spyhunter, widgi toolbar, spigot....was tue ich am Besten?

spartacus111 · 01.01.2012, 17:46

Aloha und ein gutes neues Jahr an alle!

Mir war heut langweilig und nachdem ich ein paar nicht mehr benötigte Programme deinstalliert hatte, meine iTunes Mediathek umgezogen hatte, bin ich mit stolzgeschwellter Brust daran gegangen, den Rechner weiter aufzuräumen.
Ich fand unter den Autostartprogrammen die WidgiToolbar, die wohl eine etwas harmlose Form einer Spyware darstellt (ß)

Nichtdestotrotz ....googleln und siehe da - es gibt es Programm, das das Ding beseitigt - spyhunter.

Bis dahin kann ich meine Aktionen noch auf gestern/heute Nacht schieben, jetzt wirds nur noch blöd.

In einem Zwischendind zwischen Panik und Blödheit flugs den Spiojäger heruntergeladen, installiert und siehe da - 431 Funde - Heureka.

Weg mit dem Zeug - da sei allerdings der schnöde Mammon vor- erst wenn ich ca 30 € löhnte, könnte ich die Schadsoftware entfernen.

Erneut SPYWARE googeln - uupps - das ist ja u.U. gar nicht so witzig.

Also als Erstes Spybot S&D aktualisiert, drüber laufen lassen, ein harmloser Fund (nein - leider kein LOG).

Nun habe ich mich mit Malwarebytes, OTL ausgerüstet, will aber nicht wie ein Verrückter posten (vor allem nicht mit meinem Rechnernamen, kann man das bei OTL ändern?).

Konkret: Ich sehe nach einem Neustart des WIn 7 Rechners (Avira AntiVir Personal) keinerlei Verlangsamung usw.

Aber: Als ich Spyware deinstallieren wollte, wurde ich "gehindert". Ein Programm vom Hersteller der Software- Enigma- meinte ständig - ich solle doch kaufen,dann gings auch mit der Deinstallatinon.
Eine "sichtbare" exe ist in den Programmdateien nimmer, aber der Rest ist nicht deinstalliert.

Ich finde aber in den Programmordnern, in der Systemsteuerung installierter Software etc. "Spuren von spyhunter, SPIGOT (habe einst pdfForge installiert, dann aber wieder deinstalliert, nutze jetzt anderen pdfcreator) und dieser ominösen WidgiToolbar.

Ich nutze meinen/unserern Rechner um zwei ipods zu befüllen, zu surfen, online zu shoppen, auch online zu banken etc.

Wie soll ich konkret vorgehen.

Sorry für die etwas vage Beschreibung, stehe aber Gewehr bei Fuß, wenn ich Euch beim Helfen helfen kann.

Meine Kenntnisse beschränken sich eher auf die eines erfahrenenen Handlangers.

Danke

RS

....pardon habe nun doch - nach eingehenderem Studium der "Was ist als Erstes zu tum-Regeln" ein Paar Dinge gepostet:

AV-Scan-Report

Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Sonntag, 1. Januar 2012 18:15

Es wird nach 3000859 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (plain) [6.1.7600]
Boot Modus : Normal gebootet
Benutzername : RSST
Computername : RSST-PC

Versionsinformationen:
BUILD.DAT : 10.2.0.704 35934 Bytes 28.09.2011 13:14:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 02.07.2011 18:20:29
AVSCAN.DLL : 10.0.5.0 57192 Bytes 02.07.2011 18:20:29
LUKE.DLL : 10.3.0.5 45416 Bytes 02.07.2011 18:20:30
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 09:59:47
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 02.07.2011 18:20:30
AVREG.DLL : 10.3.0.9 88833 Bytes 15.07.2011 18:36:55
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 07:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 11:03:16
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 10:58:23
VBASE003.VDF : 7.11.19.171 2048 Bytes 20.12.2011 10:58:48
VBASE004.VDF : 7.11.19.172 2048 Bytes 20.12.2011 10:58:50
VBASE005.VDF : 7.11.19.173 2048 Bytes 20.12.2011 10:58:58
VBASE006.VDF : 7.11.19.174 2048 Bytes 20.12.2011 10:58:59
VBASE007.VDF : 7.11.19.175 2048 Bytes 20.12.2011 10:59:00
VBASE008.VDF : 7.11.19.176 2048 Bytes 20.12.2011 10:59:02
VBASE009.VDF : 7.11.19.177 2048 Bytes 20.12.2011 10:59:02
VBASE010.VDF : 7.11.19.178 2048 Bytes 20.12.2011 10:59:03
VBASE011.VDF : 7.11.19.179 2048 Bytes 20.12.2011 10:59:04
VBASE012.VDF : 7.11.19.180 2048 Bytes 20.12.2011 10:59:05
VBASE013.VDF : 7.11.19.217 182784 Bytes 22.12.2011 10:59:08
VBASE014.VDF : 7.11.19.255 148480 Bytes 24.12.2011 15:59:12
VBASE015.VDF : 7.11.20.29 164352 Bytes 27.12.2011 15:59:15
VBASE016.VDF : 7.11.20.70 180224 Bytes 29.12.2011 12:22:27
VBASE017.VDF : 7.11.20.71 2048 Bytes 29.12.2011 12:22:27
VBASE018.VDF : 7.11.20.72 2048 Bytes 29.12.2011 12:22:28
VBASE019.VDF : 7.11.20.73 2048 Bytes 29.12.2011 12:22:28
VBASE020.VDF : 7.11.20.74 2048 Bytes 29.12.2011 12:22:30
VBASE021.VDF : 7.11.20.75 2048 Bytes 29.12.2011 12:22:32
VBASE022.VDF : 7.11.20.76 2048 Bytes 29.12.2011 12:22:32
VBASE023.VDF : 7.11.20.77 2048 Bytes 29.12.2011 12:22:32
VBASE024.VDF : 7.11.20.78 2048 Bytes 29.12.2011 12:22:33
VBASE025.VDF : 7.11.20.79 2048 Bytes 29.12.2011 12:22:33
VBASE026.VDF : 7.11.20.80 2048 Bytes 29.12.2011 12:22:33
VBASE027.VDF : 7.11.20.81 2048 Bytes 29.12.2011 12:22:33
VBASE028.VDF : 7.11.20.82 2048 Bytes 29.12.2011 12:22:34
VBASE029.VDF : 7.11.20.83 2048 Bytes 29.12.2011 12:22:34
VBASE030.VDF : 7.11.20.84 2048 Bytes 29.12.2011 12:22:34
VBASE031.VDF : 7.11.20.97 132608 Bytes 30.12.2011 12:27:18
Engineversion : 8.2.8.18
AEVDF.DLL : 8.1.2.2 106868 Bytes 29.10.2011 07:46:24
AESCRIPT.DLL : 8.1.3.95 479612 Bytes 29.12.2011 12:22:45
AESCN.DLL : 8.1.7.2 127349 Bytes 24.11.2010 19:17:42
AESBX.DLL : 8.2.4.5 434549 Bytes 02.12.2011 17:13:35
AERDL.DLL : 8.1.9.15 639348 Bytes 10.09.2011 18:44:10
AEPACK.DLL : 8.2.15.1 770423 Bytes 17.12.2011 03:16:08
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 31.12.2011 12:27:31
AEHEUR.DLL : 8.1.3.14 4260216 Bytes 31.12.2011 12:27:30
AEHELP.DLL : 8.1.18.0 254327 Bytes 29.10.2011 07:46:11
AEGEN.DLL : 8.1.5.17 405877 Bytes 08.12.2011 19:20:51
AEEMU.DLL : 8.1.3.0 393589 Bytes 24.11.2010 19:17:34
AECORE.DLL : 8.1.24.3 201079 Bytes 29.12.2011 12:22:35
AEBB.DLL : 8.1.1.0 53618 Bytes 24.04.2010 09:09:53
AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 09:59:10
AVPREF.DLL : 10.0.3.2 44904 Bytes 02.07.2011 18:20:29
AVREP.DLL : 10.0.0.10 174120 Bytes 27.05.2011 02:30:45
AVARKT.DLL : 10.0.26.1 255336 Bytes 02.07.2011 18:20:29
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 02.07.2011 18:20:29
SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 10:57:53
AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 13:38:54
NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 12:40:55
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 02.07.2011 18:20:29
RCTEXT.DLL : 10.0.64.0 98664 Bytes 02.07.2011 18:20:29

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Suche nach Rootkits und aktiver Malware
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\PROFILES\rootkit.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Optimierter Suchlauf..................: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: aus
Archiv Smart Extensions...............: ein
Abweichende Archivtypen...............: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, +ISO 9660,
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig
Abweichende Gefahrenkategorien........: +PCK,+PFS,+SPR,

Beginn des Suchlaufs: Sonntag, 1. Januar 2012 18:15

Der Suchlauf nach versteckten Objekten wird begonnen.
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows CE Services\symboliclinkvalue
[HINWEIS] Der Registrierungseintrag ist nicht sichtbar.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '102' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '74' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '132' Modul(e) wurden durchsucht
Durchsuche Prozess 'ArcCon.ac' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACDaemon.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuschd2.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAAnotif.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDWinSec.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAANTMon.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'TestHandler.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.exe' - '50' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACService.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'aavus.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '49' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '155' Dateien ).

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:' <System>

Ende des Suchlaufs: Sonntag, 1. Januar 2012 19:17
Benötigte Zeit: 1:01:52 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

34444 Verzeichnisse wurden überprüft
765947 Dateien wurden geprüft
0 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
765947 Dateien ohne Befall
17572 Archive wurden durchsucht
0 Warnungen
1 Hinweise
463011 Objekte wurden beim Rootkitscan durchsucht
1 Versteckte Objekte wurden gefunden

_________________________________________________________________

OTL-scanOTL Logfile:

Code:

ATTFilter

OTL logfile created on: 1/1/2012 7:27:36 PM - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\RSST\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5.97 Gb Total Physical Memory | 3.96 Gb Available Physical Memory | 66.43% Memory free
11.93 Gb Paging File | 9.97 Gb Available in Paging File | 83.54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60.00 Gb Total Space | 19.24 Gb Free Space | 32.07% Space Free | Partition Type: NTFS
Drive D: | 403.75 Gb Total Space | 375.75 Gb Free Space | 93.07% Space Free | Partition Type: NTFS
 
Computer Name: RSST-PC | User Name: RSST | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/01/01 16:58:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\RSST\Desktop\OTL.exe
PRC - [2011/12/08 01:36:42 | 000,421,736 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunesHelper.exe
PRC - [2011/12/03 13:12:22 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2011/07/02 19:20:29 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/27 18:02:29 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/10/30 21:46:16 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/10/27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/06/05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009/02/19 14:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) -- C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- D:\Neu installierte Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/24 16:35:44 | 000,128,296 | ---- | M] () -- D:\Steuer-Spar-Erklaerung 2010 von Bild\AAVUpdateManager\aavus.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/12/03 13:12:21 | 001,989,592 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/06/06 20:40:55 | 006,271,136 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/01 18:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011/12/14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/07/02 19:20:29 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 18:02:29 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2009/02/19 14:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) [Auto | Running] -- C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- D:\Neu installierte Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/10/24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- D:\Steuer-Spar-Erklaerung 2010 von Bild\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/02 19:20:30 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/02 19:20:30 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/01 10:13:36 | 001,100,320 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/08/21 12:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/01 11:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/07/01 11:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 11:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 11:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/04 15:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/07 14:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSA&amp;bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.ts.fujitsu.com/index2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ts.fujitsu.com/index2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0B 77 1F 51 72 97 CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010/12/04 14:29:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/05/10 12:07:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/03 13:12:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/12/18 14:38:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010/04/01 18:52:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RSST\AppData\Roaming\mozilla\Extensions
[2010/04/01 18:52:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RSST\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/01/01 11:36:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RSST\AppData\Roaming\mozilla\Firefox\Profiles\5k0bcngu.default\extensions
[2011/12/29 15:26:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/12/29 15:26:53 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2011/12/29 15:26:53 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF
[2011/12/03 13:12:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/23 13:01:06 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/11/23 13:01:06 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/23 13:01:06 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/23 13:01:06 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/23 13:01:06 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/11/23 13:01:06 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Neu installierte Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunesHelper.exe (Apple Inc.)
O4 - HKCU..\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000  File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] D:\Neu installierte Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Neu installierte Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92A82E5E-23B7-411E-996B-D10405AE0190}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/01 15:18:54 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{55141733-5b0d-11de-9ace-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{55141733-5b0d-11de-9ace-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/01 16:59:49 | 000,000,000 | ---D | C] -- C:\Users\RSST\AppData\Roaming\Malwarebytes
[2012/01/01 16:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/01 16:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/01 16:59:42 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/01 16:58:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\RSST\Desktop\OTL.exe
[2012/01/01 15:18:37 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/01/01 15:18:37 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011/12/29 15:26:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2011/12/29 15:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2011/12/29 15:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar
[2011/12/29 14:08:47 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2011/12/29 14:08:46 | 000,256,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2011/12/29 14:08:46 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2011/12/29 14:08:46 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011/12/29 14:08:46 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2011/12/29 14:08:46 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2011/12/29 14:08:45 | 000,482,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2011/12/29 14:08:45 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2011/12/29 14:08:45 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011/12/29 14:08:45 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011/12/29 14:08:45 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011/12/29 14:08:45 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011/12/29 14:08:45 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011/12/29 14:08:45 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2011/12/29 14:08:45 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2011/12/29 14:01:50 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2011/12/29 14:01:50 | 000,422,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2011/12/29 14:01:50 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2011/12/29 14:01:50 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2011/12/29 14:01:50 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2011/12/29 14:01:50 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2011/12/29 14:01:50 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2011/12/29 14:01:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2011/12/29 14:01:50 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2011/12/29 14:01:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2011/12/29 14:01:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2011/12/29 14:01:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2011/12/29 14:01:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/12/29 14:01:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2011/12/29 14:01:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/12/29 14:01:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2011/12/29 14:01:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2011/12/29 14:01:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2011/12/29 14:01:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/12/29 14:01:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2011/12/29 14:01:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2011/12/29 14:01:48 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2011/12/29 14:01:48 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2011/12/29 14:01:48 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2011/12/29 14:01:48 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2011/12/29 14:01:48 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2011/12/29 14:01:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2011/12/29 14:01:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2011/12/29 14:01:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2011/12/29 14:01:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2011/12/29 14:01:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2011/12/29 14:01:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2011/12/29 14:01:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2011/12/29 14:01:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2011/12/29 14:01:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2011/12/29 14:01:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2011/12/29 14:01:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2011/12/29 14:01:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011/12/29 14:01:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2011/12/29 14:01:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/12/29 14:01:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2011/12/29 14:01:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2011/12/29 14:01:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2011/12/29 14:01:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2011/12/29 14:01:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/12/29 14:01:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2011/12/29 14:01:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2011/12/29 14:01:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2011/12/29 14:01:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2011/12/29 14:01:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2011/12/29 14:01:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2011/12/29 14:01:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2011/12/29 14:01:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2011/12/29 14:01:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2011/12/29 14:01:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2011/12/29 14:01:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2011/12/29 14:01:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2011/12/29 14:01:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2011/12/29 14:01:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/12/29 14:01:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2011/12/29 14:01:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2011/12/29 14:01:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2011/12/29 14:01:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2011/12/29 14:01:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2011/12/29 14:01:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2011/12/29 14:01:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2011/12/29 14:01:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2011/12/29 14:01:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2011/12/29 14:01:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2011/12/29 14:01:45 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011/12/29 14:01:45 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011/12/29 14:01:45 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSNP.ax
[2011/12/29 14:01:45 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSNP.ax
[2011/12/29 14:01:45 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011/12/29 14:01:45 | 000,104,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Mpeg2Data.ax
[2011/12/29 14:01:45 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011/12/29 14:01:45 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MSDvbNP.ax
[2011/12/29 14:01:45 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Mpeg2Data.ax
[2011/12/29 14:01:44 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSDvbNP.ax
[2011/12/29 14:01:40 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbcjt32.dll
[2011/12/29 14:01:40 | 000,212,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbctrac.dll
[2011/12/29 14:01:40 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbctrac.dll
[2011/12/29 14:01:40 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccp32.dll
[2011/12/29 14:01:40 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccp32.dll
[2011/12/29 14:01:40 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccu32.dll
[2011/12/29 14:01:40 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\odbccr32.dll
[2011/12/29 14:01:40 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccu32.dll
[2011/12/29 14:01:40 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\odbccr32.dll
[2011/12/29 14:01:39 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2011/12/29 14:01:38 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xmllite.dll
[2011/12/29 14:00:02 | 005,507,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2011/12/29 14:00:01 | 003,957,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2011/12/29 14:00:00 | 003,902,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2011/12/29 13:59:53 | 002,566,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\esent.dll
[2011/12/29 13:59:53 | 001,686,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\esent.dll
[2011/12/29 13:59:53 | 000,187,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys
[2011/12/29 13:59:53 | 000,107,904 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdsata.sys
[2011/12/29 13:59:53 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsutil.exe
[2011/12/29 13:59:53 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\fsutil.exe
[2011/12/29 13:59:53 | 000,027,008 | ---- | C] (Advanced Micro Devices) -- C:\Windows\SysNative\drivers\amdxata.sys
[2011/12/29 13:59:45 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2011/12/29 13:59:45 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2011/12/29 13:59:44 | 000,861,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011/12/29 13:59:44 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011/12/21 01:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/21 01:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Plugins
[2011/12/21 01:33:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunesHelper.Resources
[2011/12/21 01:32:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes.Resources
[2011/12/21 01:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/21 01:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/21 01:32:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CD Configuration
[2011/12/21 01:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/12/21 01:30:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/12/20 23:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/12/20 21:26:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Audible
[2011/12/20 21:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
[2011/12/20 21:26:49 | 000,000,000 | ---D | C] -- C:\Users\RSST\Documents\Audible
[2011/12/20 21:26:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audible
[2011/12/18 19:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BILD-Steuer 2010
[2011/12/08 01:36:46 | 000,293,736 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesOutlookAddIn.dll
[2011/12/08 01:36:42 | 000,421,736 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesHelper.exe
[2011/12/08 01:36:42 | 000,403,304 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesAdmin.dll
[2011/12/08 01:36:42 | 000,156,520 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesHelper.dll
[2011/12/08 01:36:36 | 009,777,000 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunes.exe
[2011/12/08 01:36:32 | 020,864,360 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunes.dll
[2011/12/08 01:36:30 | 003,029,528 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_dsp.dll
[2011/12/08 01:36:30 | 000,797,208 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_sdkmanager.dll
[2011/12/08 01:36:30 | 000,281,112 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_submit.dll
[2011/12/08 01:36:30 | 000,240,152 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_musicid.dll
[2011/11/14 20:16:44 | 000,112,488 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\ITDetector.ocx
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/01 19:07:02 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/01 18:59:55 | 000,050,477 | ---- | M] () -- C:\Users\RSST\Desktop\Defogger.exe
[2012/01/01 16:59:44 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/01/01 16:58:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\RSST\Desktop\OTL.exe
[2012/01/01 16:55:49 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/01 16:55:49 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/01 16:52:33 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/01 16:52:33 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/01/01 16:52:33 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/01 16:52:33 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/01/01 16:52:33 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/01 16:48:29 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/01 16:47:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/01 16:47:46 | 509,038,591 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/01 15:18:54 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2011/12/29 15:19:52 | 000,435,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/29 15:00:08 | 000,001,147 | ---- | M] () -- C:\Users\RSST\Desktop\avira_antivir_personal_de - Verknüpfung.lnk
[2011/12/27 17:26:09 | 000,001,766 | ---- | M] () -- C:\Windows\tasks\hpwebreg_CN07D1P02Y05HX.job
[2011/12/21 01:33:26 | 000,001,688 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/18 19:00:42 | 000,001,793 | ---- | M] () -- C:\Users\Public\Desktop\BILD-Steuer 2010.lnk
[2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/08 01:36:46 | 000,293,736 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunesOutlookAddIn.dll
[2011/12/08 01:36:42 | 000,421,736 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunesHelper.exe
[2011/12/08 01:36:42 | 000,403,304 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunesAdmin.dll
[2011/12/08 01:36:42 | 000,156,520 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunesHelper.dll
[2011/12/08 01:36:36 | 009,777,000 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes.exe
[2011/12/08 01:36:32 | 020,864,360 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunes.dll
[2011/12/08 01:36:30 | 003,029,528 | ---- | M] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_dsp.dll
[2011/12/08 01:36:30 | 000,797,208 | ---- | M] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_sdkmanager.dll
[2011/12/08 01:36:30 | 000,281,112 | ---- | M] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_submit.dll
[2011/12/08 01:36:30 | 000,240,152 | ---- | M] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_musicid.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/01/01 18:59:26 | 000,050,477 | ---- | C] () -- C:\Users\RSST\Desktop\Defogger.exe
[2012/01/01 16:59:44 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/01/01 15:18:54 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2011/12/29 15:00:08 | 000,001,147 | ---- | C] () -- C:\Users\RSST\Desktop\avira_antivir_personal_de - Verknüpfung.lnk
[2011/12/21 01:33:26 | 000,001,688 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/18 19:00:42 | 000,001,793 | ---- | C] () -- C:\Users\Public\Desktop\BILD-Steuer 2010.lnk
[2011/11/14 20:15:32 | 000,064,083 | ---- | C] () -- C:\Program Files (x86)\Acknowledgements.rtf
[2011/07/25 13:47:36 | 000,000,000 | ---- | C] () -- C:\Users\RSST\AppData\Local\{6747AD8D-8366-40F5-9CED-F39C26A63F5F}
[2011/06/01 21:04:09 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Screen Savers
[2011/06/01 21:04:09 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Sci-Fi
[2011/06/01 21:04:09 | 000,000,268 | RH-- | C] () -- C:\Users\RSST\AppData\Roaming\Sampler Files
[2011/06/01 21:04:09 | 000,000,268 | RH-- | C] () -- C:\Users\RSST\AppData\Roaming\Sample Delay
[2011/06/01 21:04:09 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/06/01 21:04:09 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/06/01 21:04:09 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2010/06/19 08:25:29 | 000,007,605 | ---- | C] () -- C:\Users\RSST\AppData\Local\Resmon.ResmonCfg
[2009/07/30 12:49:22 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1061 bytes -> C:\Users\RSST\Documents\preiswerte-lichtmaschinen.de _ Reklamationsformular.eml:OECustomProperty
 
< End of report >

--- --- ---

Ich weiß ja nicht, obs eine Rolle spielt, aber die Gruppe
[2011/12/29 15:26:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2011/12/29 15:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2011/12/29 15:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar

könnte am 29.12. während einer Session, in der ich versuchte den geschlossenen AVIRA Schirmwieder mal wieder zu öffnen (ging schliesslich über Windowsaktualisierungen) eingefangen worden sein.

Wenn Ihr noch was braucht....

Schöne Grüße

RS

cosinus · 02.01.2012, 16:28

Wo sind die Logs von Malwarebytes? Bitte immer alle posten, egal ob Fund oder kein Fund.

spartacus111 · 02.01.2012, 18:12

Hi cosinus,

danke für die response.

Hier die letzten drei (Mehr habe ich eh nicht ) Logs.

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.01.02

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
MEIN PC :: MEIN PC-PC [Administrator]

01.01.2012 17:07:04
mbam-log-2012-01-01 (17-07-04).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 383220
Laufzeit: 55 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

________________________________________________________

Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.01.03

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
RSST :: RSST-PC [Administrator]

01.01.2012 23:17:26
mbam-log-2012-01-01 (23-17-26).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 207831
Laufzeit: 2 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

___________________________________________________________
aktuell:
________________
Malwarebytes Anti-Malware 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.01.03

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
RSST :: RSST-PC [Administrator]

02.01.2012 10:22:41
mbam-log-2012-01-02 (10-22-41).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 383355
Laufzeit: 55 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

edit: habe grade gesehen, daß beim letzten log die Systemzeit nicht stimmte (defekte CMOS-Batterie?)
Scan war gg 18:00 Uhr

cosinus · 02.01.2012, 20:55

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

spartacus111 · 02.01.2012, 23:01

hi cosinus,

wow das dauert ja ein weilchen (danke in diesem Zusammenhang für Deine Geduld),

der die das log (ausgeführt allerdings im Normalmodus - wie alle Scans - nur um es erwähnt zu haben) - virenscnanner aus, WLAN aus

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7478ad8bd76f19439707308f0d9e62f3
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-02 07:44:34
# local_time=2012-01-02 08:44:34 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1797 16775165 100 94 122305 62073234 194656 0
# compatibility_mode=5893 16776573 100 94 40299 77162628 0 0
# compatibility_mode=8192 67108863 100 0 3870 3870 0 0
# scanned=298
# found=0
# cleaned=0
# scan_time=697
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7478ad8bd76f19439707308f0d9e62f3
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-02 09:55:47
# local_time=2012-01-02 10:55:47 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode=1797 16775165 100 94 125086 62076015 197437 0
# compatibility_mode=5893 16776573 100 94 43080 77165409 0 0
# compatibility_mode=8192 67108863 100 0 6651 6651 0 0
# scanned=185671
# found=11
# cleaned=0
# scan_time=5787
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\68bd2.msi a variant of Win32/Adware.Toolbar.Dealio application (unable to clean) 00000000000000000000000000000000 I
${Memory} a variant of Win32/Adware.Toolbar.Dealio application 00000000000000000000000000000000 I

Gute Nacht
Muss morgen wieder schaffen - kann mich also erst am abend wieder an die Kiste setzen.

Grüsse
RS

cosinus · 02.01.2012, 23:09

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

spartacus111 · 02.01.2012, 23:42

Normaler Lauf im Anhang

....ansonsten customized run

Code:

ATTFilter

OTL logfile created on: 1/2/2012 11:24:04 PM - Run 6
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\RSST\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5.97 Gb Total Physical Memory | 4.60 Gb Available Physical Memory | 77.16% Memory free
11.93 Gb Paging File | 10.50 Gb Available in Paging File | 88.01% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 60.00 Gb Total Space | 18.56 Gb Free Space | 30.93% Space Free | Partition Type: NTFS
Drive D: | 403.75 Gb Total Space | 375.75 Gb Free Space | 93.07% Space Free | Partition Type: NTFS
 
Computer Name: RSST-PC | User Name: RSST | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/01/01 16:58:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\RSST\Desktop\OTL.exe
PRC - [2011/12/08 01:36:42 | 000,421,736 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\iTunesHelper.exe
PRC - [2011/07/02 19:20:29 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/04/27 18:02:29 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010/10/30 21:46:16 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/10/27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010/08/25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009/06/05 03:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009/02/19 14:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) -- C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- D:\Neu installierte Programme\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/10/24 16:35:44 | 000,128,296 | ---- | M] () -- D:\Steuer-Spar-Erklaerung 2010 von Bild\AAVUpdateManager\aavus.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/01 18:54:02 | 000,864,032 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2011/12/14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/07/02 19:20:29 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/04/27 18:02:29 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/05 03:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R)
SRV - [2009/02/19 14:46:26 | 000,341,264 | ---- | M] (Fujitsu Technology Solutions) [Auto | Running] -- C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe -- (TestHandler)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- D:\Neu installierte Programme\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/10/24 16:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- D:\Steuer-Spar-Erklaerung 2010 von Bild\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2007/05/31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/08/02 17:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/07/02 19:20:30 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/07/02 19:20:30 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/06/23 09:10:56 | 000,344,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/04/01 10:13:36 | 001,100,320 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se)
DRV:64bit: - [2009/08/21 12:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/07/14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009/07/14 00:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM)
DRV:64bit: - [2009/07/01 11:46:58 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009/07/01 11:46:52 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009/07/01 11:46:48 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009/07/01 11:46:40 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/06/04 15:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009/05/18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009/04/07 14:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSA&amp;bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.ts.fujitsu.com/index2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.ts.fujitsu.com/index2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0B 77 1F 51 72 97 CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\Firefox [2010/12/04 14:29:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/05/10 12:07:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011/12/03 13:12:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011/12/18 14:38:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2010/04/01 18:52:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RSST\AppData\Roaming\mozilla\Extensions
[2010/04/01 18:52:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RSST\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/01/01 11:36:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\RSST\AppData\Roaming\mozilla\Firefox\Profiles\5k0bcngu.default\extensions
[2011/12/29 15:26:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011/12/29 15:26:53 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2011/12/29 15:26:53 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF
[2011/12/03 13:12:22 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/11/23 13:01:06 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/11/23 13:01:06 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/11/23 13:01:06 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/11/23 13:01:06 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/11/23 13:01:06 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/11/23 13:01:06 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Neu installierte Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunesHelper.exe (Apple Inc.)
O4 - HKCU..\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Neu installierte Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{92A82E5E-23B7-411E-996B-D10405AE0190}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/01 15:18:54 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{55141733-5b0d-11de-9ace-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{55141733-5b0d-11de-9ace-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk -  - File not found
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk - C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe - (Broadcom Corporation.)
MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig:64bit - StartUpReg: Bing Bar - hkey= - key= - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe (Microsoft Corp.)
MsConfig:64bit - StartUpReg: fts-reg - hkey= - key= - C:\fts-reg\ftsreg.exe (Fujitsu)
MsConfig:64bit - StartUpReg: Fujitsu OSD Utility - hkey= - key= - C:\PROGRA~2\FUJITS~2\OSDUTI~1.EXE (Fujitsu Technology Solutions)
MsConfig:64bit - StartUpReg: Fujitsu Wireless Control - hkey= - key= - C:\PROGRA~2\FUJITS~2\WIRELE~1.EXE (Quanta Company)
MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunesHelper.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: Launch Manager - hkey= - key= - C:\PROGRA~2\FUJITS~1\LAUNCH~1.EXE (Fujitsu Technology Solutions)
MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.)
MsConfig:64bit - StartUpReg: RegistryBooster - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
MsConfig:64bit - StartUpReg: Windows Mobile Device Center - hkey= - key= - C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
MsConfig:64bit - StartUpReg: YouCam Mirror Tray icon - hkey= - key= - C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "services" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/02 21:48:18 | 002,322,184 | ---- | C] (ESET) -- C:\Users\RSST\Desktop\esetsmartinstaller_enu.exe
[2012/01/02 20:28:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/01/01 19:29:31 | 000,000,000 | ---D | C] -- C:\Users\RSST\Desktop\Scan
[2012/01/01 16:59:49 | 000,000,000 | ---D | C] -- C:\Users\RSST\AppData\Roaming\Malwarebytes
[2012/01/01 16:59:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/01/01 16:59:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/01/01 16:59:42 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/01/01 16:58:18 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\RSST\Desktop\OTL.exe
[2012/01/01 15:18:37 | 000,000,000 | ---D | C] -- C:\sh4ldr
[2012/01/01 15:18:37 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2011/12/29 15:26:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2011/12/29 15:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2011/12/29 15:26:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar
[2011/12/21 01:33:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011/12/21 01:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Plugins
[2011/12/21 01:33:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunesHelper.Resources
[2011/12/21 01:32:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes.Resources
[2011/12/21 01:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/12/21 01:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/12/21 01:32:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CD Configuration
[2011/12/21 01:30:15 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/12/21 01:30:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour
[2011/12/20 23:33:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2011/12/20 21:26:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Audible
[2011/12/20 21:26:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
[2011/12/20 21:26:49 | 000,000,000 | ---D | C] -- C:\Users\RSST\Documents\Audible
[2011/12/20 21:26:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audible
[2011/12/18 19:00:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BILD-Steuer 2010
[2011/12/08 01:36:46 | 000,293,736 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesOutlookAddIn.dll
[2011/12/08 01:36:42 | 000,421,736 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesHelper.exe
[2011/12/08 01:36:42 | 000,403,304 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesAdmin.dll
[2011/12/08 01:36:42 | 000,156,520 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunesHelper.dll
[2011/12/08 01:36:36 | 009,777,000 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunes.exe
[2011/12/08 01:36:32 | 020,864,360 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\iTunes.dll
[2011/12/08 01:36:30 | 003,029,528 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_dsp.dll
[2011/12/08 01:36:30 | 000,797,208 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_sdkmanager.dll
[2011/12/08 01:36:30 | 000,281,112 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_submit.dll
[2011/12/08 01:36:30 | 000,240,152 | ---- | C] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_musicid.dll
[2011/11/14 20:16:44 | 000,112,488 | ---- | C] (Apple Inc.) -- C:\Program Files (x86)\ITDetector.ocx
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/02 23:20:59 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/02 23:20:59 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/02 23:19:05 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/02 23:19:05 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/01/02 23:19:05 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/02 23:19:05 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/01/02 23:19:05 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/02 23:13:24 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/01/02 23:13:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/02 23:13:02 | 509,038,591 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/02 23:07:05 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/01/02 20:28:00 | 002,322,184 | ---- | M] (ESET) -- C:\Users\RSST\Desktop\esetsmartinstaller_enu.exe
[2012/01/01 18:59:55 | 000,050,477 | ---- | M] () -- C:\Users\RSST\Desktop\Defogger.exe
[2012/01/01 16:59:44 | 000,000,825 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/01/01 16:58:23 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\RSST\Desktop\OTL.exe
[2012/01/01 15:18:54 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2011/12/29 15:19:52 | 000,435,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/29 15:00:08 | 000,001,147 | ---- | M] () -- C:\Users\RSST\Desktop\avira_antivir_personal_de - Verknüpfung.lnk
[2011/12/27 17:26:09 | 000,001,766 | ---- | M] () -- C:\Windows\tasks\hpwebreg_CN07D1P02Y05HX.job
[2011/12/21 01:33:26 | 000,001,688 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/18 19:00:42 | 000,001,793 | ---- | M] () -- C:\Users\Public\Desktop\BILD-Steuer 2010.lnk
[2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011/12/08 01:36:30 | 003,029,528 | ---- | M] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_dsp.dll
[2011/12/08 01:36:30 | 000,797,208 | ---- | M] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_sdkmanager.dll
[2011/12/08 01:36:30 | 000,281,112 | ---- | M] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_submit.dll
[2011/12/08 01:36:30 | 000,240,152 | ---- | M] (Gracenote, Inc.) -- C:\Program Files (x86)\gnsdk_musicid.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/01/01 18:59:26 | 000,050,477 | ---- | C] () -- C:\Users\RSST\Desktop\Defogger.exe
[2012/01/01 16:59:44 | 000,000,825 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/01/01 15:18:54 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2011/12/29 15:00:08 | 000,001,147 | ---- | C] () -- C:\Users\RSST\Desktop\avira_antivir_personal_de - Verknüpfung.lnk
[2011/12/21 01:33:26 | 000,001,688 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011/12/18 19:00:42 | 000,001,793 | ---- | C] () -- C:\Users\Public\Desktop\BILD-Steuer 2010.lnk
[2011/11/14 20:15:32 | 000,064,083 | ---- | C] () -- C:\Program Files (x86)\Acknowledgements.rtf
[2011/07/25 13:47:36 | 000,000,000 | ---- | C] () -- C:\Users\RSST\AppData\Local\{6747AD8D-8366-40F5-9CED-F39C26A63F5F}
[2011/06/01 21:04:09 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Screen Savers
[2011/06/01 21:04:09 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Sci-Fi
[2011/06/01 21:04:09 | 000,000,268 | RH-- | C] () -- C:\Users\RSST\AppData\Roaming\Sampler Files
[2011/06/01 21:04:09 | 000,000,268 | RH-- | C] () -- C:\Users\RSST\AppData\Roaming\Sample Delay
[2011/06/01 21:04:09 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2011/06/01 21:04:09 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2011/06/01 21:04:09 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2010/06/19 08:25:29 | 000,007,605 | ---- | C] () -- C:\Users\RSST\AppData\Local\Resmon.ResmonCfg
[2009/07/30 12:49:22 | 000,040,448 | ---- | C] () -- C:\Windows\REGOBJ.DLL
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\Windows\SysWow64\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\SysWow64\AgCPanelFrench.dll
 
========== LOP Check ==========
 
[2011/06/02 15:42:48 | 000,000,000 | ---D | M] -- C:\Users\RSST\AppData\Roaming\Amazon
[2011/06/07 19:56:26 | 000,000,000 | ---D | M] -- C:\Users\RSST\AppData\Roaming\Langenscheidt
[2011/06/01 21:06:04 | 000,000,000 | ---D | M] -- C:\Users\RSST\AppData\Roaming\Nikon
[2010/11/08 14:34:55 | 000,000,000 | ---D | M] -- C:\Users\RSST\AppData\Roaming\OpenOffice.org
[2010/04/01 18:52:35 | 000,000,000 | ---D | M] -- C:\Users\RSST\AppData\Roaming\Thunderbird
[2010/12/08 19:56:46 | 000,000,000 | ---D | M] -- C:\Users\RSST\AppData\Roaming\Transcend
[2010/11/10 17:26:20 | 000,000,000 | ---D | M] -- C:\Users\RSST\AppData\Roaming\Uniblue
[2011/09/17 07:11:18 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009/12/18 13:58:50 | 000,000,000 | ---D | M] -- C:\Users\RSST\AppData\Roaming\Adobe
[2011/06/02 15:42:48 | 000,000,000 | ---D | M] -- C:\Users\RSST\AppData\Roaming\Amazon
[2010/03/21 16:50:29 | 000,000,000 | ---D | M] -- C:\Users\RSST\AppData\Roaming\Apple Computer
[2011/06/01 21:11:14 | 000,000,000 | ---D | M] -- C:\Users\RSST\AppData\Roaming\ArcSoft
[2010/03/28 15:27:39 | 000,000,000 | ---D | M] -- C:\Users\RSST\AppData\Roaming\Avira
[2009/12/16 20:25:44 | 000,000,000 | ---D | M] -- C:\Users\RSST\AppData\Roaming\CyberLink
[2009/12/16 19:19:39 | 000,000,000 | ---D | M] -- C:\Users\RSST\AppData\Roaming\Google
[2010/12/04 14:28:33 | 000,000,000 | ---D | M] -- C:\Users\RSST\AppData\Roaming\HpUpdate
[2009/12/16 19:14:16 | 000,000,000 | ---D | M] -- C:\Users\RSST\AppData\Roaming\Identities
[2011/06/07 19:56:26 | 000,000,000 | ---D | M] -- C:\Users\RSST\AppData\Roaming\Langenscheidt
[2009/12/16 19:23:47 | 000,000,000 | ---D | M] -- C:\Users\RSST\AppData\Roaming\Macromedia
[2012/01/01 16:59:49 | 000,000,000 | ---D | M] -- C:\Users\RSST\AppData\Roaming\Malwarebytes
[2009/07/14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\RSST\AppData\Roaming\Media Center Programs
[2011/06/07 19:58:52 | 000,000,000 | --SD | M] -- C:\Users\RSST\AppData\Roaming\Microsoft
[2011/03/21 20:10:28 | 000,000,000 | ---D | M] -- C:\Users\RSST\AppData\Roaming\Mozilla
[2010/01/20 20:20:20 | 000,000,000 | ---D | M] -- C:\Users\RSST\AppData\Roaming\Nero
[2011/06/01 21:06:04 | 000,000,000 | ---D | M] -- C:\Users\RSST\AppData\Roaming\Nikon
[2010/11/08 14:34:55 | 000,000,000 | ---D | M] -- C:\Users\RSST\AppData\Roaming\OpenOffice.org
[2010/04/01 18:52:35 | 000,000,000 | ---D | M] -- C:\Users\RSST\AppData\Roaming\Thunderbird
[2010/12/08 19:56:46 | 000,000,000 | ---D | M] -- C:\Users\RSST\AppData\Roaming\Transcend
[2010/11/10 17:26:20 | 000,000,000 | ---D | M] -- C:\Users\RSST\AppData\Roaming\Uniblue
 
< %APPDATA%\*.exe /s >
[2011/06/01 21:04:59 | 000,057,344 | R--- | M] (InstallShield Software Corp.) -- C:\Users\RSST\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
[2011/12/18 19:01:07 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\RSST\AppData\Roaming\Microsoft\Installer\{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}\ARPPRODUCTICON.exe
[2007/06/29 13:23:32 | 000,053,248 | ---- | M] (Prolific Technology Inc.) -- C:\Users\RSST\AppData\Roaming\Transcend\JFSW2\IoctlSvc.exe
[2010/02/03 12:23:06 | 000,176,128 | ---- | M] () -- C:\Users\RSST\AppData\Roaming\Transcend\JFSW2\JFSW2Launch.exe
[2010/02/03 12:22:48 | 000,049,152 | ---- | M] () -- C:\Users\RSST\AppData\Roaming\Transcend\JFSW2\PLIoctlInstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009/06/05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009/06/05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009/06/05 02:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009/06/05 02:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1061 bytes -> C:\Users\RSST\Documents\preiswerte-lichtmaschinen.de _ Reklamationsformular.eml:OECustomProperty

< End of report >

cosinus · 03.01.2012, 19:29

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
SRV - [2011/12/14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com/ig/redirectdomain?brand=FTSA&amp;bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.ts.fujitsu.com/index2 [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ts.fujitsu.com/index2
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0B 77 1F 51 72 97 CA 01  [binary data]
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398&ilc=12"
FF - prefs.js..keyword.URL: "http://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p="
[2011/12/29 15:26:53 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2011/12/29 15:26:53 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Neu installierte Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: [RegistryBooster] "C:\Program Files (x86)\Uniblue\RegistryBooster\launcher.exe" delay 20000  File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/01/01 15:18:54 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{55141733-5b0d-11de-9ace-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{55141733-5b0d-11de-9ace-806e6f6e6963}\Shell\AutoRun\command - "" = E:\start.exe
:Files
C:\Program Files (x86)\Uniblue
C:\Program Files (x86)\pdfforge Toolbar
C:\Program Files (x86)\Application Updater
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

spartacus111 · 03.01.2012, 19:49

Hi cosinus,

Code:

ATTFilter

All processes killed
========== OTL ==========
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll moved successfully.
Prefs.js: "chr-greentree_ff&type=302398&ilc=12" removed from browser.search.param.yahoo-fr
Prefs.js: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p=" removed from keyword.URL
C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM\components folder moved successfully.
C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM folder moved successfully.
C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF\chrome\skin folder moved successfully.
C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF\chrome\locale\EN-US folder moved successfully.
C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF\chrome\locale folder moved successfully.
C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF\chrome\content folder moved successfully.
C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF\chrome folder moved successfully.
C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
D:\Neu installierte Programme\Spybot - Search & Destroy\SDHelper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}\ deleted successfully.
C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8dcb7100-df86-4384-8842-8fa844297b3f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8dcb7100-df86-4384-8842-8fa844297b3f}\ deleted successfully.
File C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\RegistryBooster deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55141733-5b0d-11de-9ace-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55141733-5b0d-11de-9ace-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{55141733-5b0d-11de-9ace-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{55141733-5b0d-11de-9ace-806e6f6e6963}\ not found.
File E:\start.exe not found.
========== FILES ==========
File\Folder C:\Program Files (x86)\Uniblue not found.
C:\Program Files (x86)\pdfforge Toolbar\Res\Lang folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\Res folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE\4.9 folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE folder moved successfully.
C:\Program Files (x86)\pdfforge Toolbar folder moved successfully.
C:\Program Files (x86)\Application Updater folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Journal
 
User: Public
 
User: RegBack
 
User: RSST
->Temp folder emptied: 209289651 bytes
->Temporary Internet Files folder emptied: 129511482 bytes
->Java cache emptied: 2856282 bytes
->FireFox cache emptied: 346617633 bytes
->Apple Safari cache emptied: 9786368 bytes
->Flash cache emptied: 77851 bytes
 
User: systemprofile
 
User: TxR
 
User: Yuchuu
->Temporary Internet Files folder emptied: 402 bytes
->FireFox cache emptied: 3386430 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1707686 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 324228186 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85163 bytes
RecycleBin emptied: 125984099 bytes
 
Total Files Cleaned = 1,100.00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 01032012_193939

Files\Folders moved on Reboot...
C:\Users\RSST\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Danke derweil Rs

cosinus · 03.01.2012, 21:06

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

spartacus111 · 03.01.2012, 21:09

....wenn du jetzt so ausserordentlich darauf hinweist, daß folgende Aktion im normalen Modus auszuführen ist...
Bisher habe ich alle aktionen im normalen Mode ausgeführt...Problem?
RS

cosinus · 03.01.2012, 21:14

Nein ich poste hier Bausteine damit ich nicht ständig mir die Finger wund tippe. Deswegen war es auch nur dezent und in Klammern als Hinweis

spartacus111 · 03.01.2012, 21:19

O.K.

Code:

ATTFilter

21:12:44.0343 5076	TDSS rootkit removing tool 2.6.25.0 Dec 23 2011 14:51:16
21:12:44.0483 5076	============================================================
21:12:44.0483 5076	Current date / time: 2012/01/03 21:12:44.0483
21:12:44.0483 5076	SystemInfo:
21:12:44.0483 5076	
21:12:44.0483 5076	OS Version: 6.1.7600 ServicePack: 0.0
21:12:44.0483 5076	Product type: Workstation
21:12:44.0483 5076	ComputerName: RSST-PC
21:12:44.0484 5076	UserName: RSST
21:12:44.0484 5076	Windows directory: C:\Windows
21:12:44.0484 5076	System windows directory: C:\Windows
21:12:44.0484 5076	Running under WOW64
21:12:44.0484 5076	Processor architecture: Intel x64
21:12:44.0484 5076	Number of processors: 2
21:12:44.0484 5076	Page size: 0x1000
21:12:44.0484 5076	Boot type: Normal boot
21:12:44.0484 5076	============================================================
21:12:44.0963 5076	Initialize success
21:15:28.0914 0744	============================================================
21:15:28.0914 0744	Scan started
21:15:28.0914 0744	Mode: Manual; SigCheck; TDLFS; 
21:15:28.0914 0744	============================================================
21:15:29.0460 0744	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
21:15:29.0647 0744	1394ohci - ok
21:15:29.0788 0744	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
21:15:29.0835 0744	ACPI - ok
21:15:29.0881 0744	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
21:15:29.0959 0744	AcpiPmi - ok
21:15:30.0069 0744	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:15:30.0147 0744	adp94xx - ok
21:15:30.0240 0744	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:15:30.0303 0744	adpahci - ok
21:15:30.0349 0744	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:15:30.0396 0744	adpu320 - ok
21:15:30.0474 0744	AFD             (6ef20ddf3172e97d69f596fb90602f29) C:\Windows\system32\drivers\afd.sys
21:15:30.0568 0744	AFD - ok
21:15:30.0661 0744	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
21:15:30.0708 0744	agp440 - ok
21:15:30.0786 0744	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
21:15:30.0817 0744	aliide - ok
21:15:30.0849 0744	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
21:15:30.0880 0744	amdide - ok
21:15:30.0927 0744	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:15:30.0989 0744	AmdK8 - ok
21:15:31.0067 0744	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:15:31.0129 0744	AmdPPM - ok
21:15:31.0223 0744	amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
21:15:31.0270 0744	amdsata - ok
21:15:31.0317 0744	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:15:31.0363 0744	amdsbs - ok
21:15:31.0441 0744	amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
21:15:31.0473 0744	amdxata - ok
21:15:31.0644 0744	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
21:15:31.0785 0744	AppID - ok
21:15:31.0925 0744	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:15:31.0972 0744	arc - ok
21:15:32.0019 0744	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:15:32.0050 0744	arcsas - ok
21:15:32.0112 0744	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:15:32.0175 0744	AsyncMac - ok
21:15:32.0268 0744	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
21:15:32.0315 0744	atapi - ok
21:15:32.0455 0744	avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
21:15:32.0596 0744	avgntflt - ok
21:15:32.0689 0744	avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
21:15:32.0721 0744	avipbb - ok
21:15:32.0830 0744	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:15:32.0955 0744	b06bdrv - ok
21:15:33.0064 0744	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:15:33.0142 0744	b57nd60a - ok
21:15:33.0267 0744	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:15:33.0345 0744	Beep - ok
21:15:33.0454 0744	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:15:33.0516 0744	blbdrive - ok
21:15:33.0625 0744	bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
21:15:33.0750 0744	bowser - ok
21:15:33.0813 0744	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:15:33.0875 0744	BrFiltLo - ok
21:15:33.0891 0744	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:15:33.0937 0744	BrFiltUp - ok
21:15:33.0984 0744	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:15:34.0015 0744	Brserid - ok
21:15:34.0093 0744	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:15:34.0125 0744	BrSerWdm - ok
21:15:34.0203 0744	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:15:34.0249 0744	BrUsbMdm - ok
21:15:34.0312 0744	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:15:34.0343 0744	BrUsbSer - ok
21:15:34.0405 0744	BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
21:15:34.0468 0744	BthEnum - ok
21:15:34.0546 0744	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:15:34.0608 0744	BTHMODEM - ok
21:15:34.0686 0744	BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
21:15:34.0749 0744	BthPan - ok
21:15:34.0811 0744	BTHPORT         (21084ceb85280468c9aca3c805c0f8cf) C:\Windows\system32\Drivers\BTHport.sys
21:15:34.0905 0744	BTHPORT - ok
21:15:34.0983 0744	BTHUSB          (8504842634dd144c075b6b0c982ccec4) C:\Windows\system32\Drivers\BTHUSB.sys
21:15:35.0029 0744	BTHUSB - ok
21:15:35.0123 0744	btusbflt        (6e04458e98daf28826482e41a7a62df5) C:\Windows\system32\drivers\btusbflt.sys
21:15:35.0154 0744	btusbflt - ok
21:15:35.0232 0744	btwaudio        (6bcfdc2b5b7f66d484486d4bd4b39a6b) C:\Windows\system32\drivers\btwaudio.sys
21:15:35.0248 0744	btwaudio - ok
21:15:35.0296 0744	btwavdt         (82dc8b7c626e526681c1bebed2bc3ff9) C:\Windows\system32\DRIVERS\btwavdt.sys
21:15:35.0327 0744	btwavdt - ok
21:15:35.0405 0744	btwl2cap        (6149301dc3f81d6f9667a3fbac410975) C:\Windows\system32\DRIVERS\btwl2cap.sys
21:15:35.0420 0744	btwl2cap - ok
21:15:35.0530 0744	btwrchid        (28e105ad3b79f440bf94780f507bf66a) C:\Windows\system32\DRIVERS\btwrchid.sys
21:15:35.0545 0744	btwrchid - ok
21:15:35.0592 0744	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:15:35.0654 0744	cdfs - ok
21:15:35.0732 0744	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
21:15:35.0764 0744	cdrom - ok
21:15:35.0873 0744	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:15:35.0935 0744	circlass - ok
21:15:36.0013 0744	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:15:36.0044 0744	CLFS - ok
21:15:36.0169 0744	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:15:36.0216 0744	CmBatt - ok
21:15:36.0263 0744	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
21:15:36.0279 0744	cmdide - ok
21:15:36.0342 0744	CNG             (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\Windows\system32\Drivers\cng.sys
21:15:36.0404 0744	CNG - ok
21:15:36.0513 0744	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:15:36.0545 0744	Compbatt - ok
21:15:36.0591 0744	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
21:15:36.0654 0744	CompositeBus - ok
21:15:36.0732 0744	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:15:36.0763 0744	crcdisk - ok
21:15:36.0872 0744	DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
21:15:36.0919 0744	DfsC - ok
21:15:36.0981 0744	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:15:37.0106 0744	discache - ok
21:15:37.0200 0744	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:15:37.0231 0744	Disk - ok
21:15:37.0309 0744	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:15:37.0371 0744	drmkaud - ok
21:15:37.0449 0744	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
21:15:37.0496 0744	DXGKrnl - ok
21:15:37.0621 0744	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:15:37.0746 0744	ebdrv - ok
21:15:37.0917 0744	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:15:37.0964 0744	elxstor - ok
21:15:38.0027 0744	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
21:15:38.0105 0744	ErrDev - ok
21:15:38.0198 0744	esgiguard - ok
21:15:38.0276 0744	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:15:38.0370 0744	exfat - ok
21:15:38.0401 0744	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:15:38.0510 0744	fastfat - ok
21:15:38.0557 0744	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:15:38.0604 0744	fdc - ok
21:15:38.0651 0744	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:15:38.0682 0744	FileInfo - ok
21:15:38.0697 0744	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:15:38.0791 0744	Filetrace - ok
21:15:38.0822 0744	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:15:38.0853 0744	flpydisk - ok
21:15:38.0885 0744	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
21:15:38.0900 0744	FltMgr - ok
21:15:38.0931 0744	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:15:38.0947 0744	FsDepends - ok
21:15:38.0963 0744	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:15:38.0978 0744	Fs_Rec - ok
21:15:39.0041 0744	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:15:39.0087 0744	fvevol - ok
21:15:39.0134 0744	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:15:39.0165 0744	gagp30kx - ok
21:15:39.0306 0744	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:15:39.0321 0744	GEARAspiWDM - ok
21:15:39.0540 0744	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:15:39.0587 0744	hcw85cir - ok
21:15:39.0696 0744	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
21:15:39.0743 0744	HdAudAddService - ok
21:15:39.0789 0744	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
21:15:39.0821 0744	HDAudBus - ok
21:15:39.0883 0744	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:15:39.0914 0744	HidBatt - ok
21:15:39.0945 0744	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:15:40.0008 0744	HidBth - ok
21:15:40.0101 0744	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:15:40.0148 0744	HidIr - ok
21:15:40.0257 0744	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
21:15:40.0304 0744	HidUsb - ok
21:15:40.0351 0744	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
21:15:40.0382 0744	HpSAMD - ok
21:15:40.0445 0744	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
21:15:40.0585 0744	HTTP - ok
21:15:40.0601 0744	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
21:15:40.0616 0744	hwpolicy - ok
21:15:40.0663 0744	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:15:40.0694 0744	i8042prt - ok
21:15:40.0772 0744	iaStor          (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
21:15:40.0788 0744	iaStor - ok
21:15:40.0850 0744	iaStorV         (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
21:15:40.0881 0744	iaStorV - ok
21:15:41.0115 0744	igfx            (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:15:41.0334 0744	igfx - ok
21:15:41.0428 0744	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:15:41.0475 0744	iirsp - ok
21:15:41.0600 0744	IntcAzAudAddService (5ba1779e2c84fde2a5e201fff9c42c9c) C:\Windows\system32\drivers\RTKVHD64.sys
21:15:41.0662 0744	IntcAzAudAddService - ok
21:15:41.0694 0744	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
21:15:41.0709 0744	intelide - ok
21:15:41.0772 0744	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:15:41.0818 0744	intelppm - ok
21:15:41.0896 0744	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:15:41.0974 0744	IpFilterDriver - ok
21:15:42.0006 0744	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
21:15:42.0052 0744	IPMIDRV - ok
21:15:42.0146 0744	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:15:42.0193 0744	IPNAT - ok
21:15:42.0318 0744	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:15:42.0364 0744	IRENUM - ok
21:15:42.0411 0744	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
21:15:42.0442 0744	isapnp - ok
21:15:42.0474 0744	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
21:15:42.0505 0744	iScsiPrt - ok
21:15:42.0598 0744	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:15:42.0630 0744	kbdclass - ok
21:15:42.0676 0744	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
21:15:42.0723 0744	kbdhid - ok
21:15:42.0817 0744	KSecDD          (e8b6fcc9c83535c67f835d407620bd27) C:\Windows\system32\Drivers\ksecdd.sys
21:15:42.0848 0744	KSecDD - ok
21:15:42.0910 0744	KSecPkg         (a8c63880ef6f4d3fec7b616b9c060215) C:\Windows\system32\Drivers\ksecpkg.sys
21:15:42.0942 0744	KSecPkg - ok
21:15:42.0973 0744	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:15:43.0051 0744	ksthunk - ok
21:15:43.0176 0744	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:15:43.0269 0744	lltdio - ok
21:15:43.0378 0744	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:15:43.0410 0744	LSI_FC - ok
21:15:43.0441 0744	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:15:43.0472 0744	LSI_SAS - ok
21:15:43.0519 0744	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:15:43.0550 0744	LSI_SAS2 - ok
21:15:43.0628 0744	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:15:43.0675 0744	LSI_SCSI - ok
21:15:43.0706 0744	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:15:43.0800 0744	luafv - ok
21:15:43.0893 0744	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:15:43.0924 0744	megasas - ok
21:15:43.0971 0744	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:15:44.0002 0744	MegaSR - ok
21:15:44.0018 0744	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:15:44.0096 0744	Modem - ok
21:15:44.0174 0744	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:15:44.0236 0744	monitor - ok
21:15:44.0299 0744	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
21:15:44.0330 0744	mouclass - ok
21:15:44.0392 0744	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:15:44.0439 0744	mouhid - ok
21:15:44.0502 0744	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
21:15:44.0533 0744	mountmgr - ok
21:15:44.0564 0744	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
21:15:44.0595 0744	mpio - ok
21:15:44.0658 0744	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:15:44.0736 0744	mpsdrv - ok
21:15:44.0798 0744	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
21:15:44.0860 0744	MRxDAV - ok
21:15:44.0938 0744	mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:15:44.0985 0744	mrxsmb - ok
21:15:45.0032 0744	mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:15:45.0094 0744	mrxsmb10 - ok
21:15:45.0172 0744	mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:15:45.0204 0744	mrxsmb20 - ok
21:15:45.0250 0744	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
21:15:45.0282 0744	msahci - ok
21:15:45.0360 0744	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
21:15:45.0391 0744	msdsm - ok
21:15:45.0484 0744	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:15:45.0578 0744	Msfs - ok
21:15:45.0594 0744	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:15:45.0656 0744	mshidkmdf - ok
21:15:45.0750 0744	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
21:15:45.0781 0744	msisadrv - ok
21:15:45.0859 0744	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:15:45.0937 0744	MSKSSRV - ok
21:15:46.0015 0744	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:15:46.0124 0744	MSPCLOCK - ok
21:15:46.0124 0744	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:15:46.0202 0744	MSPQM - ok
21:15:46.0233 0744	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
21:15:46.0249 0744	MsRPC - ok
21:15:46.0296 0744	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
21:15:46.0311 0744	mssmbios - ok
21:15:46.0358 0744	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:15:46.0422 0744	MSTEE - ok
21:15:46.0454 0744	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:15:46.0485 0744	MTConfig - ok
21:15:46.0516 0744	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:15:46.0532 0744	Mup - ok
21:15:46.0672 0744	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:15:46.0750 0744	NativeWifiP - ok
21:15:46.0875 0744	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
21:15:46.0968 0744	NDIS - ok
21:15:47.0046 0744	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:15:47.0140 0744	NdisCap - ok
21:15:47.0234 0744	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:15:47.0312 0744	NdisTapi - ok
21:15:47.0358 0744	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
21:15:47.0436 0744	Ndisuio - ok
21:15:47.0452 0744	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
21:15:47.0514 0744	NdisWan - ok
21:15:47.0577 0744	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
21:15:47.0655 0744	NDProxy - ok
21:15:47.0717 0744	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:15:47.0811 0744	NetBIOS - ok
21:15:47.0858 0744	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
21:15:47.0920 0744	NetBT - ok
21:15:48.0029 0744	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:15:48.0060 0744	nfrd960 - ok
21:15:48.0123 0744	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:15:48.0216 0744	Npfs - ok
21:15:48.0232 0744	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:15:48.0294 0744	nsiproxy - ok
21:15:48.0372 0744	Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
21:15:48.0466 0744	Ntfs - ok
21:15:48.0544 0744	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:15:48.0622 0744	Null - ok
21:15:48.0716 0744	NVHDA           (ad37248bd442d41c9a896e53eb8a85ee) C:\Windows\system32\drivers\nvhda64v.sys
21:15:48.0747 0744	NVHDA - ok
21:15:49.0059 0744	nvlddmkm        (ed5211f6788c0522ae8baaa4eb5c72e1) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:15:49.0246 0744	nvlddmkm - ok
21:15:49.0371 0744	nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
21:15:49.0418 0744	nvraid - ok
21:15:49.0464 0744	nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
21:15:49.0496 0744	nvstor - ok
21:15:49.0605 0744	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
21:15:49.0636 0744	nv_agp - ok
21:15:49.0683 0744	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
21:15:49.0730 0744	ohci1394 - ok
21:15:49.0776 0744	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:15:49.0839 0744	Parport - ok
21:15:49.0886 0744	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
21:15:49.0917 0744	partmgr - ok
21:15:49.0948 0744	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
21:15:49.0979 0744	pci - ok
21:15:50.0026 0744	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
21:15:50.0042 0744	pciide - ok
21:15:50.0104 0744	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:15:50.0135 0744	pcmcia - ok
21:15:50.0166 0744	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:15:50.0198 0744	pcw - ok
21:15:50.0244 0744	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:15:50.0354 0744	PEAUTH - ok
21:15:50.0494 0744	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
21:15:50.0588 0744	PptpMiniport - ok
21:15:50.0634 0744	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:15:50.0666 0744	Processor - ok
21:15:50.0744 0744	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
21:15:50.0822 0744	Psched - ok
21:15:50.0946 0744	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:15:51.0040 0744	ql2300 - ok
21:15:51.0102 0744	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:15:51.0134 0744	ql40xx - ok
21:15:51.0180 0744	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:15:51.0243 0744	QWAVEdrv - ok
21:15:51.0321 0744	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:15:51.0399 0744	RasAcd - ok
21:15:51.0461 0744	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:15:51.0570 0744	RasAgileVpn - ok
21:15:51.0617 0744	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:15:51.0695 0744	Rasl2tp - ok
21:15:51.0789 0744	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:15:51.0882 0744	RasPppoe - ok
21:15:51.0929 0744	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:15:52.0038 0744	RasSstp - ok
21:15:52.0070 0744	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
21:15:52.0132 0744	rdbss - ok
21:15:52.0179 0744	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:15:52.0241 0744	rdpbus - ok
21:15:52.0272 0744	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:15:52.0350 0744	RDPCDD - ok
21:15:52.0444 0744	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:15:52.0569 0744	RDPENCDD - ok
21:15:52.0616 0744	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:15:52.0725 0744	RDPREFMP - ok
21:15:52.0787 0744	RDPWD           (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\Windows\system32\drivers\RDPWD.sys
21:15:52.0896 0744	RDPWD - ok
21:15:52.0974 0744	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
21:15:53.0037 0744	rdyboost - ok
21:15:53.0115 0744	RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
21:15:53.0146 0744	RFCOMM - ok
21:15:53.0193 0744	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:15:53.0240 0744	rspndr - ok
21:15:53.0302 0744	RSUSBSTOR       (2db8116d52b19216812c4e6d5d837810) C:\Windows\system32\Drivers\RtsUStor.sys
21:15:53.0349 0744	RSUSBSTOR - ok
21:15:53.0458 0744	RTL8167         (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:15:53.0489 0744	RTL8167 - ok
21:15:53.0598 0744	rtl8192se       (8e843c0340c30994161c10fba87eea18) C:\Windows\system32\DRIVERS\rtl8192se.sys
21:15:53.0630 0744	rtl8192se - ok
21:15:53.0708 0744	RtsUIR - ok
21:15:53.0770 0744	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
21:15:53.0817 0744	sbp2port - ok
21:15:53.0879 0744	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
21:15:53.0973 0744	scfilter - ok
21:15:54.0082 0744	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:15:54.0144 0744	secdrv - ok
21:15:54.0191 0744	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:15:54.0207 0744	Serenum - ok
21:15:54.0222 0744	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:15:54.0238 0744	Serial - ok
21:15:54.0285 0744	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:15:54.0332 0744	sermouse - ok
21:15:54.0394 0744	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
21:15:54.0441 0744	sffdisk - ok
21:15:54.0519 0744	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
21:15:54.0550 0744	sffp_mmc - ok
21:15:54.0581 0744	sffp_sd         (178298f767fe638c9fedcbdef58bb5e4) C:\Windows\system32\DRIVERS\sffp_sd.sys
21:15:54.0628 0744	sffp_sd - ok
21:15:54.0706 0744	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:15:54.0737 0744	sfloppy - ok
21:15:54.0831 0744	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:15:54.0862 0744	SiSRaid2 - ok
21:15:54.0924 0744	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:15:54.0956 0744	SiSRaid4 - ok
21:15:55.0034 0744	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:15:55.0112 0744	Smb - ok
21:15:55.0221 0744	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:15:55.0236 0744	spldr - ok
21:15:55.0346 0744	srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
21:15:55.0408 0744	srv - ok
21:15:55.0517 0744	srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
21:15:55.0564 0744	srv2 - ok
21:15:55.0626 0744	srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
21:15:55.0673 0744	srvnet - ok
21:15:55.0782 0744	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:15:55.0814 0744	stexstor - ok
21:15:55.0860 0744	StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
21:15:55.0907 0744	StillCam - ok
21:15:56.0001 0744	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
21:15:56.0032 0744	swenum - ok
21:15:56.0141 0744	Tcpip           (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
21:15:56.0266 0744	Tcpip - ok
21:15:56.0375 0744	TCPIP6          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
21:15:56.0422 0744	TCPIP6 - ok
21:15:56.0500 0744	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
21:15:56.0594 0744	tcpipreg - ok
21:15:56.0687 0744	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:15:56.0765 0744	TDPIPE - ok
21:15:56.0781 0744	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:15:56.0843 0744	TDTCP - ok
21:15:56.0890 0744	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
21:15:56.0984 0744	tdx - ok
21:15:57.0062 0744	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
21:15:57.0093 0744	TermDD - ok
21:15:57.0218 0744	TPM             (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys
21:15:57.0264 0744	TPM - ok
21:15:57.0311 0744	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:15:57.0405 0744	tssecsrv - ok
21:15:57.0514 0744	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
21:15:57.0608 0744	tunnel - ok
21:15:57.0654 0744	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:15:57.0686 0744	uagp35 - ok
21:15:57.0732 0744	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
21:15:57.0810 0744	udfs - ok
21:15:57.0888 0744	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
21:15:57.0920 0744	uliagpkx - ok
21:15:57.0966 0744	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
21:15:58.0013 0744	umbus - ok
21:15:58.0029 0744	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:15:58.0091 0744	UmPass - ok
21:15:58.0200 0744	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
21:15:58.0263 0744	USBAAPL64 - ok
21:15:58.0356 0744	usbccgp         (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
21:15:58.0419 0744	usbccgp - ok
21:15:58.0466 0744	USBCCID - ok
21:15:58.0544 0744	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
21:15:58.0590 0744	usbcir - ok
21:15:58.0653 0744	usbehci         (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
21:15:58.0700 0744	usbehci - ok
21:15:58.0778 0744	usbhub          (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
21:15:58.0840 0744	usbhub - ok
21:15:58.0887 0744	usbohci         (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\drivers\usbohci.sys
21:15:58.0949 0744	usbohci - ok
21:15:59.0027 0744	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:15:59.0074 0744	usbprint - ok
21:15:59.0136 0744	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:15:59.0199 0744	usbscan - ok
21:15:59.0246 0744	USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\drivers\USBSTOR.SYS
21:15:59.0292 0744	USBSTOR - ok
21:15:59.0386 0744	usbuhci         (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\DRIVERS\usbuhci.sys
21:15:59.0417 0744	usbuhci - ok
21:15:59.0558 0744	usbvideo        (7cb8c573c6e4a2714402cc0a36eab4fe) C:\Windows\System32\Drivers\usbvideo.sys
21:15:59.0604 0744	usbvideo - ok
21:15:59.0682 0744	usb_rndisx      (70d05ee263568a742d14e1876df80532) C:\Windows\system32\DRIVERS\usb8023x.sys
21:15:59.0729 0744	usb_rndisx - ok
21:15:59.0838 0744	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
21:15:59.0854 0744	vdrvroot - ok
21:15:59.0932 0744	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:15:59.0963 0744	vga - ok
21:15:59.0994 0744	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:16:00.0104 0744	VgaSave - ok
21:16:00.0197 0744	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
21:16:00.0244 0744	vhdmp - ok
21:16:00.0275 0744	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
21:16:00.0306 0744	viaide - ok
21:16:00.0338 0744	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
21:16:00.0353 0744	volmgr - ok
21:16:00.0384 0744	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
21:16:00.0416 0744	volmgrx - ok
21:16:00.0509 0744	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
21:16:00.0540 0744	volsnap - ok
21:16:00.0603 0744	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:16:00.0634 0744	vsmraid - ok
21:16:00.0681 0744	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:16:00.0728 0744	vwifibus - ok
21:16:00.0759 0744	vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:16:00.0821 0744	vwififlt - ok
21:16:00.0899 0744	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:16:00.0962 0744	WacomPen - ok
21:16:01.0055 0744	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:16:01.0133 0744	WANARP - ok
21:16:01.0149 0744	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
21:16:01.0196 0744	Wanarpv6 - ok
21:16:01.0274 0744	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:16:01.0289 0744	Wd - ok
21:16:01.0336 0744	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:16:01.0383 0744	Wdf01000 - ok
21:16:01.0430 0744	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:16:01.0476 0744	WfpLwf - ok
21:16:01.0492 0744	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:16:01.0508 0744	WIMMount - ok
21:16:01.0632 0744	WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
21:16:01.0679 0744	WinUsb - ok
21:16:01.0773 0744	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
21:16:01.0820 0744	WmiAcpi - ok
21:16:01.0929 0744	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:16:02.0022 0744	ws2ifsl - ok
21:16:02.0054 0744	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
21:16:02.0116 0744	WudfPf - ok
21:16:02.0147 0744	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:16:02.0210 0744	WUDFRd - ok
21:16:02.0256 0744	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:16:02.0475 0744	\Device\Harddisk0\DR0 - ok
21:16:02.0506 0744	Boot (0x1200)   (c26b09bacd0938e44395cb556a0626cb) \Device\Harddisk0\DR0\Partition0
21:16:02.0506 0744	\Device\Harddisk0\DR0\Partition0 - ok
21:16:02.0537 0744	Boot (0x1200)   (885f94b62aa4798f49889bb22c565258) \Device\Harddisk0\DR0\Partition1
21:16:02.0537 0744	\Device\Harddisk0\DR0\Partition1 - ok
21:16:02.0537 0744	============================================================
21:16:02.0537 0744	Scan finished
21:16:02.0537 0744	============================================================
21:16:02.0584 4840	Detected object count: 0
21:16:02.0584 4840	Actual detected object count: 0

Danke derweil

cosinus · 03.01.2012, 21:20

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

spartacus111 · 03.01.2012, 21:47

Toi,toi,toi

Code:

ATTFilter

Combofix Logfile:

	Code: 

 ATTFilter

  
	ComboFix 12-01-03.04 - RSST 03.01.2012  21:26:22.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.6109.4563 [GMT 1:00]
ausgeführt von:: c:\users\RSST\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\RSST\AppData\Roaming\Microsoft\Windows\Recent\Cirque du soleil.url
c:\windows\SysWow64\drivers\10CF_FUJITSU_FTS_AMILO Pi 3660_PI_FUJITSU    _EF9A _Rev 1.0    _FSC - 6040000_1.05_NVIDIA GeForce GT 240M .MRK
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-03 bis 2012-01-03  ))))))))))))))))))))))))))))))
.
.
2012-01-03 20:34 . 2012-01-03 20:34	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-01-03 18:46 . 2012-01-03 18:46	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7A457EE2-C4DA-4D01-96A7-BB6EE813FAEE}\offreg.dll
2012-01-03 18:39 . 2012-01-03 18:39	--------	d-----w-	C:\_OTL
2012-01-02 19:28 . 2012-01-02 19:28	--------	d-----w-	c:\program files (x86)\ESET
2012-01-01 15:59 . 2012-01-01 15:59	--------	d-----w-	c:\users\RSST\AppData\Roaming\Malwarebytes
2012-01-01 15:59 . 2012-01-01 15:59	--------	d-----w-	c:\programdata\Malwarebytes
2012-01-01 15:59 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-01-01 14:18 . 2012-01-01 15:43	--------	d-----w-	C:\sh4ldr
2012-01-01 14:18 . 2012-01-01 14:18	--------	d-----w-	c:\program files\Enigma Software Group
2011-12-29 14:26 . 2012-01-03 18:39	--------	d-----w-	c:\program files (x86)\Common Files\Spigot
2011-12-29 14:00 . 2011-11-30 01:21	8822856	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{7A457EE2-C4DA-4D01-96A7-BB6EE813FAEE}\mpengine.dll
2011-12-29 13:01 . 2011-07-16 05:26	362496	----a-w-	c:\windows\system32\wow64win.dll
2011-12-29 13:00 . 2011-11-05 05:17	2048	----a-w-	c:\windows\system32\tzres.dll
2011-12-29 13:00 . 2011-11-05 04:30	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2011-12-29 13:00 . 2011-06-23 05:29	5507968	----a-w-	c:\windows\system32\ntoskrnl.exe
2011-12-29 13:00 . 2011-06-23 04:38	3957120	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2011-12-29 13:00 . 2011-06-23 04:38	3902336	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2011-12-29 12:57 . 2011-04-28 03:58	552448	----a-w-	c:\windows\system32\drivers\bthport.sys
2011-12-29 12:57 . 2011-04-28 03:58	80384	----a-w-	c:\windows\system32\drivers\BTHUSB.SYS
2011-12-21 00:33 . 2011-12-21 00:33	--------	d-----w-	c:\program files (x86)\Mozilla Plugins
2011-12-21 00:33 . 2011-12-21 00:33	--------	d-----w-	c:\program files (x86)\iTunesHelper.Resources
2011-12-21 00:32 . 2011-12-21 00:33	--------	d-----w-	c:\program files (x86)\iTunes.Resources
2011-12-21 00:32 . 2011-12-21 00:33	--------	d-----w-	c:\program files\iTunes
2011-12-21 00:32 . 2011-12-21 00:32	--------	d-----w-	c:\program files\iPod
2011-12-21 00:32 . 2011-12-21 00:32	--------	d-----w-	c:\program files (x86)\CD Configuration
2011-12-21 00:30 . 2011-12-21 00:30	--------	d-----w-	c:\program files\Bonjour
2011-12-21 00:30 . 2011-12-21 00:30	--------	d-----w-	c:\program files (x86)\Bonjour
2011-12-20 22:33 . 2011-12-20 22:33	--------	d-----w-	c:\program files (x86)\Apple Software Update
2011-12-20 20:26 . 2011-12-20 20:26	--------	d-----w-	c:\program files (x86)\Audible
2011-12-18 18:01 . 2011-12-18 18:01	53248	----a-r-	c:\users\RSST\AppData\Roaming\Microsoft\Installer\{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}\ARPPRODUCTICON.exe
2011-12-08 00:36 . 2011-12-08 00:36	293736	----a-w-	c:\program files (x86)\iTunesOutlookAddIn.dll
2011-12-08 00:36 . 2011-12-08 00:36	421736	----a-w-	c:\program files (x86)\iTunesHelper.exe
2011-12-08 00:36 . 2011-12-08 00:36	403304	----a-w-	c:\program files (x86)\iTunesAdmin.dll
2011-12-08 00:36 . 2011-12-08 00:36	156520	----a-w-	c:\program files (x86)\iTunesHelper.dll
2011-12-08 00:36 . 2011-12-08 00:36	9777000	----a-w-	c:\program files (x86)\iTunes.exe
2011-12-08 00:36 . 2011-12-08 00:36	20864360	----a-w-	c:\program files (x86)\iTunes.dll
2011-12-08 00:36 . 2011-12-08 00:36	797208	----a-w-	c:\program files (x86)\gnsdk_sdkmanager.dll
2011-12-08 00:36 . 2011-12-08 00:36	3029528	----a-w-	c:\program files (x86)\gnsdk_dsp.dll
2011-12-08 00:36 . 2011-12-08 00:36	281112	----a-w-	c:\program files (x86)\gnsdk_submit.dll
2011-12-08 00:36 . 2011-12-08 00:36	240152	----a-w-	c:\program files (x86)\gnsdk_musicid.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-15 13:29 . 2009-12-16 18:13	270720	------w-	c:\windows\system32\MpSigStub.exe
2011-11-14 19:16 . 2011-11-14 19:16	112488	----a-w-	c:\program files (x86)\ITDetector.ocx
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-10-30 281768]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-12-14 47904]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"iTunesHelper"="c:\program files (x86)\iTunesHelper.exe" [2011-12-08 421736]
.
c:\users\Yuchuu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\
LaunchCenter.lnk - c:\program files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe [2009-10-9 2351104]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
LaunchCenter.lnk - c:\program files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe [2009-10-9 2351104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 135664]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R4 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AAV UpdateService;AAV UpdateService;d:\steuer-spar-erklaerung 2010 von bild\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 SBSDWSCService;SBSD Security Center Service;d:\neu installierte programme\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 37956343
*Deregistered* - 37956343
.
Inhalt des "geplante Tasks" Ordners
.
2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 12:21]
.
2012-01-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-02-14 12:21]
.
2011-12-27 c:\windows\Tasks\hpwebreg_CN07D1P02Y05HX.job
- c:\program files\HP\HP Deskjet 3050 J610 series\Bin\hpwebreg.exe [2010-06-14 15:29]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-09-01 16336488]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-11 8114720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mLocal Page = 
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://go.gmx.net/suchbox/gmxsuche?su=%s
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{08234a0d-cf39-4dca-99f0-0c5cb496da81} - c:\program files (x86)\Bing Bar Installer\InstallManager.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-01-03  21:45:19
ComboFix-quarantined-files.txt  2012-01-03 20:45
.
Vor Suchlauf: 11 Verzeichnis(se), 20.313.071.616 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 20.177.719.296 Bytes frei
.
- - End Of File - - 005C390285D795F60D498AB3153FD22D
         
 --- --- ---

RS

02.01.2012, 16:28	#2
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	spyhunter, widgi toolbar, spigot....was tue ich am Besten? Wo sind die Logs von Malwarebytes? Bitte immer alle posten, egal ob Fund oder kein Fund. __________________ __________________

03.01.2012, 21:14	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	spyhunter, widgi toolbar, spigot....was tue ich am Besten? Nein ich poste hier Bausteine damit ich nicht ständig mir die Finger wund tippe. Deswegen war es auch nur dezent und in Klammern als Hinweis __________________ Logfiles bitte immer in CODE-Tags posten

spyhunter, widgi toolbar, spigot....was tue ich am Besten?

Plagegeister aller Art und deren Bekämpfung: spyhunter, widgi toolbar, spigot....was tue ich am Besten?