http://www2.flirtcafe.de/de/ , Google-Bildersuche funktioniert nicht mehr, Websites laden langsam

interaktion · 24.01.2012, 12:42

Hallo,

ich hoffe, hier kann mir jemand helfen.

Seit 2 Tagen erscheint, sobald ich mit IE 9 hxxp://www.spin.de aufrufe (nur bei der URL!), die Seite: hxxp://www2.flirtcafe.de/de/ - erst beim zweiten Aufruf der URL erscheint die "richtige" Website. An spin selbst scheint es nicht zu liegen, da andere dieses Problem nicht haben. Jedoch trat es in der Vergangenheit (auch bei mir) schon einmal auf. Damals wurde dort im Forum zu spybot und Malwarebytes geraten, die jedoch nichts fanden (bei mir zumindest nicht - bei anderen erledigte sich das Problem damit). Bei mir verschwand das Problem anschließend aus heiterem Himmel von selbst - so wie es urplötzlich gekommen war.

Jetzt ist es wieder so weit und es verschwindet bisher nicht von selbst. Gestern Nacht war es kurz weg, jetzt ist es jedoch wieder da. Das Nervigste daran ist, dass es nicht nur diese Umleitung auf dieses Flirtcafe ist, sondern, dass sich auch alle restlichen Webistes extrem langsam aufbauen (vor allem die Bilder dort) und die Google Bildersuche nicht funktioniert.

Kann mir jemand helfen?

Ich bin schon ganz verzweifelt, weil kein Scanner (Spybot, Superantispyware, Malwarebytes, Avira, ad-aware) bisher etwas fand... Ach ja, spybot hat die Adware gefunden, die das Problem in meinem letzten Thread verursacht hat. Der ständige IP-Block wäre also gelöst.

defogger:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 11:51 on 24/01/2012 (Blubb)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Ich weiß nicht, warum, aber mein OTL-Log zeigt bei "hosts" lauter chinesische Zeichen an?! Das Log ist dadurch so groß, dass ich es in 3 txt-Files aufteilen musste und die beiden mit den chinesischen Zeichen zippen musste. Leider kann ich die beiden gezippten OTL-Dateien nicht hochladen. "Anhänge verwalten" sagt mir immer "ungültige Datei", obwohl ich alles so gemacht habe, wie von euch angegeben... Die Datei im Anhang ist also nur der erste Teil der riesigen Log-Datei.

Ich hoffe, hier kann mir jemand helfen!

cosinus · 24.01.2012, 21:56

Zitat:

Ach ja, spybot hat die Adware gefunden, die das Problem in meinem letzten Thread verursacht hat. Der ständige IP-Block wäre also gelöst.

Tatsächlich? Log dazu?
Wie hsat du denn rausgefunden, dass der IP-Block dann weg war, Malwarebytes ist dann ein paar Tasge später abgelaufen... ?

interaktion · 25.01.2012, 02:03

Ja, die Teatversion der Premiumversion war abgelaufen, jedoch wurden die IPs weiterhin geblockt. Nachdem spybot die Adware gefunden und entfernt hatte, wars weg und trat seit 3 Tagen nun (seit dem spybot-fund) nicht mehr auf. Log kommt später, bin Grade nur am Handy.

Hilfst du mir mit meinem neuen Problem?

Was soll ich mit den Logs tun?

cosinus · 25.01.2012, 10:07

Ich würde erstmal gern wissen welche Adware denn die Ursache war. In den Logs hab ich nichts mehr gesehen. War da was in den Tiefen der Registry?

interaktion · 25.01.2012, 13:15

Finde leider bei spybot keine Möglichkeit, ein Log zu ziehen. Ich hab keine Ahnung, was es konkret war. Fakt ist. Es ist weg. *g Zumindest fand spybot eben zweimal Adware, entfernte sie und seither trat es nicht mehr auf.

Malwarebytes IP-Block:

Das letzte mal am 22.1. um 20 vor 4 (lol, ich bin lange wach, ja):

Code:

ATTFilter

2012/01/22 03:41:28 +0100	BLUBB-NEU	Blubb	IP-BLOCK	82.98.97.183 (Type: outgoing, Port: 53649, Process: svchost.exe)
2012/01/22 03:41:28 +0100	BLUBB-NEU	Blubb	IP-BLOCK	82.98.97.185 (Type: outgoing, Port: 53650, Process: svchost.exe)
2012/01/22 03:41:28 +0100	BLUBB-NEU	Blubb	IP-BLOCK	82.98.97.203 (Type: outgoing, Port: 53651, Process: svchost.exe)
2012/01/22 03:41:28 +0100	BLUBB-NEU	Blubb	IP-BLOCK	82.98.97.206 (Type: outgoing, Port: 53652, Process: svchost.exe)
2012/01/22 14:05:19 +0100	BLUBB-NEU	Blubb	MESSAGE	Starting protection
2012/01/22 14:05:20 +0100	BLUBB-NEU	Blubb	MESSAGE	Protection started successfully
2012/01/22 14:05:23 +0100	BLUBB-NEU	Blubb	MESSAGE	Starting IP protection
2012/01/22 14:05:24 +0100	BLUBB-NEU	Blubb	MESSAGE	IP Protection started successfully

Danach kam nichts mehr:

Code:

ATTFilter

2012/01/23 00:07:54 +0100	BLUBB-NEU	Blubb	MESSAGE	Executing scheduled update:  Daily
2012/01/23 00:08:03 +0100	BLUBB-NEU	Blubb	MESSAGE	Starting database refresh
2012/01/23 00:08:03 +0100	BLUBB-NEU	Blubb	MESSAGE	Stopping IP protection
2012/01/23 00:08:03 +0100	BLUBB-NEU	Blubb	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.01.19.04 to version v2012.01.22.04
2012/01/23 00:08:37 +0100	BLUBB-NEU	Blubb	MESSAGE	IP Protection stopped
2012/01/23 00:08:39 +0100	BLUBB-NEU	Blubb	MESSAGE	Database refreshed successfully
2012/01/23 00:08:39 +0100	BLUBB-NEU	Blubb	MESSAGE	Starting IP protection
2012/01/23 00:08:39 +0100	BLUBB-NEU	Blubb	MESSAGE	IP Protection started successfully
2012/01/23 00:28:58 +0100	BLUBB-NEU	Blubb	MESSAGE	Starting protection
2012/01/23 00:29:00 +0100	BLUBB-NEU	Blubb	MESSAGE	Protection started successfully
2012/01/23 00:29:03 +0100	BLUBB-NEU	Blubb	MESSAGE	Starting IP protection
2012/01/23 00:29:04 +0100	BLUBB-NEU	Blubb	MESSAGE	IP Protection started successfully
2012/01/23 13:53:21 +0100	BLUBB-NEU	Blubb	MESSAGE	Starting protection
2012/01/23 13:53:23 +0100	BLUBB-NEU	Blubb	MESSAGE	Protection started successfully
2012/01/23 13:53:26 +0100	BLUBB-NEU	Blubb	MESSAGE	Starting IP protection
2012/01/23 13:53:26 +0100	BLUBB-NEU	Blubb	MESSAGE	IP Protection started successfully
2012/01/23 21:30:19 +0100	BLUBB-NEU	Blubb	MESSAGE	Starting protection
2012/01/23 21:30:21 +0100	BLUBB-NEU	Blubb	MESSAGE	Protection started successfully
2012/01/23 21:30:24 +0100	BLUBB-NEU	Blubb	MESSAGE	Starting IP protection
2012/01/23 21:30:25 +0100	BLUBB-NEU	Blubb	MESSAGE	IP Protection started successfully
2012/01/23 21:41:55 +0100	BLUBB-NEU	Blubb	MESSAGE	Starting protection
2012/01/23 21:41:57 +0100	BLUBB-NEU	Blubb	MESSAGE	Protection started successfully
2012/01/23 21:42:00 +0100	BLUBB-NEU	Blubb	MESSAGE	Starting IP protection
2012/01/23 21:42:00 +0100	BLUBB-NEU	Blubb	MESSAGE	IP Protection started successfully
2012/01/23 21:46:56 +0100	BLUBB-NEU	Blubb	MESSAGE	Starting protection
2012/01/23 21:46:57 +0100	BLUBB-NEU	Blubb	MESSAGE	Protection started successfully
2012/01/23 21:47:00 +0100	BLUBB-NEU	Blubb	MESSAGE	Starting IP protection
2012/01/23 21:47:01 +0100	BLUBB-NEU	Blubb	MESSAGE	IP Protection started successfully
2012/01/23 21:53:47 +0100	BLUBB-NEU	Blubb	MESSAGE	Stopping IP protection
2012/01/23 21:54:27 +0100	BLUBB-NEU	Blubb	MESSAGE	IP Protection stopped
2012/01/23 22:00:34 +0100	BLUBB-NEU	Blubb	MESSAGE	Starting protection
2012/01/23 22:00:35 +0100	BLUBB-NEU	Blubb	MESSAGE	Protection started successfully
2012/01/23 22:00:38 +0100	BLUBB-NEU	Blubb	MESSAGE	Starting IP protection
2012/01/23 22:00:39 +0100	BLUBB-NEU	Blubb	MESSAGE	IP Protection started successfully
2012/01/23 22:09:28 +0100	BLUBB-NEU	Blubb	MESSAGE	Starting protection
2012/01/23 22:09:29 +0100	BLUBB-NEU	Blubb	MESSAGE	Protection started successfully
2012/01/23 22:09:32 +0100	BLUBB-NEU	Blubb	MESSAGE	Starting IP protection
2012/01/23 22:09:33 +0100	BLUBB-NEU	Blubb	MESSAGE	IP Protection started successfully

Code:

ATTFilter

2012/01/24 11:27:59 +0100	BLUBB-NEU	Blubb	MESSAGE	Starting protection
2012/01/24 11:28:00 +0100	BLUBB-NEU	Blubb	MESSAGE	Protection started successfully
2012/01/24 11:28:03 +0100	BLUBB-NEU	Blubb	MESSAGE	Starting IP protection
2012/01/24 11:28:04 +0100	BLUBB-NEU	Blubb	MESSAGE	IP Protection started successfully
2012/01/24 11:47:33 +0100	BLUBB-NEU	Blubb	MESSAGE	Starting protection
2012/01/24 11:47:35 +0100	BLUBB-NEU	Blubb	MESSAGE	Protection started successfully
2012/01/24 11:47:38 +0100	BLUBB-NEU	Blubb	MESSAGE	Starting IP protection
2012/01/24 11:47:38 +0100	BLUBB-NEU	Blubb	MESSAGE	IP Protection started successfully
2012/01/24 11:57:20 +0100	BLUBB-NEU	Blubb	MESSAGE	Stopping IP protection
2012/01/24 11:57:56 +0100	BLUBB-NEU	Blubb	MESSAGE	IP Protection stopped
2012/01/24 12:33:57 +0100	BLUBB-NEU	Blubb	MESSAGE	Starting protection
2012/01/24 12:33:58 +0100	BLUBB-NEU	Blubb	MESSAGE	Protection started successfully
2012/01/24 12:34:01 +0100	BLUBB-NEU	Blubb	MESSAGE	Starting IP protection
2012/01/24 12:34:02 +0100	BLUBB-NEU	Blubb	MESSAGE	IP Protection started successfully

Code:

ATTFilter

2012/01/25 08:26:18 +0100	BLUBB-NEU	Blubb	MESSAGE	Starting protection
2012/01/25 08:26:19 +0100	BLUBB-NEU	Blubb	MESSAGE	Protection started successfully
2012/01/25 08:26:22 +0100	BLUBB-NEU	Blubb	MESSAGE	Starting IP protection
2012/01/25 08:26:23 +0100	BLUBB-NEU	Blubb	MESSAGE	IP Protection started successfully
2012/01/25 13:00:36 +0100	BLUBB-NEU	Blubb	MESSAGE	Starting protection
2012/01/25 13:00:38 +0100	BLUBB-NEU	Blubb	MESSAGE	Protection started successfully
2012/01/25 13:00:41 +0100	BLUBB-NEU	Blubb	MESSAGE	Starting IP protection
2012/01/25 13:00:42 +0100	BLUBB-NEU	Blubb	MESSAGE	IP Protection started successfully

cosinus · 25.01.2012, 13:25

Das ist aber ziemlich doof, weil weder bei hijackthis.de noch hier man rausfinden konnte woran es lag.

Naja vllt erkennen inzischen auch Scanner wie MBAM ESET etc diese Adware, die das verursacht

Hast du ESET schon ausgeführt abgesehen vom letzten Monat?

interaktion · 25.01.2012, 15:07

ESET hat, trotz Browser als Administrator geöffnet, nur so ne kurze Log-Datei erstellt. Bei mir war das Bild auch irgendwie "abgeschnitten" vom ESET-Scanner, d.h. ich hätte z.b. neben der Schaltfläche"Stopp" auf gar nichts mehr klicken können, weil die alleine schon "abgeschnitten" war. Gefunden hatte ESET aber nichts. Überhaupt kein Scanner hatte irgendetwas gefunden, nur harmose Cookies... Ich versuch das nun noch einmal mit ESET...

interaktion · 26.01.2012, 00:00

Sooo... Ich hoffe, das alles reicht dir vorerst:

Eset:

Code:

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c186c7f7f169604fbbdbfe10af567a9e
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-25 03:06:09
# local_time=2012-01-25 04:06:09 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 240957 240957 0 0
# compatibility_mode=5893 16776573 100 94 61279 79130260 0 0
# compatibility_mode=8192 67108863 100 0 8761 8761 0 0
# scanned=217577
# found=0
# cleaned=0
# scan_time=3559

Avira:

Code:

ATTFilter

 
Avira Antivirus Premium 2012
Erstellungsdatum der Reportdatei: Mittwoch, 25. Januar 2012  18:44

Es wird nach 3271308 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer   : Larusso :P
Seriennummer   : ***
Plattform      : Windows 7 x64
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus     : Normal gebootet
Benutzername   : SYSTEM
Computername   : BLUBB-NEU

Versionsinformationen:
BUILD.DAT      : 12.0.0.888     42511 Bytes  15.12.2011 15:53:00
AVSCAN.EXE     : 12.1.0.18     490448 Bytes  23.01.2012 12:37:05
AVSCAN.DLL     : 12.1.0.17      65744 Bytes  11.10.2011 14:06:08
LUKE.DLL       : 12.1.0.17      68304 Bytes  11.10.2011 14:05:57
AVSCPLR.DLL    : 12.1.0.21      99536 Bytes  22.01.2012 20:11:53
AVREG.DLL      : 12.1.0.27     227536 Bytes  22.01.2012 20:11:53
VBASE000.VDF   : 7.10.0.0    19875328 Bytes  06.11.2009 19:18:34
VBASE001.VDF   : 7.11.0.0    13342208 Bytes  14.12.2010 10:07:39
VBASE002.VDF   : 7.11.19.170 14374912 Bytes  20.12.2011 20:11:41
VBASE003.VDF   : 7.11.19.171     2048 Bytes  20.12.2011 20:11:41
VBASE004.VDF   : 7.11.19.172     2048 Bytes  20.12.2011 20:11:41
VBASE005.VDF   : 7.11.19.173     2048 Bytes  20.12.2011 20:11:41
VBASE006.VDF   : 7.11.19.174     2048 Bytes  20.12.2011 20:11:41
VBASE007.VDF   : 7.11.19.175     2048 Bytes  20.12.2011 20:11:41
VBASE008.VDF   : 7.11.19.176     2048 Bytes  20.12.2011 20:11:41
VBASE009.VDF   : 7.11.19.177     2048 Bytes  20.12.2011 20:11:41
VBASE010.VDF   : 7.11.19.178     2048 Bytes  20.12.2011 20:11:42
VBASE011.VDF   : 7.11.19.179     2048 Bytes  20.12.2011 20:11:42
VBASE012.VDF   : 7.11.19.180     2048 Bytes  20.12.2011 20:11:42
VBASE013.VDF   : 7.11.19.217   182784 Bytes  22.12.2011 20:11:42
VBASE014.VDF   : 7.11.19.255   148480 Bytes  24.12.2011 20:11:42
VBASE015.VDF   : 7.11.20.29    164352 Bytes  27.12.2011 20:11:42
VBASE016.VDF   : 7.11.20.70    180224 Bytes  29.12.2011 20:11:43
VBASE017.VDF   : 7.11.20.102   240640 Bytes  02.01.2012 20:11:43
VBASE018.VDF   : 7.11.20.139   164864 Bytes  04.01.2012 20:11:43
VBASE019.VDF   : 7.11.20.178   167424 Bytes  06.01.2012 20:11:44
VBASE020.VDF   : 7.11.20.207   230400 Bytes  10.01.2012 20:11:44
VBASE021.VDF   : 7.11.20.236   150528 Bytes  11.01.2012 20:11:44
VBASE022.VDF   : 7.11.21.13    135168 Bytes  13.01.2012 20:11:44
VBASE023.VDF   : 7.11.21.40    163840 Bytes  16.01.2012 20:11:45
VBASE024.VDF   : 7.11.21.65   1001472 Bytes  17.01.2012 20:11:46
VBASE025.VDF   : 7.11.21.98    487424 Bytes  19.01.2012 20:11:47
VBASE026.VDF   : 7.11.21.156  1010688 Bytes  25.01.2012 16:00:55
VBASE027.VDF   : 7.11.21.157     2048 Bytes  25.01.2012 16:00:55
VBASE028.VDF   : 7.11.21.158     2048 Bytes  25.01.2012 16:00:55
VBASE029.VDF   : 7.11.21.159     2048 Bytes  25.01.2012 16:00:55
VBASE030.VDF   : 7.11.21.160     2048 Bytes  25.01.2012 16:00:55
VBASE031.VDF   : 7.11.21.161     2048 Bytes  25.01.2012 16:00:55
Engineversion  : 8.2.8.34  
AEVDF.DLL      : 8.1.2.2       106868 Bytes  22.01.2012 20:11:52
AESCRIPT.DLL   : 8.1.4.1       434553 Bytes  22.01.2012 20:11:52
AESCN.DLL      : 8.1.8.1       127348 Bytes  22.01.2012 20:11:52
AESBX.DLL      : 8.2.4.5       434549 Bytes  22.01.2012 20:11:53
AERDL.DLL      : 8.1.9.15      639348 Bytes  08.09.2011 22:16:06
AEPACK.DLL     : 8.2.16.1      799094 Bytes  22.01.2012 20:11:52
AEOFFICE.DLL   : 8.1.2.25      201084 Bytes  22.01.2012 20:11:51
AEHEUR.DLL     : 8.1.3.19     4309367 Bytes  22.01.2012 20:11:51
AEHELP.DLL     : 8.1.19.0      254327 Bytes  22.01.2012 20:11:48
AEGEN.DLL      : 8.1.5.17      405877 Bytes  22.01.2012 20:11:48
AEEMU.DLL      : 8.1.3.0       393589 Bytes  01.09.2011 22:46:01
AECORE.DLL     : 8.1.25.2      201079 Bytes  22.01.2012 20:11:48
AEBB.DLL       : 8.1.1.0        53618 Bytes  01.09.2011 22:46:01
AVWINLL.DLL    : 12.1.0.17      27344 Bytes  11.10.2011 14:05:49
AVPREF.DLL     : 12.1.0.17      51920 Bytes  11.10.2011 14:05:47
AVREP.DLL      : 12.1.0.17     179920 Bytes  11.10.2011 14:05:47
AVARKT.DLL     : 12.1.0.19     208848 Bytes  23.01.2012 12:37:03
AVEVTLOG.DLL   : 12.1.0.17     169168 Bytes  11.10.2011 14:05:46
SQLITE3.DLL    : 3.7.0.0       398288 Bytes  11.10.2011 14:06:01
AVSMTP.DLL     : 12.1.0.17      63440 Bytes  11.10.2011 14:05:48
NETNT.DLL      : 12.1.0.17      17104 Bytes  11.10.2011 14:05:57
RCIMAGE.DLL    : 12.1.0.17    4491472 Bytes  11.10.2011 14:06:11
RCTEXT.DLL     : 12.1.0.16      98512 Bytes  11.10.2011 14:06:11

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: interaktiv
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:, 
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Mittwoch, 25. Januar 2012  18:44

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
    [INFO]      Es wurde kein Virus gefunden!
Masterbootsektor HD1
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
    [INFO]      Es wurde kein Virus gefunden!
Bootsektor 'D:\'
    [INFO]      Es wurde kein Virus gefunden!

Der Suchlauf nach versteckten Objekten wird begonnen.

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'iexplore.exe' - '129' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '112' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashUtil11e_ActiveX.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '139' Modul(e) wurden durchsucht
Durchsuche Prozess 'iexplore.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'APSDaemon.exe' - '81' Modul(e) wurden durchsucht
Durchsuche Prozess 'distnoted.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceHelper.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunes.exe' - '178' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'CNSEMAIN.EXE' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuschd2.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorIcon.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpsysdrv.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'UNS.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbamservice.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'avmailc.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDWinSec.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'LMS.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPDrvMntSvc.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '43' Modul(e) wurden durchsucht

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '1920' Dateien ).


Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\' <OS>
Beginne mit der Suche in 'D:\' <HP_RECOVERY>


Ende des Suchlaufs: Mittwoch, 25. Januar 2012  19:45
Benötigte Zeit:  1:00:28 Stunde(n)

Der Suchlauf wurde vollständig durchgeführt.

  37921 Verzeichnisse wurden überprüft
 541207 Dateien wurden geprüft
      0 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      0 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
 541207 Dateien ohne Befall
   3052 Archive wurden durchsucht
      0 Warnungen
      0 Hinweise
 952683 Objekte wurden beim Rootkitscan durchsucht
      0 Versteckte Objekte wurden gefunden

Malwarebytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.22.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Blubb :: BLUBB-NEU [Administrator]

Schutz: Deaktiviert

25.01.2012 19:46:58
mbam-log-2012-01-25 (19-46-58).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 388314
Laufzeit: 1 Stunde(n), 4 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Ad-Aware:

Code:

ATTFilter

 Logfile created: 25.01.2012 20:52:47
Ad-Aware version: 9.6.0
Extended engine: 3
Extended engine version: 3.1.2770
User performing scan: Blubb

*********************** Definitions database information ***********************
Lavasoft definition file: 150.693
Genotype definition file version: 2011/09/21 13:56:01
Extended engine definition file: 11442.0

******************************** Scan results: *********************************
Scan profile name: Full Scan  (ID: full)
Objects scanned: 240209
Objects detected: 26


Type              Detected
==========================
Processes.......:        0
Registry entries:        0
Hostfile entries:        0
Files...........:        0
Folders.........:        0
LSPs............:        0
Cookies.........:       26
Browser hijacks.:        0
MRU objects.....:        0



Removed items:
Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
Description: *adfarm1.adition* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409171 Family ID: 0
Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0
Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0
Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0
Description: *etracker* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409002 Family ID: 0
Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0
Description: *ivwbox* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409247 Family ID: 0
Description: *specificclick* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408807 Family ID: 0
Description: *adfarm1.adition* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409171 Family ID: 0
Description: *ivwbox* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409247 Family ID: 0
Description: *webtrends* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599640 Family ID: 0
Description: *etracker* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409002 Family ID: 0
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0
Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0
Description: *wunderloop* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 599639 Family ID: 0
Description: *ad.yieldmanager* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409172 Family ID: 0
Description: *adfarm1.adition* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409171 Family ID: 0
Description: *adserver* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408737 Family ID: 0
Description: *adserv* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 408921 Family ID: 0
Description: *adserve* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409020 Family ID: 0
Description: *etracker* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409002 Family ID: 0
Description: *adtech* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409018 Family ID: 0
Description: *ivwbox* Family Name: Cookies Engine: 1 Clean status: Success Item ID: 409247 Family ID: 0

Scan and cleaning complete: Finished correctly after 6149 seconds

*********************************** Settings ***********************************

Scan profile:
ID: full, enabled:1, value: Full Scan
  ID: folderstoscan, enabled:1, value: C:\,D:\
  ID: useantivirus, enabled:1, value: true
  ID: sections, enabled:1
    ID: scancriticalareas, enabled:1, value: true
    ID: scanrunningapps, enabled:1, value: true
    ID: scanregistry, enabled:1, value: true
    ID: scanlsp, enabled:1, value: true
    ID: scanads, enabled:1, value: true
    ID: scanhostsfile, enabled:1, value: true
    ID: scanmru, enabled:1, value: true
    ID: scanbrowserhijacks, enabled:1, value: true
    ID: scantrackingcookies, enabled:1, value: true
      ID: closebrowsers, enabled:1, value: false
  ID: filescanningoptions, enabled:1
    ID: archives, enabled:1, value: true
    ID: onlyexecutables, enabled:1, value: false
    ID: skiplargerthan, enabled:1, value: 20480
    ID: scanrootkits, enabled:1, value: true
      ID: rootkitlevel, enabled:1, value: mild, domain: medium,mild,strict
    ID: usespywareheuristics, enabled:1, value: true

Scan global:
ID: global, enabled:1
  ID: addtocontextmenu, enabled:1, value: true
  ID: playsoundoninfection, enabled:1, value: false
    ID: soundfile, enabled:0, value: N/A

Scheduled scan settings:
<Empty>

Update settings:
ID: updates, enabled:1
  ID: launchthreatworksafterscan, enabled:1, value: silently, domain: normal,off,silently
  ID: deffiles, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
  ID: licenseandinfo, enabled:1, value: downloadandinstall, domain: dontcheck,downloadandinstall
  ID: schedules, enabled:1, value: true
    ID: updatedaily1, enabled:1, value: Daily 1
      ID: time, enabled:1, value: Mon Jan 23 22:49:00 2012
      ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
      ID: weekdays, enabled:1
        ID: monday, enabled:1, value: false
        ID: tuesday, enabled:1, value: false
        ID: wednesday, enabled:1, value: false
        ID: thursday, enabled:1, value: false
        ID: friday, enabled:1, value: false
        ID: saturday, enabled:1, value: false
        ID: sunday, enabled:1, value: false
      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
      ID: scanprofile, enabled:1, value: 
      ID: auto_deal_with_infections, enabled:1, value: false
    ID: updatedaily2, enabled:1, value: Daily 2
      ID: time, enabled:1, value: Mon Jan 23 04:49:00 2012
      ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
      ID: weekdays, enabled:1
        ID: monday, enabled:1, value: false
        ID: tuesday, enabled:1, value: false
        ID: wednesday, enabled:1, value: false
        ID: thursday, enabled:1, value: false
        ID: friday, enabled:1, value: false
        ID: saturday, enabled:1, value: false
        ID: sunday, enabled:1, value: false
      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
      ID: scanprofile, enabled:1, value: 
      ID: auto_deal_with_infections, enabled:1, value: false
    ID: updatedaily3, enabled:1, value: Daily 3
      ID: time, enabled:1, value: Mon Jan 23 10:49:00 2012
      ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
      ID: weekdays, enabled:1
        ID: monday, enabled:1, value: false
        ID: tuesday, enabled:1, value: false
        ID: wednesday, enabled:1, value: false
        ID: thursday, enabled:1, value: false
        ID: friday, enabled:1, value: false
        ID: saturday, enabled:1, value: false
        ID: sunday, enabled:1, value: false
      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
      ID: scanprofile, enabled:1, value: 
      ID: auto_deal_with_infections, enabled:1, value: false
    ID: updatedaily4, enabled:1, value: Daily 4
      ID: time, enabled:1, value: Mon Jan 23 16:49:00 2012
      ID: frequency, enabled:1, value: daily, domain: daily,monthly,once,systemstart,weekly
      ID: weekdays, enabled:1
        ID: monday, enabled:1, value: false
        ID: tuesday, enabled:1, value: false
        ID: wednesday, enabled:1, value: false
        ID: thursday, enabled:1, value: false
        ID: friday, enabled:1, value: false
        ID: saturday, enabled:1, value: false
        ID: sunday, enabled:1, value: false
      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
      ID: scanprofile, enabled:1, value: 
      ID: auto_deal_with_infections, enabled:1, value: false
    ID: updateweekly1, enabled:1, value: Weekly
      ID: time, enabled:1, value: Mon Jan 23 22:49:00 2012
      ID: frequency, enabled:1, value: weekly, domain: daily,monthly,once,systemstart,weekly
      ID: weekdays, enabled:1
        ID: monday, enabled:1, value: true
        ID: tuesday, enabled:1, value: false
        ID: wednesday, enabled:1, value: false
        ID: thursday, enabled:1, value: true
        ID: friday, enabled:1, value: false
        ID: saturday, enabled:1, value: false
        ID: sunday, enabled:1, value: false
      ID: monthly, enabled:1, value: 1, minvalue: 1, maxvalue: 31
      ID: scanprofile, enabled:1, value: 
      ID: auto_deal_with_infections, enabled:1, value: false

Appearance settings:
ID: appearance, enabled:1
  ID: skin, enabled:1, value: default.egl, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Resource
  ID: showtrayicon, enabled:1, value: true
  ID: autoentertainmentmode, enabled:1, value: true
  ID: guimode, enabled:1, value: mode_simple, domain: mode_advanced,mode_simple
  ID: language, enabled:1, value: en, reglocation: HKEY_LOCAL_MACHINE\SOFTWARE\Lavasoft\Ad-Aware\Language

Realtime protection settings:
ID: realtime, enabled:1
  ID: infomessages, enabled:1, value: onlyimportant, domain: display,dontnotify,onlyimportant
  ID: layers, enabled:1
    ID: useantivirus, enabled:1, value: true
    ID: usespywareheuristics, enabled:1, value: true
    ID: maintainbackup, enabled:1, value: true
  ID: modules, enabled:1
    ID: processprotection, enabled:1, value: true
    ID: onaccessprotection, enabled:1, value: true
    ID: registryprotection, enabled:1, value: true
    ID: networkprotection, enabled:1, value: true


****************************** System information ******************************
Computer name: BLUBB-NEU
Processor name: Intel(R) Core(TM) i3 CPU         550  @ 3.20GHz
Processor identifier: Intel64 Family 6 Model 37 Stepping 5
Processor speed: ~3192MHZ
Raw info: processorarchitecture 9, processortype 8664, processorlevel 6, processor revision 9477, number of processors 4, processor features: [MMX,SSE,SSE2,SSE3]
Physical memory available: 3451625472 bytes
Physical memory total: 6298877952 bytes
Virtual memory available: 1886597120 bytes
Virtual memory total: 2147352576 bytes
Memory load: 45%
Microsoft  Service Pack 1 (build 7601)
Windows startup mode:

Running processes:
PID: 324 name: C:\Windows\System32\smss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 484 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 532 name: C:\Windows\System32\wininit.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 560 name: C:\Windows\System32\csrss.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 600 name: C:\Windows\System32\services.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 616 name: C:\Windows\System32\lsass.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 624 name: C:\Windows\System32\lsm.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 736 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 804 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 844 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 900 name: C:\Windows\System32\winlogon.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 944 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 988 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 116 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1032 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 1112 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 1224 name: C:\Windows\System32\nvvsvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1432 name: C:\Windows\System32\spoolsv.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1460 name: C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1496 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 1664 name: C:\Program Files\SUPERAntiSpyware\SASCore64.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1692 name: C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1712 name: C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1748 name: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1808 name: C:\Program Files\Bonjour\mDNSResponder.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1848 name: C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1920 name: C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1948 name: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1984 name: C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1244 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 1360 name: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE owner: SYSTEM domain: NT-AUTORITÄT
PID: 1384 name: C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2264 name: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE owner: SYSTEM domain: NT-AUTORITÄT
PID: 2588 name: C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2596 name: C:\Windows\System32\conhost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2620 name: C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2640 name: C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2836 name: C:\Windows\System32\WUDFHost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 2924 name: C:\Windows\System32\svchost.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 1088 name: C:\Windows\System32\svchost.exe owner: LOKALER DIENST domain: NT-AUTORITÄT
PID: 2800 name: C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3048 name: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2996 name: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 1396 name: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3104 name: C:\Windows\System32\svchost.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3140 name: C:\Program Files\Windows Media Player\wmpnetwk.exe owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 3200 name: C:\Windows\System32\SearchIndexer.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 3632 name: C:\Windows\System32\taskhost.exe owner: Blubb domain: Blubb-Neu
PID: 3680 name: C:\Windows\System32\dwm.exe owner: Blubb domain: Blubb-Neu
PID: 3704 name: C:\Windows\explorer.exe owner: Blubb domain: Blubb-Neu
PID: 3988 name: C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe owner: Blubb domain: Blubb-Neu
PID: 3996 name: C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe owner: Blubb domain: Blubb-Neu
PID: 4020 name: C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE owner: Blubb domain: Blubb-Neu
PID: 1020 name: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe owner: Blubb domain: Blubb-Neu
PID: 1536 name: C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe owner: Blubb domain: Blubb-Neu
PID: 3656 name: C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE owner: Blubb domain: Blubb-Neu
PID: 3948 name: C:\Windows\splwow64.exe owner: Blubb domain: Blubb-Neu
PID: 4416 name: C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe owner: Blubb domain: Blubb-Neu
PID: 4428 name: C:\Program Files (x86)\iTunes\iTunesHelper.exe owner: Blubb domain: Blubb-Neu
PID: 2988 name: C:\Program Files\iPod\bin\iPodService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 4792 name: C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE owner: NETZWERKDIENST domain: NT-AUTORITÄT
PID: 4308 name: C:\Program Files (x86)\iTunes\iTunes.exe owner: Blubb domain: Blubb-Neu
PID: 4156 name: C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe owner: Blubb domain: Blubb-Neu
PID: 4256 name: C:\Windows\System32\conhost.exe owner: Blubb domain: Blubb-Neu
PID: 1960 name: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe owner: Blubb domain: Blubb-Neu
PID: 1356 name: C:\Windows\System32\conhost.exe owner: Blubb domain: Blubb-Neu
PID: 4352 name: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe owner: Blubb domain: Blubb-Neu
PID: 4956 name: C:\Program Files\Microsoft Office\Office14\WINWORD.EXE owner: Blubb domain: Blubb-Neu
PID: 3028 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-Aware.exe owner: Blubb domain: Blubb-Neu
PID: 3944 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 2900 name: C:\Windows\System32\wbem\unsecapp.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 4948 name: C:\Windows\System32\wbem\WmiPrvSE.exe owner: SYSTEM domain: NT-AUTORITÄT
PID: 5104 name: C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe owner: Blubb domain: Blubb-Neu

Startup items:
Name: WebCheck
          imagepath: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Name: IAStorIcon
          imagepath: C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
Name: HP Software Update
          imagepath: c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
Name: Norton Online Backup
          imagepath: C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
Name: Adobe ARM
          imagepath: "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Name: APSDaemon
          imagepath: "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
Name: QuickTime Task
          imagepath: "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Name: CanonSolutionMenuEx
          imagepath: C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
Name: Malwarebytes' Anti-Malware
          imagepath: "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
Name: avgnt
          imagepath: "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
Name: iTunesHelper
          imagepath: "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
Name: 
          imagepath: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
Name: 
          location: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
          imagepath: C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe

Bootexecute items:
Name: 
          imagepath: autocheck autochk *
Name: 
          imagepath: lsdelete

Running services:
Name: !SASCORE
          displayname: SAS Core Service
Name: AdobeARMservice
          displayname: Adobe Acrobat Update Service
Name: AntiVirMailService
          displayname: Avira Email Schutz
Name: AntiVirSchedulerService
          displayname: Avira Planer
Name: AntiVirService
          displayname: Avira Echtzeit Scanner
Name: AntiVirWebService
          displayname: Avira Browser Schutz
Name: Appinfo
          displayname: Anwendungsinformationen
Name: Apple Mobile Device
          displayname: Apple Mobile Device
Name: AudioEndpointBuilder
          displayname: Windows-Audio-Endpunkterstellung
Name: AudioSrv
          displayname: Windows-Audio
Name: BFE
          displayname: Basisfiltermodul
Name: BITS
          displayname: Intelligenter Hintergrundübertragungsdienst
Name: Bonjour Service
          displayname: Dienst "Bonjour"
Name: CryptSvc
          displayname: Kryptografiedienste
Name: DcomLaunch
          displayname: DCOM-Server-Prozessstart
Name: Dhcp
          displayname: DHCP-Client
Name: Dnscache
          displayname: DNS-Client
Name: DPS
          displayname: Diagnoserichtliniendienst
Name: eventlog
          displayname: Windows-Ereignisprotokoll
Name: EventSystem
          displayname: COM+-Ereignissystem
Name: FontCache
          displayname: Windows-Dienst für Schriftartencache
Name: gpsvc
          displayname: Gruppenrichtlinienclient
Name: hidserv
          displayname: Zugriff auf Eingabegeräte
Name: HP Support Assistant Service
          displayname: HP Support Assistant Service
Name: HPClientSvc
          displayname: HP Client Services
Name: HPDrvMntSvc.exe
          displayname: HP Quick Synchronization Service
Name: IAStorDataMgrSvc
          displayname: Intel(R) Rapid Storage Technology
Name: IKEEXT
          displayname: IKE- und AuthIP IPsec-Schlüsselerstellungsmodule
Name: iphlpsvc
          displayname: IP-Hilfsdienst
Name: iPod Service
          displayname: iPod-Dienst
Name: LanmanServer
          displayname: Server
Name: LanmanWorkstation
          displayname: Arbeitsstationsdienst
Name: Lavasoft Ad-Aware Service
          displayname: Lavasoft Ad-Aware Service
Name: lmhosts
          displayname: TCP/IP-NetBIOS-Hilfsdienst
Name: LMS
          displayname: Intel(R) Management and Security Application Local Management Service
Name: MBAMService
          displayname: MBAMService
Name: MMCSS
          displayname: Multimediaklassenplaner
Name: MpsSvc
          displayname: Windows-Firewall
Name: Netman
          displayname: Netzwerkverbindungen
Name: netprofm
          displayname: Netzwerklistendienst
Name: NlaSvc
          displayname: NLA (Network Location Awareness)
Name: NOBU
          displayname: Norton Online Backup
Name: nsi
          displayname: Netzwerkspeicher-Schnittstellendienst
Name: nvsvc
          displayname: NVIDIA Display Driver Service
Name: osppsvc
          displayname: Office Software Protection Platform
Name: PcaSvc
          displayname: Programmkompatibilitäts-Assistent-Dienst
Name: PlugPlay
          displayname: Plug & Play
Name: PolicyAgent
          displayname: IPsec-Richtlinien-Agent
Name: Power
          displayname: Stromversorgung
Name: ProfSvc
          displayname: Benutzerprofildienst
Name: ProtectedStorage
          displayname: Geschützter Speicher
Name: RasMan
          displayname: RAS-Verbindungsverwaltung
Name: RpcEptMapper
          displayname: RPC-Endpunktzuordnung
Name: RpcSs
          displayname: Remoteprozeduraufruf (RPC)
Name: SamSs
          displayname: Sicherheitskonto-Manager
Name: SBSDWSCService
          displayname: SBSD Security Center Service
Name: Schedule
          displayname: Aufgabenplanung
Name: seclogon
          displayname: Sekundäre Anmeldung
Name: SENS
          displayname: Benachrichtigungsdienst für Systemereignisse
Name: ShellHWDetection
          displayname: Shellhardwareerkennung
Name: Spooler
          displayname: Druckwarteschlange
Name: SSDPSRV
          displayname: SSDP-Suche
Name: SstpSvc
          displayname: SSTP-Dienst
Name: stisvc
          displayname: Windows-Bilderfassung (WIA)
Name: SysMain
          displayname: Superfetch
Name: TapiSrv
          displayname: Telefonie
Name: Themes
          displayname: Designs
Name: TrkWks
          displayname: Überwachung verteilter Verknüpfungen (Client)
Name: UNS
          displayname: Intel(R) Management & Security Application User Notification Service
Name: upnphost
          displayname: UPnP-Gerätehost
Name: UxSms
          displayname: Sitzungs-Manager für Desktopfenster-Manager
Name: WdiServiceHost
          displayname: Diagnosediensthost
Name: WinDefend
          displayname: Windows Defender
Name: Winmgmt
          displayname: Windows-Verwaltungsinstrumentation
Name: wlidsvc
          displayname: Windows Live ID Sign-in Assistant
Name: WMPNetworkSvc
          displayname: Windows Media Player-Netzwerkfreigabedienst
Name: WPDBusEnum
          displayname: Enumeratordienst für tragbare Geräte
Name: wscsvc
          displayname: Sicherheitscenter
Name: WSearch
          displayname: Windows Search
Name: wuauserv
          displayname: Windows Update
Name: wudfsvc
          displayname: Windows Driver Foundation - Benutzermodus-Treiberframework

SuperAntiSpyware:

Code:

ATTFilter

 SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 01/25/2012 at 11:23 PM

Application Version : 5.0.1142

Core Rules Database Version : 8154
Trace Rules Database Version: 5966

Scan type       : Complete Scan
Total Scan Time : 00:45:22

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 616
Memory threats detected   : 0
Registry items scanned    : 42377
Registry threats detected : 0
File items scanned        : 75917
File threats detected     : 9

Adware.Tracking Cookie
	C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Cookies\EEJZNVNQ.txt [ /eas.apm.emediate.eu ]
	C:\Users\Blubb\AppData\Roaming\Microsoft\Windows\Cookies\52XPJI6W.txt [ /invitemedia.com ]
	C:\USERS\BLUBB\AppData\Roaming\Microsoft\Windows\Cookies\Low\GXMHDDDS.txt [ Cookie:blubb@webmasterplan.com/ ]
	C:\USERS\BLUBB\AppData\Roaming\Microsoft\Windows\Cookies\Low\IQR2ITI5.txt [ Cookie:blubb@www.zanox-affiliate.de/ ]
	C:\USERS\BLUBB\AppData\Roaming\Microsoft\Windows\Cookies\Low\VLMOVD8I.txt [ Cookie:blubb@zanox.com/ ]
	C:\USERS\BLUBB\AppData\Roaming\Microsoft\Windows\Cookies\Low\NQSR89KX.txt [ Cookie:blubb@accounts.google.com/ ]
	C:\USERS\BLUBB\AppData\Roaming\Microsoft\Windows\Cookies\Low\XQ0KUM41.txt [ Cookie:blubb@ad.zanox.com/ ]
	C:\USERS\BLUBB\AppData\Roaming\Microsoft\Windows\Cookies\Low\2WC65FL9.txt [ Cookie:blubb@adx.chip.de/ ]
	C:\USERS\BLUBB\Cookies\EEJZNVNQ.txt [ Cookie:blubb@eas.apm.emediate.eu/ ]

OTL, das doch noch klappte, nachdem ich die Hosts-Datei einfach gelöscht habe (jemand meinte, ich könnte das durchaus tun):
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 1/25/2012 11:43:18 PM - Run 8
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Blubb\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5.87 Gb Total Physical Memory | 3.12 Gb Available Physical Memory | 53.12% Memory free
11.73 Gb Paging File | 9.19 Gb Available in Paging File | 78.34% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.55 Gb Total Space | 732.89 Gb Free Space | 79.87% Space Free | Partition Type: NTFS
Drive D: | 13.87 Gb Total Space | 1.68 Gb Free Space | 12.10% Space Free | Partition Type: NTFS
 
Computer Name: BLUBB-NEU | User Name: Blubb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/01/24 11:50:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Blubb\Desktop\OTL.exe
PRC - [2012/01/23 13:37:05 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/11/01 23:25:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2011/10/28 19:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/10/28 19:35:26 | 001,187,072 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/10/11 15:05:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/11 15:05:48 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/10/11 15:05:46 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/11 15:05:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/04 04:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/10/01 05:02:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 05:02:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/20 18:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/12/29 19:46:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 08:06:52 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll
MOD - [2011/10/13 08:01:16 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/13 08:01:11 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/13 08:01:02 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/13 08:00:58 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/13 08:00:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/13 08:00:55 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/13 08:00:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010/11/13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/08/12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/08/06 03:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/01/23 13:37:05 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/28 19:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/11 15:05:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 15:05:48 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/10/11 15:05:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/04/24 13:13:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/10/01 05:02:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/10/01 05:02:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/01/23 13:37:08 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/10/28 19:35:28 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/10/11 15:06:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/10/11 15:06:11 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
DRV:64bit: - [2011/05/10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/03 07:59:26 | 000,349,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/06/22 02:07:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2012/01/23 22:51:46 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
Hosts file not found
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Corel Photo Downloader] C:\Program Files (x86)\Corel\Corel Snapfire\Corel Photo Downloader.exe (Corel, Inc.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B863EC08-5BA9-4F6F-A3E8-A201DB2FFA90}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FED421C8-E781-4DF8-8530-40B09201897C}: DhcpNameServer = 10.111.81.129 10.129.32.1
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/25 13:40:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/01/24 12:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/01/24 12:28:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012/01/24 11:50:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Blubb\Desktop\OTL.exe
[2012/01/23 22:48:48 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2012/01/23 22:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2012/01/23 22:48:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2012/01/23 19:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/23 19:15:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/23 19:15:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/01/23 19:15:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/23 14:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/01/23 01:15:22 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Roaming\SUPERAntiSpyware.com
[2012/01/23 01:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/01/23 01:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/01/23 01:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/01/22 21:11:11 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Roaming\Avira
[2012/01/22 21:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/01/22 21:10:54 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/01/22 21:10:54 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/01/22 21:10:54 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/01/22 21:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/01/22 21:10:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/01/11 22:00:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/01/06 22:07:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012/01/05 16:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\PDFC
[2012/01/03 23:00:46 | 000,000,000 | ---D | C] -- C:\Users\Blubb\Documents\FILSHtray
[2012/01/03 23:00:46 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Local\FILSH_Media_GmbH
[2011/12/29 17:19:32 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/12/29 17:12:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/29 17:12:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/29 17:12:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/29 17:12:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/29 17:12:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/29 01:33:07 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/12/27 02:18:45 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Local\WMTools Downloaded Files
[2011/12/27 01:43:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2011/12/27 01:43:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/12/27 01:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2011/12/27 01:40:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2011/12/27 01:40:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2011/12/27 01:39:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/12/27 01:39:43 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2011/12/27 00:51:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Movie Maker 2.6
[2011/12/27 00:47:10 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/25 19:24:56 | 000,839,856 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/25 19:24:56 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/01/25 19:24:56 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/01/25 19:24:56 | 000,004,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/25 19:24:56 | 000,004,062 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/25 13:03:11 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/25 13:03:11 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/25 12:55:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/25 12:55:38 | 429,191,167 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/24 12:38:14 | 000,046,962 | ---- | M] () -- C:\Users\Blubb\Documents\otl2.7z
[2012/01/24 12:29:25 | 000,073,726 | ---- | M] () -- C:\Users\Blubb\Desktop\OTL.rar
[2012/01/24 11:50:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Blubb\Desktop\OTL.exe
[2012/01/24 11:50:33 | 000,050,477 | ---- | M] () -- C:\Users\Blubb\Desktop\Defogger.exe
[2012/01/24 11:41:34 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/01/24 11:41:33 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/01/23 22:51:45 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2012/01/23 22:48:49 | 000,001,022 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2012/01/23 19:15:56 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/23 19:12:39 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/01/23 14:31:44 | 000,016,150 | ---- | M] () -- C:\Users\Blubb\Desktop\term.odt
[2012/01/23 14:06:39 | 000,001,224 | ---- | M] () -- C:\Users\Blubb\Desktop\Spybot - Search & Destroy.lnk
[2012/01/23 13:37:08 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/01/23 01:15:11 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/22 21:11:02 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/01/21 20:34:12 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBlubb.job
[2012/01/08 18:11:01 | 000,000,052 | ---- | M] () -- C:\Windows\SysNative\ashttpstats.csv
[2012/01/08 12:00:56 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/01/08 12:00:56 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/01/05 02:04:02 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBLUBB-NEU$.job
[2011/12/29 19:45:39 | 001,589,442 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/28 20:53:35 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011/12/28 16:28:52 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
[2011/12/27 14:08:34 | 002,350,352 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011/12/27 02:10:39 | 000,003,584 | ---- | M] () -- C:\Users\Blubb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/27 00:50:11 | 000,003,029 | ---- | M] () -- C:\Users\Blubb\Desktop\Microsoft Word 2010.lnk
[2011/12/27 00:50:08 | 000,003,231 | ---- | M] () -- C:\Users\Blubb\Desktop\Microsoft Outlook 2010.lnk
 
========== Files Created - No Company Name ==========
 
[2012/01/24 12:37:16 | 000,046,962 | ---- | C] () -- C:\Users\Blubb\Documents\otl2.7z
[2012/01/24 12:29:25 | 000,073,726 | ---- | C] () -- C:\Users\Blubb\Desktop\OTL.rar
[2012/01/24 11:50:33 | 000,050,477 | ---- | C] () -- C:\Users\Blubb\Desktop\Defogger.exe
[2012/01/24 11:41:34 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/01/24 11:41:33 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/01/24 00:21:10 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2012/01/23 22:48:49 | 000,001,022 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2012/01/23 19:15:56 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/23 14:06:39 | 000,001,224 | ---- | C] () -- C:\Users\Blubb\Desktop\Spybot - Search & Destroy.lnk
[2012/01/23 01:15:11 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/22 21:11:02 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011/12/30 20:02:46 | 000,016,150 | ---- | C] () -- C:\Users\Blubb\Desktop\term.odt
[2011/12/29 17:12:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/29 17:12:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/29 17:12:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/29 17:12:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/29 17:12:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/28 20:53:35 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011/12/27 02:10:39 | 000,003,584 | ---- | C] () -- C:\Users\Blubb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/27 00:51:13 | 000,002,507 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Movie Maker 2.6.lnk
[2011/12/27 00:50:11 | 000,003,029 | ---- | C] () -- C:\Users\Blubb\Desktop\Microsoft Word 2010.lnk
[2011/12/27 00:50:08 | 000,003,231 | ---- | C] () -- C:\Users\Blubb\Desktop\Microsoft Outlook 2010.lnk
[2011/08/17 17:21:54 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2011/08/17 17:21:48 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011/07/08 20:28:06 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2011/06/10 14:25:13 | 000,001,854 | ---- | C] () -- C:\Users\Blubb\AppData\Roaming\GhostObjGAFix.xml
[2011/05/29 03:43:33 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/29 03:43:33 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/22 16:27:42 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/21 16:42:01 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2011/04/21 15:57:48 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/06 04:32:35 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010/09/21 18:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011/04/23 20:45:59 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Amazon
[2011/05/18 20:02:10 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\BitDefender
[2012/01/13 21:15:14 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Canon
[2011/12/07 21:31:54 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Dropbox
[2011/10/06 02:02:19 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\FreeHideIP
[2012/01/25 13:36:09 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\ICQ
[2011/10/21 21:48:38 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Origin
[2011/04/21 16:06:39 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\PictureMover
[2011/07/08 20:15:32 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Systweak
[2011/10/21 14:02:15 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\WinBatch
[2011/12/05 21:24:48 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

interaktion · 26.01.2012, 00:01

Uuuund noch Kaspersky:

Kaspersky root-kid Dings:

Code:

ATTFilter

23:55:09.0418 4652	TDSS rootkit removing tool 2.7.7.0 Jan 24 2012 16:44:27
23:55:09.0564 4652	============================================================
23:55:09.0564 4652	Current date / time: 2012/01/25 23:55:09.0564
23:55:09.0564 4652	SystemInfo:
23:55:09.0564 4652	
23:55:09.0564 4652	OS Version: 6.1.7601 ServicePack: 1.0
23:55:09.0564 4652	Product type: Workstation
23:55:09.0564 4652	ComputerName: BLUBB-NEU
23:55:09.0565 4652	UserName: Blubb
23:55:09.0565 4652	Windows directory: C:\Windows
23:55:09.0565 4652	System windows directory: C:\Windows
23:55:09.0565 4652	Running under WOW64
23:55:09.0565 4652	Processor architecture: Intel x64
23:55:09.0565 4652	Number of processors: 4
23:55:09.0565 4652	Page size: 0x1000
23:55:09.0565 4652	Boot type: Normal boot
23:55:09.0565 4652	============================================================
23:55:10.0043 4652	Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:55:10.0105 4652	Initialize success
23:55:14.0340 4348	============================================================
23:55:14.0340 4348	Scan started
23:55:14.0340 4348	Mode: Manual; SigCheck; TDLFS; 
23:55:14.0340 4348	============================================================
23:55:16.0125 4348	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
23:55:16.0254 4348	1394ohci - ok
23:55:16.0299 4348	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
23:55:16.0330 4348	ACPI - ok
23:55:16.0373 4348	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
23:55:16.0416 4348	AcpiPmi - ok
23:55:16.0500 4348	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:55:16.0536 4348	adp94xx - ok
23:55:16.0578 4348	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:55:16.0597 4348	adpahci - ok
23:55:16.0624 4348	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:55:16.0642 4348	adpu320 - ok
23:55:16.0687 4348	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
23:55:16.0756 4348	AFD - ok
23:55:16.0786 4348	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
23:55:16.0803 4348	agp440 - ok
23:55:16.0838 4348	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
23:55:16.0855 4348	aliide - ok
23:55:16.0891 4348	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
23:55:16.0910 4348	amdide - ok
23:55:16.0952 4348	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:55:17.0004 4348	AmdK8 - ok
23:55:17.0023 4348	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:55:17.0038 4348	AmdPPM - ok
23:55:17.0081 4348	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
23:55:17.0101 4348	amdsata - ok
23:55:17.0137 4348	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:55:17.0159 4348	amdsbs - ok
23:55:17.0190 4348	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
23:55:17.0203 4348	amdxata - ok
23:55:17.0296 4348	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
23:55:17.0360 4348	AppID - ok
23:55:17.0407 4348	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:55:17.0415 4348	arc - ok
23:55:17.0440 4348	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:55:17.0448 4348	arcsas - ok
23:55:17.0491 4348	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:55:17.0520 4348	AsyncMac - ok
23:55:17.0551 4348	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
23:55:17.0561 4348	atapi - ok
23:55:17.0599 4348	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
23:55:17.0627 4348	avgntflt - ok
23:55:17.0642 4348	avipbb          (f1c9db5f7b2a56a0b29667d22ba540fc) C:\Windows\system32\DRIVERS\avipbb.sys
23:55:17.0651 4348	avipbb - ok
23:55:17.0668 4348	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
23:55:17.0675 4348	avkmgr - ok
23:55:17.0710 4348	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:55:17.0761 4348	b06bdrv - ok
23:55:17.0792 4348	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:55:17.0820 4348	b57nd60a - ok
23:55:17.0849 4348	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:55:17.0888 4348	Beep - ok
23:55:17.0925 4348	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:55:17.0937 4348	blbdrive - ok
23:55:17.0968 4348	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
23:55:17.0996 4348	bowser - ok
23:55:18.0020 4348	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:55:18.0069 4348	BrFiltLo - ok
23:55:18.0089 4348	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:55:18.0123 4348	BrFiltUp - ok
23:55:18.0148 4348	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:55:18.0190 4348	Brserid - ok
23:55:18.0210 4348	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:55:18.0231 4348	BrSerWdm - ok
23:55:18.0245 4348	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:55:18.0273 4348	BrUsbMdm - ok
23:55:18.0308 4348	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:55:18.0370 4348	BrUsbSer - ok
23:55:18.0419 4348	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:55:18.0457 4348	BTHMODEM - ok
23:55:18.0492 4348	catchme - ok
23:55:18.0513 4348	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:55:18.0560 4348	cdfs - ok
23:55:18.0605 4348	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
23:55:18.0629 4348	cdrom - ok
23:55:18.0653 4348	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:55:18.0684 4348	circlass - ok
23:55:18.0715 4348	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:55:18.0734 4348	CLFS - ok
23:55:18.0774 4348	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:55:18.0789 4348	CmBatt - ok
23:55:18.0840 4348	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
23:55:18.0863 4348	cmdide - ok
23:55:18.0930 4348	CNG             (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
23:55:18.0970 4348	CNG - ok
23:55:18.0985 4348	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:55:18.0997 4348	Compbatt - ok
23:55:19.0048 4348	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
23:55:19.0091 4348	CompositeBus - ok
23:55:19.0123 4348	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:55:19.0138 4348	crcdisk - ok
23:55:19.0195 4348	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
23:55:19.0268 4348	DfsC - ok
23:55:19.0290 4348	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:55:19.0323 4348	discache - ok
23:55:19.0371 4348	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:55:19.0395 4348	Disk - ok
23:55:19.0437 4348	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:55:19.0476 4348	drmkaud - ok
23:55:19.0515 4348	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
23:55:19.0551 4348	DXGKrnl - ok
23:55:19.0625 4348	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:55:19.0723 4348	ebdrv - ok
23:55:19.0764 4348	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:55:19.0784 4348	elxstor - ok
23:55:19.0834 4348	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
23:55:19.0870 4348	ErrDev - ok
23:55:19.0919 4348	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:55:19.0967 4348	exfat - ok
23:55:19.0996 4348	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:55:20.0027 4348	fastfat - ok
23:55:20.0042 4348	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:55:20.0066 4348	fdc - ok
23:55:20.0090 4348	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:55:20.0103 4348	FileInfo - ok
23:55:20.0116 4348	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:55:20.0151 4348	Filetrace - ok
23:55:20.0161 4348	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:55:20.0170 4348	flpydisk - ok
23:55:20.0204 4348	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
23:55:20.0216 4348	FltMgr - ok
23:55:20.0235 4348	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:55:20.0243 4348	FsDepends - ok
23:55:20.0259 4348	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
23:55:20.0270 4348	Fs_Rec - ok
23:55:20.0304 4348	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:55:20.0318 4348	fvevol - ok
23:55:20.0346 4348	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:55:20.0356 4348	gagp30kx - ok
23:55:20.0391 4348	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:55:20.0398 4348	GEARAspiWDM - ok
23:55:20.0425 4348	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:55:20.0454 4348	hcw85cir - ok
23:55:20.0505 4348	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
23:55:20.0535 4348	HdAudAddService - ok
23:55:20.0556 4348	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
23:55:20.0576 4348	HDAudBus - ok
23:55:20.0611 4348	HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
23:55:20.0622 4348	HECIx64 - ok
23:55:20.0637 4348	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:55:20.0654 4348	HidBatt - ok
23:55:20.0666 4348	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:55:20.0687 4348	HidBth - ok
23:55:20.0715 4348	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:55:20.0744 4348	HidIr - ok
23:55:20.0780 4348	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
23:55:20.0810 4348	HidUsb - ok
23:55:20.0856 4348	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
23:55:20.0869 4348	HpSAMD - ok
23:55:20.0906 4348	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
23:55:20.0950 4348	HTTP - ok
23:55:20.0987 4348	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
23:55:20.0997 4348	hwpolicy - ok
23:55:21.0015 4348	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
23:55:21.0026 4348	i8042prt - ok
23:55:21.0065 4348	iaStor          (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys
23:55:21.0095 4348	iaStor - ok
23:55:21.0120 4348	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
23:55:21.0138 4348	iaStorV - ok
23:55:21.0154 4348	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:55:21.0162 4348	iirsp - ok
23:55:21.0213 4348	IntcAzAudAddService (3c4b4ee54febb09f7e9f58776de96dca) C:\Windows\system32\drivers\RTKVHD64.sys
23:55:21.0293 4348	IntcAzAudAddService - ok
23:55:21.0308 4348	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
23:55:21.0319 4348	intelide - ok
23:55:21.0358 4348	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:55:21.0369 4348	intelppm - ok
23:55:21.0405 4348	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:55:21.0443 4348	IpFilterDriver - ok
23:55:21.0458 4348	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
23:55:21.0483 4348	IPMIDRV - ok
23:55:21.0504 4348	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:55:21.0558 4348	IPNAT - ok
23:55:21.0602 4348	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:55:21.0639 4348	IRENUM - ok
23:55:21.0668 4348	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
23:55:21.0683 4348	isapnp - ok
23:55:21.0711 4348	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
23:55:21.0732 4348	iScsiPrt - ok
23:55:21.0752 4348	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:55:21.0767 4348	kbdclass - ok
23:55:21.0798 4348	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
23:55:21.0832 4348	kbdhid - ok
23:55:21.0862 4348	KSecDD          (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
23:55:21.0884 4348	KSecDD - ok
23:55:21.0926 4348	KSecPkg         (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
23:55:21.0945 4348	KSecPkg - ok
23:55:21.0964 4348	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:55:22.0030 4348	ksthunk - ok
23:55:22.0098 4348	Lavasoft Kernexplorer (9a7fa6371f68335fd3c3d6488bc5a9f8) C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys
23:55:22.0115 4348	Lavasoft Kernexplorer - ok
23:55:22.0152 4348	Lbd             (c8b3131857931ae76798a741cc52b021) C:\Windows\system32\DRIVERS\Lbd.sys
23:55:22.0167 4348	Lbd - ok
23:55:22.0198 4348	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:55:22.0271 4348	lltdio - ok
23:55:22.0317 4348	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:55:22.0332 4348	LSI_FC - ok
23:55:22.0354 4348	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:55:22.0366 4348	LSI_SAS - ok
23:55:22.0382 4348	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:55:22.0392 4348	LSI_SAS2 - ok
23:55:22.0408 4348	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:55:22.0419 4348	LSI_SCSI - ok
23:55:22.0435 4348	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:55:22.0486 4348	luafv - ok
23:55:22.0524 4348	MBAMProtector   (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
23:55:22.0531 4348	MBAMProtector - ok
23:55:22.0552 4348	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:55:22.0560 4348	megasas - ok
23:55:22.0596 4348	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:55:22.0622 4348	MegaSR - ok
23:55:22.0647 4348	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:55:22.0693 4348	Modem - ok
23:55:22.0716 4348	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:55:22.0735 4348	monitor - ok
23:55:22.0766 4348	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
23:55:22.0775 4348	mouclass - ok
23:55:22.0803 4348	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:55:22.0831 4348	mouhid - ok
23:55:22.0861 4348	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
23:55:22.0873 4348	mountmgr - ok
23:55:22.0903 4348	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
23:55:22.0921 4348	mpio - ok
23:55:22.0951 4348	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:55:22.0992 4348	mpsdrv - ok
23:55:23.0020 4348	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
23:55:23.0035 4348	MRxDAV - ok
23:55:23.0054 4348	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:55:23.0089 4348	mrxsmb - ok
23:55:23.0118 4348	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:55:23.0155 4348	mrxsmb10 - ok
23:55:23.0179 4348	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:55:23.0198 4348	mrxsmb20 - ok
23:55:23.0222 4348	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
23:55:23.0241 4348	msahci - ok
23:55:23.0273 4348	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
23:55:23.0297 4348	msdsm - ok
23:55:23.0319 4348	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:55:23.0358 4348	Msfs - ok
23:55:23.0375 4348	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:55:23.0419 4348	mshidkmdf - ok
23:55:23.0435 4348	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
23:55:23.0446 4348	msisadrv - ok
23:55:23.0473 4348	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:55:23.0505 4348	MSKSSRV - ok
23:55:23.0516 4348	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:55:23.0548 4348	MSPCLOCK - ok
23:55:23.0564 4348	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:55:23.0594 4348	MSPQM - ok
23:55:23.0625 4348	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
23:55:23.0639 4348	MsRPC - ok
23:55:23.0658 4348	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
23:55:23.0669 4348	mssmbios - ok
23:55:23.0694 4348	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:55:23.0729 4348	MSTEE - ok
23:55:23.0740 4348	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:55:23.0762 4348	MTConfig - ok
23:55:23.0784 4348	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:55:23.0796 4348	Mup - ok
23:55:23.0826 4348	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:55:23.0857 4348	NativeWifiP - ok
23:55:23.0915 4348	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
23:55:23.0958 4348	NDIS - ok
23:55:23.0996 4348	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:55:24.0044 4348	NdisCap - ok
23:55:24.0071 4348	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:55:24.0104 4348	NdisTapi - ok
23:55:24.0138 4348	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
23:55:24.0187 4348	Ndisuio - ok
23:55:24.0221 4348	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
23:55:24.0275 4348	NdisWan - ok
23:55:24.0324 4348	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
23:55:24.0390 4348	NDProxy - ok
23:55:24.0432 4348	Netaapl         (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
23:55:24.0454 4348	Netaapl - ok
23:55:24.0479 4348	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:55:24.0551 4348	NetBIOS - ok
23:55:24.0586 4348	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
23:55:24.0653 4348	NetBT - ok
23:55:24.0693 4348	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:55:24.0705 4348	nfrd960 - ok
23:55:24.0743 4348	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:55:24.0779 4348	Npfs - ok
23:55:24.0796 4348	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:55:24.0841 4348	nsiproxy - ok
23:55:24.0893 4348	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
23:55:24.0943 4348	Ntfs - ok
23:55:24.0972 4348	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:55:25.0001 4348	Null - ok
23:55:25.0035 4348	NVHDA           (e20abd5b229760158f753ca90b97e090) C:\Windows\system32\drivers\nvhda64v.sys
23:55:25.0044 4348	NVHDA - ok
23:55:25.0241 4348	nvlddmkm        (2f1bc5c1320b07a7480240c4ca6f6387) C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:55:25.0536 4348	nvlddmkm - ok
23:55:25.0579 4348	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
23:55:25.0588 4348	nvraid - ok
23:55:25.0599 4348	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
23:55:25.0608 4348	nvstor - ok
23:55:25.0637 4348	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
23:55:25.0646 4348	nv_agp - ok
23:55:25.0660 4348	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
23:55:25.0680 4348	ohci1394 - ok
23:55:25.0736 4348	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:55:25.0753 4348	Parport - ok
23:55:25.0784 4348	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
23:55:25.0795 4348	partmgr - ok
23:55:25.0837 4348	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
23:55:25.0868 4348	pci - ok
23:55:25.0883 4348	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
23:55:25.0902 4348	pciide - ok
23:55:25.0923 4348	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:55:25.0949 4348	pcmcia - ok
23:55:25.0971 4348	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:55:25.0983 4348	pcw - ok
23:55:26.0009 4348	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:55:26.0064 4348	PEAUTH - ok
23:55:26.0108 4348	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
23:55:26.0154 4348	PptpMiniport - ok
23:55:26.0175 4348	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:55:26.0199 4348	Processor - ok
23:55:26.0236 4348	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
23:55:26.0299 4348	Psched - ok
23:55:26.0347 4348	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:55:26.0398 4348	ql2300 - ok
23:55:26.0412 4348	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:55:26.0425 4348	ql40xx - ok
23:55:26.0446 4348	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:55:26.0493 4348	QWAVEdrv - ok
23:55:26.0510 4348	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:55:26.0547 4348	RasAcd - ok
23:55:26.0575 4348	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:55:26.0614 4348	RasAgileVpn - ok
23:55:26.0649 4348	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:55:26.0711 4348	Rasl2tp - ok
23:55:26.0734 4348	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:55:26.0769 4348	RasPppoe - ok
23:55:26.0792 4348	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:55:26.0826 4348	RasSstp - ok
23:55:26.0865 4348	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
23:55:26.0901 4348	rdbss - ok
23:55:26.0917 4348	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:55:26.0929 4348	rdpbus - ok
23:55:26.0952 4348	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:55:26.0985 4348	RDPCDD - ok
23:55:27.0004 4348	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:55:27.0037 4348	RDPENCDD - ok
23:55:27.0048 4348	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:55:27.0078 4348	RDPREFMP - ok
23:55:27.0113 4348	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
23:55:27.0145 4348	RDPWD - ok
23:55:27.0173 4348	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
23:55:27.0185 4348	rdyboost - ok
23:55:27.0223 4348	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:55:27.0258 4348	rspndr - ok
23:55:27.0301 4348	RTL8167         (b15c021c2c9bb217a799d9532e8f04d4) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:55:27.0320 4348	RTL8167 - ok
23:55:27.0371 4348	SASDIFSV        (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
23:55:27.0385 4348	SASDIFSV - ok
23:55:27.0407 4348	SASKUTIL        (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
23:55:27.0419 4348	SASKUTIL - ok
23:55:27.0457 4348	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
23:55:27.0476 4348	sbp2port - ok
23:55:27.0524 4348	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
23:55:27.0591 4348	scfilter - ok
23:55:27.0621 4348	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:55:27.0654 4348	secdrv - ok
23:55:27.0681 4348	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:55:27.0707 4348	Serenum - ok
23:55:27.0730 4348	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:55:27.0789 4348	Serial - ok
23:55:27.0844 4348	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:55:27.0882 4348	sermouse - ok
23:55:27.0914 4348	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
23:55:27.0959 4348	sffdisk - ok
23:55:27.0969 4348	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
23:55:27.0988 4348	sffp_mmc - ok
23:55:28.0008 4348	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
23:55:28.0032 4348	sffp_sd - ok
23:55:28.0051 4348	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:55:28.0073 4348	sfloppy - ok
23:55:28.0104 4348	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:55:28.0116 4348	SiSRaid2 - ok
23:55:28.0145 4348	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:55:28.0156 4348	SiSRaid4 - ok
23:55:28.0190 4348	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:55:28.0230 4348	Smb - ok
23:55:28.0271 4348	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:55:28.0288 4348	spldr - ok
23:55:28.0329 4348	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
23:55:28.0354 4348	srv - ok
23:55:28.0383 4348	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
23:55:28.0416 4348	srv2 - ok
23:55:28.0441 4348	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
23:55:28.0459 4348	srvnet - ok
23:55:28.0487 4348	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:55:28.0496 4348	stexstor - ok
23:55:28.0524 4348	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
23:55:28.0534 4348	swenum - ok
23:55:28.0593 4348	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
23:55:28.0659 4348	Tcpip - ok
23:55:28.0708 4348	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
23:55:28.0744 4348	TCPIP6 - ok
23:55:28.0772 4348	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
23:55:28.0805 4348	tcpipreg - ok
23:55:28.0821 4348	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:55:28.0853 4348	TDPIPE - ok
23:55:28.0872 4348	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
23:55:28.0928 4348	TDTCP - ok
23:55:28.0975 4348	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
23:55:29.0027 4348	tdx - ok
23:55:29.0052 4348	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
23:55:29.0061 4348	TermDD - ok
23:55:29.0104 4348	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:55:29.0156 4348	tssecsrv - ok
23:55:29.0188 4348	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
23:55:29.0218 4348	TsUsbFlt - ok
23:55:29.0257 4348	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
23:55:29.0322 4348	tunnel - ok
23:55:29.0344 4348	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:55:29.0356 4348	uagp35 - ok
23:55:29.0396 4348	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
23:55:29.0449 4348	udfs - ok
23:55:29.0494 4348	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
23:55:29.0518 4348	uliagpkx - ok
23:55:29.0546 4348	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
23:55:29.0568 4348	umbus - ok
23:55:29.0590 4348	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:55:29.0603 4348	UmPass - ok
23:55:29.0642 4348	USBAAPL64       (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
23:55:29.0656 4348	USBAAPL64 - ok
23:55:29.0679 4348	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
23:55:29.0721 4348	usbccgp - ok
23:55:29.0752 4348	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
23:55:29.0793 4348	usbcir - ok
23:55:29.0811 4348	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
23:55:29.0823 4348	usbehci - ok
23:55:30.0008 4348	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
23:55:30.0058 4348	usbhub - ok
23:55:30.0096 4348	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
23:55:30.0134 4348	usbohci - ok
23:55:30.0157 4348	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:55:30.0183 4348	usbprint - ok
23:55:30.0212 4348	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
23:55:30.0248 4348	usbscan - ok
23:55:30.0270 4348	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:55:30.0314 4348	USBSTOR - ok
23:55:30.0350 4348	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
23:55:30.0371 4348	usbuhci - ok
23:55:30.0391 4348	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
23:55:30.0406 4348	vdrvroot - ok
23:55:30.0431 4348	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:55:30.0449 4348	vga - ok
23:55:30.0471 4348	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:55:30.0517 4348	VgaSave - ok
23:55:30.0550 4348	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
23:55:30.0565 4348	vhdmp - ok
23:55:30.0595 4348	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
23:55:30.0606 4348	viaide - ok
23:55:30.0621 4348	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
23:55:30.0634 4348	volmgr - ok
23:55:30.0670 4348	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
23:55:30.0695 4348	volmgrx - ok
23:55:30.0712 4348	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
23:55:30.0727 4348	volsnap - ok
23:55:30.0760 4348	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:55:30.0770 4348	vsmraid - ok
23:55:30.0787 4348	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
23:55:30.0801 4348	vwifibus - ok
23:55:30.0825 4348	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:55:30.0862 4348	WacomPen - ok
23:55:30.0882 4348	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:55:30.0920 4348	WANARP - ok
23:55:30.0931 4348	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
23:55:30.0962 4348	Wanarpv6 - ok
23:55:30.0976 4348	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:55:30.0985 4348	Wd - ok
23:55:31.0009 4348	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:55:31.0028 4348	Wdf01000 - ok
23:55:31.0056 4348	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:55:31.0090 4348	WfpLwf - ok
23:55:31.0098 4348	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:55:31.0105 4348	WIMMount - ok
23:55:31.0151 4348	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
23:55:31.0164 4348	WinUsb - ok
23:55:31.0186 4348	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
23:55:31.0197 4348	WmiAcpi - ok
23:55:31.0224 4348	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:55:31.0268 4348	ws2ifsl - ok
23:55:31.0301 4348	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
23:55:31.0331 4348	WudfPf - ok
23:55:31.0343 4348	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:55:31.0375 4348	WUDFRd - ok
23:55:31.0397 4348	MBR (0x1B8)     (af00fc1920e1cf861b39b90a4375edf3) \Device\Harddisk0\DR0
23:55:31.0519 4348	\Device\Harddisk0\DR0 - ok
23:55:31.0523 4348	Boot (0x1200)   (827353e27a3c09c8d813aefbe632a082) \Device\Harddisk0\DR0\Partition0
23:55:31.0524 4348	\Device\Harddisk0\DR0\Partition0 - ok
23:55:31.0555 4348	Boot (0x1200)   (ef9e8de7232a8495f564e9b20ad793ac) \Device\Harddisk0\DR0\Partition1
23:55:31.0557 4348	\Device\Harddisk0\DR0\Partition1 - ok
23:55:31.0582 4348	Boot (0x1200)   (151b777de72af199f17c558e70697b3c) \Device\Harddisk0\DR0\Partition2
23:55:31.0583 4348	\Device\Harddisk0\DR0\Partition2 - ok
23:55:31.0584 4348	============================================================
23:55:31.0584 4348	Scan finished
23:55:31.0584 4348	============================================================
23:55:31.0597 1584	Detected object count: 0
23:55:31.0597 1584	Actual detected object count: 0

Wie weiter?

cosinus · 26.01.2012, 15:09

Du hast keinen CustomScan gemacht. Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

interaktion · 26.01.2012, 21:37

Code:

ATTFilter

OTL logfile created on: 1/26/2012 8:48:59 PM - Run 9
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\Blubb\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5.87 Gb Total Physical Memory | 4.32 Gb Available Physical Memory | 73.63% Memory free
11.73 Gb Paging File | 10.02 Gb Available in Paging File | 85.40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 917.55 Gb Total Space | 732.11 Gb Free Space | 79.79% Space Free | Partition Type: NTFS
Drive D: | 13.87 Gb Total Space | 1.68 Gb Free Space | 12.10% Space Free | Partition Type: NTFS
 
Computer Name: BLUBB-NEU | User Name: Blubb | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/01/24 11:50:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Blubb\Desktop\OTL.exe
PRC - [2012/01/23 13:37:05 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
PRC - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/12/10 12:53:44 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011/10/11 15:05:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011/10/11 15:05:48 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2011/10/11 15:05:46 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011/10/11 15:05:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
PRC - [2010/04/02 10:18:54 | 001,185,112 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/04 04:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/10/01 05:02:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/10/01 05:02:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/11/20 18:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011/12/29 19:46:50 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011/10/13 08:06:52 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3c8f9ba115087754b5b1d8394fc818ba\IAStorUtil.ni.dll
MOD - [2011/10/13 08:01:16 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011/10/13 08:01:11 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011/10/13 08:01:02 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011/10/13 08:00:58 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011/10/13 08:00:56 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011/10/13 08:00:55 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011/10/13 08:00:52 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011/06/24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/06 04:54:22 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010/11/13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/08/12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010/08/06 03:51:08 | 000,291,896 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe -- (HPClientSvc)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/01/23 13:37:05 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2012/01/03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/12/24 17:50:18 | 000,652,872 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/10/28 19:35:26 | 002,152,152 | ---- | M] (Lavasoft Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/10/11 15:05:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011/10/11 15:05:48 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2011/10/11 15:05:46 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/21 14:57:34 | 000,085,560 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe -- (HP Support Assistant Service)
SRV - [2011/04/24 13:13:07 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/03/28 16:07:50 | 000,094,264 | ---- | M] (Hewlett-Packard Company) [Auto | Running] -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe -- (HPDrvMntSvc.exe)
SRV - [2010/06/01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2009/10/01 05:02:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009/10/01 05:02:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 14:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/01/23 13:37:08 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011/12/10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011/10/28 19:35:28 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011/10/11 15:06:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/10/11 15:06:11 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011/07/22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV:64bit: - [2011/07/12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
DRV:64bit: - [2011/05/10 07:06:14 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011/05/10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/09/03 07:59:26 | 000,349,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/06/22 02:07:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
Hosts file not found
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Corel Photo Downloader] C:\Program Files (x86)\Corel\Corel Snapfire\Corel Photo Downloader.exe (Corel, Inc.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [ICQ] C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files (x86)\ICQ7.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B863EC08-5BA9-4F6F-A3E8-A201DB2FFA90}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FED421C8-E781-4DF8-8530-40B09201897C}: DhcpNameServer = 10.111.81.129 10.129.32.1
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
 
 
SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Lavasoft Ad-Aware Service - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft Limited)
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/01/26 00:29:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/01/25 23:54:29 | 002,058,032 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Blubb\Desktop\tdsskiller.exe
[2012/01/25 13:40:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012/01/24 12:28:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2012/01/24 12:28:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip
[2012/01/24 11:50:44 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Blubb\Desktop\OTL.exe
[2012/01/23 22:48:48 | 000,069,376 | ---- | C] (Lavasoft AB) -- C:\Windows\SysNative\drivers\Lbd.sys
[2012/01/23 22:48:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2012/01/23 22:48:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavasoft
[2012/01/23 19:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2012/01/23 19:15:37 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2012/01/23 19:15:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2012/01/23 19:15:37 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2012/01/23 14:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2012/01/23 01:15:22 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Roaming\SUPERAntiSpyware.com
[2012/01/23 01:15:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012/01/23 01:15:09 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012/01/23 01:15:09 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012/01/22 21:11:11 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Roaming\Avira
[2012/01/22 21:11:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012/01/22 21:10:54 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/01/22 21:10:54 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/01/22 21:10:54 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012/01/22 21:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012/01/22 21:10:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012/01/11 22:00:31 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012/01/06 22:07:58 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012/01/05 16:08:07 | 000,000,000 | ---D | C] -- C:\ProgramData\PDFC
[2012/01/03 23:00:46 | 000,000,000 | ---D | C] -- C:\Users\Blubb\Documents\FILSHtray
[2012/01/03 23:00:46 | 000,000,000 | ---D | C] -- C:\Users\Blubb\AppData\Local\FILSH_Media_GmbH
[2011/12/29 17:19:32 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2011/12/29 17:12:35 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/12/29 17:12:35 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/12/29 17:12:35 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/12/29 17:12:30 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/12/29 17:12:27 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/29 01:33:07 | 000,000,000 | ---D | C] -- C:\_OTL
 
========== Files - Modified Within 30 Days ==========
 
[2012/01/26 20:47:19 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/01/26 20:47:19 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/01/26 20:44:11 | 000,839,856 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/01/26 20:44:11 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/01/26 20:44:11 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/01/26 20:44:11 | 000,004,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/01/26 20:44:11 | 000,004,062 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/01/26 20:39:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/01/26 20:39:25 | 429,191,167 | -HS- | M] () -- C:\hiberfil.sys
[2012/01/25 23:54:29 | 002,058,032 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Blubb\Desktop\tdsskiller.exe
[2012/01/24 12:38:14 | 000,046,962 | ---- | M] () -- C:\Users\Blubb\Documents\otl2.7z
[2012/01/24 12:29:25 | 000,073,726 | ---- | M] () -- C:\Users\Blubb\Desktop\OTL.rar
[2012/01/24 11:50:44 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Blubb\Desktop\OTL.exe
[2012/01/24 11:50:33 | 000,050,477 | ---- | M] () -- C:\Users\Blubb\Desktop\Defogger.exe
[2012/01/24 11:41:34 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/01/24 11:41:33 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012/01/23 22:51:45 | 000,016,432 | ---- | M] () -- C:\Windows\SysNative\lsdelete.exe
[2012/01/23 22:48:49 | 000,001,022 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2012/01/23 19:15:56 | 000,001,745 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/23 19:12:39 | 000,002,491 | ---- | M] () -- C:\Users\Public\Desktop\Safari.lnk
[2012/01/23 14:31:44 | 000,016,150 | ---- | M] () -- C:\Users\Blubb\Desktop\term.odt
[2012/01/23 14:06:39 | 000,001,224 | ---- | M] () -- C:\Users\Blubb\Desktop\Spybot - Search & Destroy.lnk
[2012/01/23 13:37:08 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/01/23 01:15:11 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/22 21:11:02 | 000,002,032 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/01/21 20:34:12 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBlubb.job
[2012/01/08 18:11:01 | 000,000,052 | ---- | M] () -- C:\Windows\SysNative\ashttpstats.csv
[2012/01/08 12:00:56 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012/01/08 12:00:56 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012/01/05 02:04:02 | 000,000,344 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForBLUBB-NEU$.job
[2011/12/29 19:45:39 | 001,589,442 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/12/28 20:53:35 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011/12/28 16:28:52 | 000,055,384 | ---- | M] (Sunbelt Software) -- C:\Windows\SysNative\drivers\SBREDrv.sys
 
========== Files Created - No Company Name ==========
 
[2012/01/24 12:37:16 | 000,046,962 | ---- | C] () -- C:\Users\Blubb\Documents\otl2.7z
[2012/01/24 12:29:25 | 000,073,726 | ---- | C] () -- C:\Users\Blubb\Desktop\OTL.rar
[2012/01/24 11:50:33 | 000,050,477 | ---- | C] () -- C:\Users\Blubb\Desktop\Defogger.exe
[2012/01/24 11:41:34 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012/01/24 11:41:33 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012/01/24 00:21:10 | 000,016,432 | ---- | C] () -- C:\Windows\SysNative\lsdelete.exe
[2012/01/23 22:48:49 | 000,001,022 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2012/01/23 19:15:56 | 000,001,745 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2012/01/23 14:06:39 | 000,001,224 | ---- | C] () -- C:\Users\Blubb\Desktop\Spybot - Search & Destroy.lnk
[2012/01/23 01:15:11 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012/01/22 21:11:02 | 000,002,032 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011/12/30 20:02:46 | 000,016,150 | ---- | C] () -- C:\Users\Blubb\Desktop\term.odt
[2011/12/29 17:12:35 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2011/12/29 17:12:35 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2011/12/29 17:12:35 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/12/29 17:12:35 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/12/29 17:12:35 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/12/28 20:53:35 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2011/12/27 02:10:39 | 000,003,584 | ---- | C] () -- C:\Users\Blubb\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/08/17 17:21:54 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2011/08/17 17:21:48 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2011/07/08 20:28:06 | 000,000,020 | ---- | C] () -- C:\Windows\mafosav.INI
[2011/06/10 14:25:13 | 000,001,854 | ---- | C] () -- C:\Users\Blubb\AppData\Roaming\GhostObjGAFix.xml
[2011/05/29 03:43:33 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011/05/29 03:43:33 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011/04/22 16:27:42 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/04/21 16:42:01 | 000,000,121 | ---- | C] () -- C:\Windows\bdagent.INI
[2011/04/21 15:57:48 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011/04/06 04:32:35 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
[2010/09/21 18:30:44 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL
[2009/07/14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009/07/14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009/07/14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009/07/14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2011/04/23 20:45:59 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Amazon
[2011/05/18 20:02:10 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\BitDefender
[2012/01/13 21:15:14 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Canon
[2011/12/07 21:31:54 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Dropbox
[2011/10/06 02:02:19 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\FreeHideIP
[2012/01/26 03:17:56 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\ICQ
[2011/10/21 21:48:38 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Origin
[2011/04/21 16:06:39 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\PictureMover
[2011/07/08 20:15:32 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Systweak
[2011/10/21 14:02:15 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\WinBatch
[2012/01/26 20:39:36 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012/01/07 01:25:06 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Adobe
[2011/04/23 20:45:59 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Amazon
[2012/01/23 23:10:25 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Apple Computer
[2012/01/22 21:11:11 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Avira
[2011/05/18 20:02:10 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\BitDefender
[2011/08/17 17:22:56 | 000,000,000 | R--D | M] -- C:\Users\Blubb\AppData\Roaming\Brother
[2012/01/13 21:15:14 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Canon
[2012/01/18 02:11:33 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Corel
[2011/05/14 19:15:17 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\CyberLink
[2011/12/07 21:31:54 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Dropbox
[2011/10/06 02:02:19 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\FreeHideIP
[2011/10/21 13:57:31 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Hewlett-Packard
[2012/01/20 13:32:39 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\HP Support Assistant
[2011/10/21 14:04:11 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\hpqLog
[2012/01/20 13:32:39 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\HpUpdate
[2012/01/26 03:17:56 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\ICQ
[2011/04/21 16:05:24 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Identities
[2011/08/17 17:21:00 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\InstallShield
[2011/04/21 16:05:39 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Intel Corporation
[2011/04/06 04:37:02 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Macromedia
[2011/05/30 02:30:16 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Malwarebytes
[2009/07/14 08:44:38 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Media Center Programs
[2012/01/23 22:27:30 | 000,000,000 | --SD | M] -- C:\Users\Blubb\AppData\Roaming\Microsoft
[2011/05/27 15:30:06 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Mozilla
[2011/10/21 21:48:38 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Origin
[2011/04/21 16:06:39 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\PictureMover
[2012/01/23 14:25:26 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Skype
[2012/01/23 01:15:22 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\SUPERAntiSpyware.com
[2011/07/08 20:15:32 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\Systweak
[2011/10/21 14:02:15 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\WinBatch
[2011/04/22 15:46:12 | 000,000,000 | ---D | M] -- C:\Users\Blubb\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2011/04/21 18:14:13 | 000,010,134 | R--- | M] () -- C:\Users\Blubb\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20776_none_39c28c74544f69e8\atapi.sys
[2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2008/06/06 22:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\swsetup\DRV\Storage\Intel\RST\9.6\x64\iaStor.sys
[2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\drivers\iaStor.sys
[2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys
[2010/03/04 03:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_d73865c94450cce1\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011/04/06 05:08:57 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2011/04/06 05:08:57 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011/04/06 05:08:57 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011/04/06 05:08:57 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\ERDNT\cache86\user32.dll
[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\ERDNT\cache64\user32.dll
[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\ERDNT\cache64\wininit.exe
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\ERDNT\cache86\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2011/04/06 05:04:20 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2011/12/24 17:50:20 | 000,182,856 | ---- | M] () MD5=B382935AB01B27D0E14F267DBF288896 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2011/04/06 05:04:20 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<           >

< End of report >

cosinus · 26.01.2012, 22:15

Hm, ich seh da so nichts Ungewöhnliches, bis auf dass er das HOST File nicht lesen kann

aber das kann auch was anderes sein

Du hast das Problem nur mit dem IE? Du hast ihn mal komplett resetet?

interaktion · 26.01.2012, 22:56

Ja, nur mit IE...

Ja, reset hatte ich schon versucht. Kanns aber auch nochmal versuchen.

Das HOST-File hatte ich gelöscht, das hat sich irgendwie nicht neu generiert...

Edit: Hab den IE nochmal resettet... Hat nichts gebracht...

Hatte ihn ja auch schon mal deinstalliert und neu installiert. Hatte ebenso wenig irgendetwas gebracht...

wie weiter?

cosinus · 27.01.2012, 10:28

Zitat:

Das HOST-File hatte ich gelöscht, das hat sich irgendwie nicht neu generiert...

Einfach löschen ist keine gute Idee...
Das dürfte aber kein Grund für einen spinnenden IE sein. Die genaue Ursache ist noch unklar.
Mach mal ein Log mit CF, das bitte falls noch vorhanden auf dem Desktop neu runterladen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

interaktion · 27.01.2012, 14:22

Musste das Log zerstückeln, da zu groß und zippen + hochladen geht ja nicht...

Teil 1:

Code:

ATTFilter

ComboFix 12-01-27.01 - Blubb 27.01.2012  13:55:54.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.6007.4307 [GMT 1:00]
ausgeführt von:: c:\users\Blubb\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\ipconfig.txt
c:\windows\system32\java.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-12-27 bis 2012-01-27  ))))))))))))))))))))))))))))))
.
.
2012-01-27 13:00 . 2012-01-27 13:00	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-01-27 12:12 . 2012-01-27 12:12	69000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8D89D4E-355B-4FB0-BE4C-CA2E1849F3A9}\offreg.dll
2012-01-26 22:17 . 2012-01-26 22:17	525544	----a-w-	c:\windows\system32\deployJava1.dll
2012-01-26 22:17 . 2012-01-26 22:17	--------	d-----w-	c:\program files\Java
2012-01-25 23:29 . 2012-01-25 23:29	--------	d-----w-	c:\program files (x86)\Common Files\Java
2012-01-25 12:40 . 2012-01-25 12:40	--------	d-----w-	c:\program files (x86)\ESET
2012-01-24 22:05 . 2012-01-06 05:15	8602168	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{A8D89D4E-355B-4FB0-BE4C-CA2E1849F3A9}\mpengine.dll
2012-01-24 11:28 . 2012-01-24 11:28	--------	d-----w-	c:\program files (x86)\7-Zip
2012-01-24 10:43 . 2012-01-24 10:43	--------	d-----w-	c:\windows\SysWow64\wbem\en-US
2012-01-24 10:43 . 2012-01-24 10:43	--------	d-----w-	c:\windows\system32\wbem\en-US
2012-01-23 18:15 . 2012-01-23 18:15	--------	d-----w-	c:\program files\iTunes
2012-01-23 18:15 . 2012-01-23 18:15	--------	d-----w-	c:\program files (x86)\iTunes
2012-01-23 18:15 . 2012-01-23 18:15	--------	d-----w-	c:\program files\iPod
2012-01-23 00:15 . 2012-01-23 00:15	--------	d-----w-	c:\users\Blubb\AppData\Roaming\SUPERAntiSpyware.com
2012-01-23 00:15 . 2012-01-23 00:15	--------	d-----w-	c:\program files\SUPERAntiSpyware
2012-01-23 00:15 . 2012-01-23 00:15	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2012-01-22 20:11 . 2012-01-22 20:11	--------	d-----w-	c:\users\Blubb\AppData\Roaming\Avira
2012-01-22 20:10 . 2012-01-23 12:37	130760	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-01-22 20:10 . 2011-10-11 14:06	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-01-22 20:10 . 2011-10-11 14:06	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-01-22 20:10 . 2012-01-22 20:10	--------	d-----w-	c:\programdata\Avira
2012-01-22 20:10 . 2012-01-22 20:10	--------	d-----w-	c:\program files (x86)\Avira
2012-01-11 21:00 . 2012-01-11 21:00	--------	d-----w-	c:\windows\Sun
2012-01-11 12:13 . 2011-10-26 05:25	1572864	----a-w-	c:\windows\system32\quartz.dll
2012-01-11 12:13 . 2011-10-26 05:25	366592	----a-w-	c:\windows\system32\qdvd.dll
2012-01-11 12:13 . 2011-10-26 04:32	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2012-01-11 12:13 . 2011-10-26 04:32	1328128	----a-w-	c:\windows\SysWow64\quartz.dll
2012-01-11 12:13 . 2011-11-17 06:41	1731920	----a-w-	c:\windows\system32\ntdll.dll
2012-01-11 12:13 . 2011-11-17 05:38	1292080	----a-w-	c:\windows\SysWow64\ntdll.dll
2012-01-11 12:13 . 2011-11-19 14:58	77312	----a-w-	c:\windows\system32\packager.dll
2012-01-11 12:13 . 2011-11-19 14:01	67072	----a-w-	c:\windows\SysWow64\packager.dll
2012-01-06 21:07 . 2012-01-08 17:17	--------	d-----w-	c:\programdata\SecTaskMan
2012-01-05 15:08 . 2012-01-05 15:08	--------	d-----w-	c:\programdata\PDFC
2012-01-03 22:00 . 2012-01-03 22:00	--------	d-----w-	c:\users\Blubb\AppData\Local\FILSH_Media_GmbH
2012-01-03 13:10 . 2012-01-03 13:10	182672	----a-w-	c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
2011-12-29 00:33 . 2011-12-29 00:33	--------	d-----w-	C:\_OTL
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-25 23:28 . 2011-05-19 19:11	472808	----a-w-	c:\windows\SysWow64\deployJava1.dll
2011-12-28 15:28 . 2011-05-29 02:41	55384	----a-w-	c:\windows\system32\drivers\SBREDrv.sys
2011-12-26 22:06 . 2011-12-26 22:06	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-12-10 14:24 . 2011-05-30 01:30	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-12-10 11:53 . 2011-05-20 18:13	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 04:52 . 2011-12-14 23:31	3145216	----a-w-	c:\windows\system32\win32k.sys
2011-11-15 13:29 . 2011-04-21 15:15	270720	------w-	c:\windows\system32\MpSigStub.exe
2011-11-05 05:32 . 2011-12-14 23:33	2048	----a-w-	c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 23:33	2048	----a-w-	c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-12-29_16.19.37   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-06-11 00:58 . 2011-06-11 00:58	51024              c:\windows\SysWOW64\vcomp100.dll
- 2011-01-07 13:39 . 2011-01-07 13:39	51024              c:\windows\SysWOW64\vcomp100.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	76800              c:\windows\SysWOW64\SetIEInstalledDate.exe
+ 2012-01-24 10:41 . 2012-01-24 10:41	76800              c:\windows\SysWOW64\SetIEInstalledDate.exe
- 2011-05-30 02:17 . 2011-05-30 02:17	74752              c:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2012-01-24 10:41 . 2012-01-24 10:41	74752              c:\windows\SysWOW64\RegisterIEPKEYs.exe
+ 2012-01-24 10:41 . 2012-01-24 10:41	54272              c:\windows\SysWOW64\pngfilt.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	54272              c:\windows\SysWOW64\pngfilt.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	48640              c:\windows\SysWOW64\mshtmler.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	48640              c:\windows\SysWOW64\mshtmler.dll
- 2011-12-14 23:35 . 2011-11-03 22:32	72704              c:\windows\SysWOW64\mshtmled.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	72704              c:\windows\SysWOW64\mshtmled.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	11776              c:\windows\SysWOW64\mshta.exe
- 2011-05-30 02:17 . 2011-05-30 02:17	11776              c:\windows\SysWOW64\mshta.exe
- 2011-05-30 02:17 . 2011-05-30 02:17	10752              c:\windows\SysWOW64\msfeedssync.exe
+ 2012-01-24 10:41 . 2012-01-24 10:41	10752              c:\windows\SysWOW64\msfeedssync.exe
- 2011-05-30 02:17 . 2011-05-30 02:17	41472              c:\windows\SysWOW64\msfeedsbs.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	41472              c:\windows\SysWOW64\msfeedsbs.dll
- 2011-12-14 23:34 . 2011-11-03 22:37	66048              c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	66048              c:\windows\SysWOW64\migration\WininetPlugin.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58	81744              c:\windows\SysWOW64\mfcm100u.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58	81744              c:\windows\SysWOW64\mfcm100.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58	60752              c:\windows\SysWOW64\mfc100rus.dll
- 2011-01-07 13:39 . 2011-01-07 13:39	60752              c:\windows\SysWOW64\mfc100rus.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58	43344              c:\windows\SysWOW64\mfc100kor.dll
- 2011-01-07 13:39 . 2011-01-07 13:39	43344              c:\windows\SysWOW64\mfc100kor.dll
- 2011-01-07 13:39 . 2011-01-07 13:39	43856              c:\windows\SysWOW64\mfc100jpn.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58	43856              c:\windows\SysWOW64\mfc100jpn.dll
- 2011-01-07 13:39 . 2011-01-07 13:39	62288              c:\windows\SysWOW64\mfc100ita.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58	62288              c:\windows\SysWOW64\mfc100ita.dll
- 2011-01-07 13:39 . 2011-01-07 13:39	64336              c:\windows\SysWOW64\mfc100fra.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58	64336              c:\windows\SysWOW64\mfc100fra.dll
- 2011-01-07 13:39 . 2011-01-07 13:39	63824              c:\windows\SysWOW64\mfc100esn.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58	63824              c:\windows\SysWOW64\mfc100esn.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58	55120              c:\windows\SysWOW64\mfc100enu.dll
- 2011-01-07 13:39 . 2011-01-07 13:39	55120              c:\windows\SysWOW64\mfc100enu.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58	64336              c:\windows\SysWOW64\mfc100deu.dll
- 2011-01-07 13:39 . 2011-01-07 13:39	64336              c:\windows\SysWOW64\mfc100deu.dll
- 2011-01-07 13:39 . 2011-01-07 13:39	36176              c:\windows\SysWOW64\mfc100cht.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58	36176              c:\windows\SysWOW64\mfc100cht.dll
- 2011-01-07 13:39 . 2011-01-07 13:39	36176              c:\windows\SysWOW64\mfc100chs.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58	36176              c:\windows\SysWOW64\mfc100chs.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	23552              c:\windows\SysWOW64\licmgr10.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	23552              c:\windows\SysWOW64\licmgr10.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	65024              c:\windows\SysWOW64\jsproxy.dll
- 2011-12-14 23:34 . 2011-11-03 22:37	65024              c:\windows\SysWOW64\jsproxy.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	78848              c:\windows\SysWOW64\inseng.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	78848              c:\windows\SysWOW64\inseng.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	35840              c:\windows\SysWOW64\imgutil.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	35840              c:\windows\SysWOW64\imgutil.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	86528              c:\windows\SysWOW64\iesysprep.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	86528              c:\windows\SysWOW64\iesysprep.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	74752              c:\windows\SysWOW64\iesetup.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	74752              c:\windows\SysWOW64\iesetup.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	31744              c:\windows\SysWOW64\iernonce.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	31744              c:\windows\SysWOW64\iernonce.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	74240              c:\windows\SysWOW64\ie4uinit.exe
+ 2012-01-24 10:41 . 2012-01-24 10:41	74240              c:\windows\SysWOW64\ie4uinit.exe
+ 2012-01-24 10:41 . 2012-01-24 10:41	66048              c:\windows\SysWOW64\icardie.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	66048              c:\windows\SysWOW64\icardie.dll
+ 2011-05-29 12:59 . 2012-01-27 12:11	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2011-05-29 12:59 . 2011-12-29 13:10	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2011-12-29 13:10	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-27 12:11	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-27 12:11	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-29 13:10	32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-29 13:10	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-27 12:11	16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-21 15:46 . 2012-01-27 12:04	56274              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-27 12:04	39486              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-04-21 14:59 . 2012-01-27 12:04	17752              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3701193968-2768520944-2608497257-1000_UserData.bin
+ 2012-01-24 10:41 . 2012-01-24 10:41	91648              c:\windows\system32\SetIEInstalledDate.exe
- 2011-05-30 02:17 . 2011-05-30 02:17	91648              c:\windows\system32\SetIEInstalledDate.exe
+ 2012-01-24 10:41 . 2012-01-24 10:41	89088              c:\windows\system32\RegisterIEPKEYs.exe
- 2011-05-30 02:17 . 2011-05-30 02:17	89088              c:\windows\system32\RegisterIEPKEYs.exe
+ 2012-01-24 10:41 . 2012-01-24 10:41	65024              c:\windows\system32\pngfilt.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	65024              c:\windows\system32\pngfilt.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	48640              c:\windows\system32\mshtmler.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	48640              c:\windows\system32\mshtmler.dll
- 2011-12-14 23:35 . 2011-11-04 01:35	96256              c:\windows\system32\mshtmled.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	96256              c:\windows\system32\mshtmled.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	12288              c:\windows\system32\mshta.exe
- 2011-05-30 02:17 . 2011-05-30 02:17	12288              c:\windows\system32\mshta.exe
+ 2012-01-24 10:41 . 2012-01-24 10:41	10752              c:\windows\system32\msfeedssync.exe
- 2011-05-30 02:17 . 2011-05-30 02:17	10752              c:\windows\system32\msfeedssync.exe
- 2011-05-30 02:17 . 2011-05-30 02:17	55296              c:\windows\system32\msfeedsbs.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	55296              c:\windows\system32\msfeedsbs.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	86528              c:\windows\system32\migration\WininetPlugin.dll
- 2011-12-14 23:34 . 2011-11-04 01:41	86528              c:\windows\system32\migration\WininetPlugin.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	30720              c:\windows\system32\licmgr10.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	30720              c:\windows\system32\licmgr10.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	85504              c:\windows\system32\jsproxy.dll
- 2011-12-14 23:35 . 2011-11-04 01:41	85504              c:\windows\system32\jsproxy.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	49664              c:\windows\system32\imgutil.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	49664              c:\windows\system32\imgutil.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	85504              c:\windows\system32\iesetup.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	85504              c:\windows\system32\iesetup.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	39936              c:\windows\system32\iernonce.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	39936              c:\windows\system32\iernonce.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	89088              c:\windows\system32\ie4uinit.exe
- 2011-05-30 02:17 . 2011-05-30 02:17	89088              c:\windows\system32\ie4uinit.exe
- 2011-05-30 02:17 . 2011-05-30 02:17	82432              c:\windows\system32\icardie.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	82432              c:\windows\system32\icardie.dll
+ 2009-07-14 05:30 . 2012-01-23 18:14	86016              c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2011-12-02 22:20	86016              c:\windows\system32\DriverStore\infpub.dat
+ 2011-04-21 23:53 . 2012-01-27 12:10	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-21 23:53 . 2011-12-29 13:18	16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-05 21:53 . 2012-01-27 12:10	49152              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-29 13:18	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-27 12:10	16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-17 12:07 . 2011-09-17 12:12	16384              c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2011-09-17 12:07 . 2012-01-11 12:34	16384              c:\windows\system32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2011-04-21 15:06 . 2012-01-27 12:00	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-21 15:06 . 2011-12-29 16:19	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:46 . 2012-01-24 11:39	91888              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2009-07-14 04:46 . 2011-12-28 22:56	91888              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
- 2011-05-25 05:01 . 2011-05-29 17:55	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2011-05-25 05:01 . 2012-01-24 10:28	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2011-05-25 05:01 . 2011-05-29 17:55	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2011-05-25 05:01 . 2012-01-24 10:28	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\History\History.IE5\index.dat
- 2011-05-25 05:01 . 2011-05-29 17:55	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
+ 2011-05-25 05:01 . 2012-01-24 10:28	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Temp\Cookies\index.dat
- 2011-04-21 15:06 . 2011-12-29 16:19	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-04-21 15:06 . 2012-01-27 12:00	32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-04-21 15:06 . 2011-12-29 16:19	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-21 15:06 . 2012-01-27 12:00	16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-21 15:06 . 2012-01-24 10:28	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-21 15:06 . 2011-12-15 18:24	16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-04-21 15:06 . 2011-08-29 22:33	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-04-21 15:06 . 2012-01-24 10:28	16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-12-26 04:18 . 2011-12-26 04:18	16656              c:\windows\Microsoft.NET\Framework64\v4.0.30319\webengine.dll
+ 2011-12-26 04:18 . 2011-12-26 04:18	41744              c:\windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_wp.exe
+ 2011-12-29 18:38 . 2011-12-25 20:40	43280              c:\windows\Microsoft.NET\Framework64\v2.0.50727\aspnet_wp.exe
+ 2011-12-26 02:54 . 2011-12-26 02:54	15120              c:\windows\Microsoft.NET\Framework\v4.0.30319\webengine.dll
+ 2011-12-26 02:54 . 2011-12-26 02:54	33552              c:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_wp.exe
+ 2011-12-29 18:38 . 2011-12-25 20:42	31504              c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2011-12-29 18:45 . 2011-12-29 18:45	97624              c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
- 2011-09-17 12:14 . 2011-09-17 12:14	97624              c:\windows\Microsoft.NET\assembly\GAC_MSIL\XamlBuildTask\v4.0_4.0.0.0__31bf3856ad364e35\XamlBuildTask.dll
+ 2011-12-29 18:43 . 2011-12-29 18:43	87408              c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
- 2011-10-12 18:03 . 2011-10-12 18:03	87408              c:\windows\Microsoft.NET\assembly\GAC_MSIL\WindowsFormsIntegration\v4.0_4.0.0.0__31bf3856ad364e35\WindowsFormsIntegration.dll
+ 2011-12-29 18:43 . 2011-12-29 18:43	93024              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-10-12 18:03 . 2011-10-12 18:03	93024              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationTypes\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll
- 2011-10-12 18:03 . 2011-10-12 18:03	35688              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2011-12-29 18:43 . 2011-12-29 18:43	35688              c:\windows\Microsoft.NET\assembly\GAC_MSIL\UIAutomationProvider\v4.0_4.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll
+ 2011-12-29 18:43 . 2011-12-29 18:43	11120              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
- 2011-10-12 18:03 . 2011-10-12 18:03	11120              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xml.Serialization\v4.0_4.0.0.0__b77a5c561934e089\System.Xml.Serialization.dll
+ 2011-12-29 18:45 . 2011-12-29 18:45	29544              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
- 2011-09-17 12:14 . 2011-09-17 12:14	29544              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Xaml.Hosting\v4.0_4.0.0.0__31bf3856ad364e35\System.Xaml.Hosting.dll
+ 2011-12-29 18:43 . 2011-12-29 18:43	17784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-10-12 18:03 . 2011-10-12 18:03	17784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Presentation\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Presentation.dll
- 2011-10-12 18:03 . 2011-10-12 18:03	58240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2011-12-29 18:43 . 2011-12-29 18:43	58240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Input.Manipulations\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Input.Manipulations.dll
+ 2011-12-29 18:45 . 2011-12-29 18:45	70040              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
- 2011-09-17 12:14 . 2011-09-17 12:14	70040              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Windows.Forms.DataVisualization.Design.dll
- 2011-09-17 12:14 . 2011-09-17 12:14	24928              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
+ 2011-12-29 18:45 . 2011-12-29 18:45	24928              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Routing\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Routing.dll
- 2011-09-17 12:14 . 2011-09-17 12:14	81272              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-12-29 18:45 . 2011-12-29 18:45	81272              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.RegularExpressions\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2011-09-17 12:14 . 2011-09-17 12:14	33144              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
+ 2011-12-29 18:45 . 2011-12-29 18:45	33144              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DynamicData.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DynamicData.Design.dll
- 2011-09-17 12:14 . 2011-09-17 12:14	93576              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
+ 2011-12-29 18:45 . 2011-12-29 18:45	93576              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.DataVisualization.Design\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.DataVisualization.Design.dll
+ 2011-12-29 18:43 . 2011-12-29 18:43	44920              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2011-10-12 18:03 . 2011-10-12 18:03	44920              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.ApplicationServices\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.ApplicationServices.dll
- 2011-09-17 12:14 . 2011-09-17 12:14	24944              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
+ 2011-12-29 18:45 . 2011-12-29 18:45	24944              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Abstractions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Abstractions.dll
- 2011-09-17 12:14 . 2011-09-17 12:14	28024              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
+ 2011-12-29 18:45 . 2011-12-29 18:45	28024              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.WasHosting\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.WasHosting.dll
- 2011-09-17 12:14 . 2011-09-17 12:14	12168              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
+ 2011-12-29 18:45 . 2011-12-29 18:45	12168              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.ServiceMoniker40\v4.0_4.0.0.0__b77a5c561934e089\System.ServiceModel.ServiceMoniker40.dll
- 2011-10-12 18:03 . 2011-10-12 18:03	37240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2011-12-29 18:43 . 2011-12-29 18:43	37240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ServiceModel.Channels\v4.0_4.0.0.0__31bf3856ad364e35\System.ServiceModel.Channels.dll
+ 2011-12-29 18:45 . 2011-12-29 18:45	98152              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
- 2011-09-17 12:14 . 2011-09-17 12:14	98152              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Caching\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Runtime.Caching.dll
+ 2011-12-29 18:43 . 2011-12-29 18:43	64352              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
- 2011-10-12 18:03 . 2011-10-12 18:03	64352              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Numerics\v4.0_4.0.0.0__b77a5c561934e089\System.Numerics.dll
+ 2011-12-29 18:45 . 2011-12-29 18:45	86888              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-09-17 12:14 . 2011-09-17 12:14	86888              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing.Design\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2011-10-12 18:03 . 2011-10-12 18:03	51032              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
+ 2011-12-29 18:43 . 2011-12-29 18:43	51032              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Device\v4.0_4.0.0.0__b77a5c561934e089\System.Device.dll
- 2011-10-12 18:03 . 2011-10-12 18:03	50552              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
+ 2011-12-29 18:43 . 2011-12-29 18:43	50552              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Data.DataSetExtensions\v4.0_4.0.0.0__b77a5c561934e089\System.Data.DataSetExtensions.dll
- 2011-10-12 18:03 . 2011-10-12 18:03	81784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-12-29 18:42 . 2011-12-29 18:42	81784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.Configuration.Install\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2011-10-12 18:03 . 2011-10-12 18:03	81800              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
+ 2011-12-29 18:43 . 2011-12-29 18:43	81800              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.ComponentModel.DataAnnotations\v4.0_4.0.0.0__31bf3856ad364e35\System.ComponentModel.DataAnnotations.dll
- 2011-10-12 18:03 . 2011-10-12 18:03	39784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2011-12-29 18:43 . 2011-12-29 18:43	39784              c:\windows\Microsoft.NET\assembly\GAC_MSIL\System.AddIn.Contract\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.AddIn.Contract.dll
+ 2011-12-29 18:43 . 2011-12-29 18:43	68952              c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
- 2011-10-12 18:03 . 2011-10-12 18:03	68952              c:\windows\Microsoft.NET\assembly\GAC_MSIL\SMDiagnostics\v4.0_4.0.0.0__b77a5c561934e089\SMDiagnostics.dll
+ 2011-12-29 18:45 . 2011-12-29 18:45	21880              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
- 2011-09-17 12:14 . 2011-09-17 12:14	21880              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Workflow.Compiler.exe
- 2011-10-12 18:03 . 2011-10-12 18:03	62880              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
+ 2011-12-29 18:43 . 2011-12-29 18:43	62880              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Windows.ApplicationServer.Applications\v4.0_4.0.0.0__31bf3856ad364e35\Microsoft.Windows.ApplicationServer.Applications.dll
- 2011-10-12 18:03 . 2011-10-12 18:03	12128              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2011-12-29 18:42 . 2011-12-29 18:42	12128              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2011-09-17 12:14 . 2011-09-17 12:14	40304              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
+ 2011-12-29 18:45 . 2011-12-29 18:45	40304              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualC.STLCLR\v4.0_2.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.STLCLR.dll
- 2011-10-12 18:03 . 2011-10-12 18:03	97680              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2011-12-29 18:43 . 2011-12-29 18:43	97680              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2011-09-17 12:14 . 2011-09-17 12:14	67968              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
+ 2011-12-29 18:45 . 2011-12-29 18:45	67968              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Build.Conversion.v4.0\v4.0_4.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Conversion.v4.0.dll
+ 2011-12-29 18:42 . 2011-12-29 18:42	17240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2011-10-12 18:03 . 2011-10-12 18:03	17240              c:\windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-12-29 18:42 . 2011-12-29 18:42	94552              c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2011-10-12 18:03 . 2011-10-12 18:03	94552              c:\windows\Microsoft.NET\assembly\GAC_64\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-12-29 18:42 . 2011-12-29 18:42	91488              c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-10-12 18:03 . 2011-10-12 18:03	91488              c:\windows\Microsoft.NET\assembly\GAC_64\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-10-12 18:02 . 2011-10-12 18:02	78168              c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-12-29 18:41 . 2011-12-29 18:41	78168              c:\windows\Microsoft.NET\assembly\GAC_32\ISymWrapper\v4.0_4.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-12-29 18:41 . 2011-12-29 18:41	81248              c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
- 2011-10-12 18:03 . 2011-10-12 18:03	81248              c:\windows\Microsoft.NET\assembly\GAC_32\CustomMarshalers\v4.0_4.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-12-27 00:43 . 2012-01-11 12:34	34144              c:\windows\Installer\{90140000-0012-0000-1000-0000000FF1CE}\oisicon.exe
- 2011-12-27 00:43 . 2011-12-27 16:18	34144              c:\windows\Installer\{90140000-0012-0000-1000-0000000FF1CE}\oisicon.exe
+ 2011-12-27 00:43 . 2012-01-11 12:34	42848              c:\windows\Installer\{90140000-0012-0000-1000-0000000FF1CE}\msouc.exe
- 2011-12-27 00:43 . 2011-12-27 16:18	42848              c:\windows\Installer\{90140000-0012-0000-1000-0000000FF1CE}\msouc.exe
+ 2011-12-27 00:43 . 2012-01-11 12:34	19296              c:\windows\Installer\{90140000-0012-0000-1000-0000000FF1CE}\cagicon.exe
- 2011-12-27 00:43 . 2011-12-27 16:18	19296              c:\windows\Installer\{90140000-0012-0000-1000-0000000FF1CE}\cagicon.exe
+ 2011-06-06 10:55 . 2011-06-06 10:55	64952              c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA71301B744AA0100000010\10.1.0\armsvc.exe
+ 2011-11-01 22:26 . 2011-11-01 22:26	53608              c:\windows\Installer\$PatchCache$\Managed\2E666343950ACA84DA7632B07FE4D22B\2.1.6\pthreadVC2.dll
+ 2011-11-01 22:25 . 2011-11-01 22:25	17256              c:\windows\Installer\$PatchCache$\Managed\2E666343950ACA84DA7632B07FE4D22B\2.1.6\AppleVersions.dll
+ 2011-12-29 22:15 . 2011-12-29 22:15	70656              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Xaml.Hosting\53a04d67925ebd229e6b1abd7856b774\System.Xaml.Hosting.ni.dll
+ 2011-12-29 22:15 . 2011-12-29 22:15	53760              c:\windows\assembly\NativeImages_v4.0.30319_64\System.Web.DynamicD#\a9f5d739951335baf2cea57a4e54fd9c\System.Web.DynamicData.Design.ni.dll
+ 2011-12-29 22:13 . 2011-12-29 22:13	55808              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml.Hosting\5489f3d82b02843c58a4942afd3807e6\System.Xaml.Hosting.ni.dll
+ 2011-12-29 22:13 . 2011-12-29 22:13	46592              c:\windows\assembly\NativeImages_v4.0.30319_32\System.Web.DynamicD#\55b0452fe2e58293dfd0f6e76c69521f\System.Web.DynamicData.Design.ni.dll
+ 2011-12-29 22:14 . 2011-12-29 22:14	54784              c:\windows\assembly\NativeImages_v2.0.50727_64\System.Web.DynamicD#\6c13d7fb161ed4d7da730a70375b07c9\System.Web.DynamicData.Design.ni.dll
+ 2011-12-29 22:12 . 2011-12-29 22:12	36864              c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\94787ab3efcc074396a60ff3d83edf78\System.Web.DynamicData.Design.ni.dll
+ 2011-12-29 21:10 . 2012-01-25 23:04	3032              c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2009-07-14 02:36 . 2012-01-27 12:44	4254              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-27 12:44	4062              c:\windows\system32\perfc009.dat
+ 2012-01-27 12:00 . 2012-01-27 12:00	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-12-29 16:18 . 2011-12-29 16:18	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-27 12:00 . 2012-01-27 12:00	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-29 16:18 . 2011-12-29 16:18	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-24 10:41 . 2012-01-24 10:41	152064              c:\windows\SysWOW64\wextract.exe
- 2011-05-30 02:17 . 2011-05-30 02:17	152064              c:\windows\SysWOW64\wextract.exe
+ 2012-01-24 10:41 . 2012-01-24 10:41	203776              c:\windows\SysWOW64\webcheck.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	203776              c:\windows\SysWOW64\webcheck.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	420864              c:\windows\SysWOW64\vbscript.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	420864              c:\windows\SysWOW64\vbscript.dll
- 2011-12-14 23:35 . 2011-11-03 22:38	231936              c:\windows\SysWOW64\url.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	231936              c:\windows\SysWOW64\url.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	123392              c:\windows\SysWOW64\occache.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	123392              c:\windows\SysWOW64\occache.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58	773968              c:\windows\SysWOW64\msvcr100.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58	421200              c:\windows\SysWOW64\msvcp100.dll
- 2011-01-07 13:39 . 2011-01-07 13:39	421200              c:\windows\SysWOW64\msvcp100.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	162304              c:\windows\SysWOW64\msrating.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	162304              c:\windows\SysWOW64\msrating.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	161792              c:\windows\SysWOW64\msls31.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	161792              c:\windows\SysWOW64\msls31.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	580608              c:\windows\SysWOW64\msfeeds.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	580608              c:\windows\SysWOW64\msfeeds.dll
- 2011-12-14 23:34 . 2011-11-03 22:34	716800              c:\windows\SysWOW64\jscript.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	716800              c:\windows\SysWOW64\jscript.dll
+ 2012-01-25 23:29 . 2012-01-25 23:28	157472              c:\windows\SysWOW64\javaws.exe
- 2011-12-08 20:15 . 2011-12-08 20:15	157472              c:\windows\SysWOW64\javaws.exe
+ 2012-01-25 23:29 . 2012-01-25 23:28	149280              c:\windows\SysWOW64\javaw.exe
+ 2012-01-25 23:29 . 2012-01-25 23:28	149280              c:\windows\SysWOW64\java.exe
- 2011-05-30 02:17 . 2011-05-30 02:17	150528              c:\windows\SysWOW64\iexpress.exe
+ 2012-01-24 10:41 . 2012-01-24 10:41	150528              c:\windows\SysWOW64\iexpress.exe
- 2011-05-30 02:17 . 2011-05-30 02:17	142848              c:\windows\SysWOW64\ieUnatt.exe
+ 2012-01-24 10:41 . 2012-01-24 10:41	142848              c:\windows\SysWOW64\ieUnatt.exe
- 2011-12-14 23:35 . 2011-11-03 22:28	176640              c:\windows\SysWOW64\ieui.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	176640              c:\windows\SysWOW64\ieui.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	118784              c:\windows\SysWOW64\iepeers.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	118784              c:\windows\SysWOW64\iepeers.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	353584              c:\windows\SysWOW64\iedkcs32.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	353584              c:\windows\SysWOW64\iedkcs32.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	434176              c:\windows\SysWOW64\ieapfltr.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	434176              c:\windows\SysWOW64\ieapfltr.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	163840              c:\windows\SysWOW64\ieakui.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	163840              c:\windows\SysWOW64\ieakui.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	227840              c:\windows\SysWOW64\ieaksie.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	227840              c:\windows\SysWOW64\ieaksie.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	130560              c:\windows\SysWOW64\ieakeng.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	130560              c:\windows\SysWOW64\ieakeng.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	110592              c:\windows\SysWOW64\IEAdvpack.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	110592              c:\windows\SysWOW64\IEAdvpack.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	223232              c:\windows\SysWOW64\dxtrans.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	223232              c:\windows\SysWOW64\dxtrans.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	353792              c:\windows\SysWOW64\dxtmsft.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	353792              c:\windows\SysWOW64\dxtmsft.dll
+ 2011-06-11 00:58 . 2011-06-11 00:58	138056              c:\windows\SysWOW64\atl100.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	101888              c:\windows\SysWOW64\admparse.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	101888              c:\windows\SysWOW64\admparse.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	160256              c:\windows\system32\wextract.exe
+ 2012-01-24 10:41 . 2012-01-24 10:41	160256              c:\windows\system32\wextract.exe
- 2011-05-30 02:17 . 2011-05-30 02:17	249344              c:\windows\system32\webcheck.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	249344              c:\windows\system32\webcheck.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	603648              c:\windows\system32\vbscript.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	603648              c:\windows\system32\vbscript.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	237056              c:\windows\system32\url.dll
- 2011-12-14 23:35 . 2011-11-04 01:43	237056              c:\windows\system32\url.dll
- 2011-04-06 03:55 . 2011-12-29 13:14	696620              c:\windows\system32\perfh007.dat
+ 2011-04-06 03:55 . 2012-01-27 12:44	696620              c:\windows\system32\perfh007.dat
+ 2011-04-06 03:55 . 2012-01-27 12:44	147916              c:\windows\system32\perfc007.dat
- 2011-04-06 03:55 . 2011-12-29 13:14	147916              c:\windows\system32\perfc007.dat
- 2011-05-30 02:17 . 2011-05-30 02:17	149504              c:\windows\system32\occache.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	149504              c:\windows\system32\occache.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	197120              c:\windows\system32\msrating.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	197120              c:\windows\system32\msrating.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	222208              c:\windows\system32\msls31.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	222208              c:\windows\system32\msls31.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	697344              c:\windows\system32\msfeeds.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	697344              c:\windows\system32\msfeeds.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	818688              c:\windows\system32\jscript.dll
- 2011-12-14 23:34 . 2011-11-04 01:39	818688              c:\windows\system32\jscript.dll
+ 2012-01-26 22:17 . 2012-01-26 22:17	190752              c:\windows\system32\javaws.exe
+ 2012-01-26 22:17 . 2012-01-26 22:17	172320              c:\windows\system32\javaw.exe
+ 2012-01-24 10:41 . 2012-01-24 10:41	103936              c:\windows\system32\inseng.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	103936              c:\windows\system32\inseng.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	165888              c:\windows\system32\iexpress.exe
- 2011-05-30 02:17 . 2011-05-30 02:17	165888              c:\windows\system32\iexpress.exe
+ 2012-01-24 10:41 . 2012-01-24 10:41	173056              c:\windows\system32\ieUnatt.exe
- 2011-05-30 02:17 . 2011-05-30 02:17	173056              c:\windows\system32\ieUnatt.exe
- 2011-12-14 23:35 . 2011-11-04 01:30	248320              c:\windows\system32\ieui.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	248320              c:\windows\system32\ieui.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	111616              c:\windows\system32\iesysprep.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	111616              c:\windows\system32\iesysprep.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	145920              c:\windows\system32\iepeers.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	145920              c:\windows\system32\iepeers.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	403248              c:\windows\system32\iedkcs32.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	403248              c:\windows\system32\iedkcs32.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	534528              c:\windows\system32\ieapfltr.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	534528              c:\windows\system32\ieapfltr.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	163840              c:\windows\system32\ieakui.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	163840              c:\windows\system32\ieakui.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	267776              c:\windows\system32\ieaksie.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	267776              c:\windows\system32\ieaksie.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	160256              c:\windows\system32\ieakeng.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	160256              c:\windows\system32\ieakeng.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	135168              c:\windows\system32\IEAdvpack.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	135168              c:\windows\system32\IEAdvpack.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	282112              c:\windows\system32\dxtrans.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	282112              c:\windows\system32\dxtrans.dll
+ 2012-01-24 10:41 . 2012-01-24 10:41	452608              c:\windows\system32\dxtmsft.dll
- 2011-05-30 02:17 . 2011-05-30 02:17	452608              c:\windows\system32\dxtmsft.dll

25.01.2012, 10:07	#4
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	http://www2.flirtcafe.de/de/ , Google-Bildersuche funktioniert nicht mehr, Websites laden langsam Ich würde erstmal gern wissen welche Adware denn die Ursache war. In den Logs hab ich nichts mehr gesehen. War da was in den Tiefen der Registry? __________________ Logfiles bitte immer in CODE-Tags posten

26.01.2012, 22:15	#12
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	http://www2.flirtcafe.de/de/ , Google-Bildersuche funktioniert nicht mehr, Websites laden langsam Hm, ich seh da so nichts Ungewöhnliches, bis auf dass er das HOST File nicht lesen kann aber das kann auch was anderes sein Du hast das Problem nur mit dem IE? Du hast ihn mal komplett resetet? __________________ Logfiles bitte immer in CODE-Tags posten

http://www2.flirtcafe.de/de/ , Google-Bildersuche funktioniert nicht mehr, Websites laden langsam

Plagegeister aller Art und deren Bekämpfung: http://www2.flirtcafe.de/de/ , Google-Bildersuche funktioniert nicht mehr, Websites laden langsam