.regtrans-ms
[2010.01.08 11:24:11 | 000,000,020 | -HS- | M] () -- C:\Users\MEDION\ntuser.ini
[2010.10.20 16:28:55 | 070,621,664 | ---- | M] () -- C:\Users\MEDION\PS_AIO_06_C4700_USW_Basic_Win_deu_140_175.exe
[2011.09.24 10:30:56 | 000,011,264 | -HS- | M] () -- C:\Users\MEDION\Thumbs.db
[2011.03.12 20:34:06 | 009,105,656 | ---- | M] (VSO-Software                                                ) -- C:\Users\MEDION\vso_image_resizer4_setup.exe
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<          >

< End of report >
--- --- ---

markusg 13.05.2013 20:22
Hi,


otl fix

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:
:OTL
FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.6
[2013.05.13 19:49:09 | 000,620,130 | ---- | M] () (No name found) -- C:\Users\MEDION\AppData\Roaming\mozilla\firefox\profiles\ur11sf9k.default\extensions\toolbar@web.de.xpi
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites
File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - eBay - eine der größten deutschen Shopping-Websites File not found
:files
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread


bitte teste, ob es im Firefox, internet explorer, und sonstigen
evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt.
Teste wie pc und programme allgemein laufen.

Dumpty 13.05.2013 20:41
All processes killed
========== OTL ==========
Prefs.js: toolbar%40web.de:2.6 removed from extensions.enabledAddons
C:\Users\MEDION\AppData\Roaming\mozilla\firefox\profiles\ur11sf9k.default\extensions\toolbar@web.de.xpi moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
File eBay - eine der größten deutschen Shopping-Websites not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA}\ not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: MEDION
->Temp folder emptied: 1096204 bytes
->Temporary Internet Files folder emptied: 8677 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 16959701 bytes
->Flash cache emptied: 506 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3648 bytes
RecycleBin emptied: 99515807 bytes

Total Files Cleaned = 112,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 05132013_213228

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Programme scheinen alle zu funktionieren. firefox, ie und sonstiges auch.
ist jetzt wieder alles okay? onlinebanking?

markusg 14.05.2013 12:20
öffne otl, bereinigen, PC startet neu, Remover werden gelöscht.
Lösche übrig gebliebene Logs, Setups, von uns verwendete Programme.
Passwörter alle ändern.
PC absichern:
als antimalware programm würde ich emsisoft empfehlen.
diese haben für mich den besten schutz kostet aber etwas.
Computeractive Software Store - Emsisoft Anti-Malware 7 [1-PC] - 63% off RRP
testversion:
Meine Antivirus-Empfehlung: Emsisoft Anti-Malware
insbesondere wenn du onlinebanking, einkäufe, sonstige zahlungsabwicklungen oder ähnlich wichtiges, wie zb berufliches machst, also sensible daten zu schützen sind, solltest du in sicherheitssoftware investieren.
vor dem aktivieren der lizenz die 30 tage testzeitraum ausnutzen.

kostenlos, aber eben nicht ganz so gut währe avast zu empfehlen.
http://www.trojaner-board.de/110895-...antivirus.html

sag mir welches du nutzt, dann gebe ich konfigurationshinweise.
bitte dein bisheriges av deinstalieren
die folgende anleitung ist umfangreich, dass ist mir klar, sie sollte aber umgesetzt werden, da nur dann dein pc sicher ist. stelle so viele fragen wie nötig, ich arbeite gern alles mit dir durch!

http://www.trojaner-board.de/96344-a...-rechners.html
Starte bitte mit der Passage, Windows Vista und Windows 7
Bitte beginne damit, Windows Updates zu instalieren.
Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst.
Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist:
- Updates automatisch Instalieren,
- Täglich
- Uhrzeit wählen
- Bitte den gesammten rest anhaken, außer:
- detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist.
Klicke jetzt die Schaltfläche "OK"
Klicke jetzt "nach Updates suchen".
Bitte instaliere zunächst wichtige Updates.
Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren.
Mache das selbe bitte mit den optionalen Updates.
Bitte übernimm den rest so, wie es im Abschnitt windows 7 / Vista zu lesen ist.
aus dem Abschnitt xp, bitte den punkt "datenausführungsverhinderung, dep" übernehmen.
als browser rate ich dir zu chrome:
Installation von Google Chrome für mehrere Nutzerkonten - Google Chrome-Hilfe
anleitung lesen bitte
falls du nen andern nutzen willst, sags mir dann muss ich teile der nun folgenden anleitung anpassen.


Sandboxie
Die devinition einer Sandbox ist hier nachzulesen:
Sandbox
Kurz gesagt, man kann Programme fast 100 %ig isuliert vom System ausführen.

Der Vorteil liegt klar auf der Hand, wenn über den Browser Schadcode eingeschläust wird, kann dieser nicht nach außen dringen.
Download Link:
Sandboxie - Download - Filepony

anleitung:
http://www.trojaner-board.de/71542-a...sandboxie.html
ausführliche anleitung als pdf, auch abarbeiten:
Sandbox Einstellungen |

bitte folgende zusatz konfiguration machen:
sandboxie control öffnen, menü sandbox anklicken, defauldbox wählen.
dort klicke auf sandbox einstellungen.
beschrenkungen, bei programm start und internet zugriff schreibe:
chrome.exe
dann gehe auf anwendungen, webbrowser, chrome.
dort aktiviere alles außer gesammten profil ordner freigeben.
Wie du evtl. schon gesehen hast, kannst du einige Funktionen nicht nutzen.
Dies ist nur in der Vollversion nötig, zu deren Kauf ich dir rate.
Du kannst zb unter "Erzwungene Programmstarts" festlegen, dass alle Browser in der Sandbox starten.
Ansonsten musst du immer auf "Sandboxed webbrowser" klicken bzw Rechtsklick, in Sandboxie starten.
Eine lebenslange Lizenz kostet 30 €, und ist auf allen deinen PC's nutzbar.

Weiter mit:
Maßnahmen für ALLE Windows-Versionen
alles komplett durcharbeiten
anmerkung zu file hippo.
in den settings zusätzlich auswählen:
hide beta updates.
Run updateChecker when Windows starts

Backup Programm:
in meiner Anleitung ist bereits ein Backup Programm verlinkt, als Alternative bietet sich auch das Windows eigene Backup Programm an:
http://www.trojaner-board.de/82962-w...en-backup.html
Dies ist aber leider nur für Windows 7 Nutzer vernünftig nutzbar.
Alle Anderen sollten sich aber auf jeden fall auch ein Backup Programm instalieren, denn dies kann unter Umständen sehr wichtig sein, zum Beispiel, wenn die Festplatte einmal kaputt ist.

Zum Schluss, die allgemeinen sicherheitstipps beachten, wenn es dich betrifft, den Tipp zum Onlinebanking beachten und alle Passwörter ändern
bitte auch lesen, wie mache ich programme für alle sichtbar:
Programme für alle Konten nutzbar machen - PCtipp.ch - Praxis & Hilfe
surfe jetzt also nur noch im standard nutzer konto und dort in der sandbox.
wenn du die kostenlose version nutzt, dann mit klick auf sandboxed web browser, wenn du die bezahlversion hast, kannst du erzwungene programm starts festlegen, dann wird sandboxie immer gestartet wenn du nen browser aufrufst.
wenn du mit der maus über den browser fährst sollte der eingerahmt sein, dann bist du im sandboxed web browser

passwort sicherheit:
jeder dienst benötigt ein eigenes, mindestens 12-stelliges passwort
bei der passwort verwaltung und erstellung hilft roboform
Passwort Manager, Formular Ausfueller, Passwort Management | RoboForm Passwort Manager
anleitung:
RoboForm-Bedienungsanleitung: Passwort-Manager, Verwalten von Passwörtern und persönlichen Daten

Dumpty 14.05.2013 17:52
Hallo markusg, vielen dank erstmal. Ich bin wirklich froh, dass es so engagierte IT-ler gibt, die uns Nicht-Experten beim Loswerden schädlicher Eindringlinge und bei der Schadensbegrenzung und Wiederherstellung helfen. DANKE!

Nun, hab ich noch eine Frage... Ist es wirklich notwendig, dass ich mich von avira trenne? Ich nutze Internet Security, kostenpflichtige Version.
Ansonsten würde ich mir die avast Free Version zulegen. Kann ich beide Programme auf dem Rechner haben.
Updates habe ich schon eingestellt. Eine sandbox möchte ich nicht nutzen. Passwörter ändere ich nach und nach um.

markusg 14.05.2013 19:12
hi
beide nich, dann lass avira.
warum willst du keine sandbox nutzen, schon die allein hätte das Problem vermieden

Dumpty 14.05.2013 19:43
sandbox klingt so kompliziert und umständlich. ich überlegs mir.
danke.

markusg 14.05.2013 19:48
schaus dir doch erst mal an, bevor du dich beschwerst :d


Alle Zeitangaben in WEZ +1. Es ist jetzt 09:48 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58