Weiterleitung auf Bigpoint.de - Browser sehr langsam

Neowyn · 02.02.2012, 19:03

Hallo ihr Lieben,

seit ein paar Tagen ist mein Browser sehr langsam, egal ob Firefox oder Internet Explorer. Ich dachte erst es liegt an T-online, aber die sind unschuldig.
Seit mein Browser langsam ist, werde ich oft von spielesite.com zu hxxp://de.bigpoint.com/ weitergeleitet.

Hab schon Antivir durchlaufen lassen, aber der hat nicht gefunden. Gestern hab ich dann mal Spybot SD durchlaufen lassen und der hat auch was gefunden. Ich hab den Fund gelöscht und mich schon gefreut, da mein Browser wieder richtig schnell war und ich nicht mehr auf bigpoint umgeleitet wurde.
Die Freude hielt nur leider bis zum heutigen Start meines Browsers. Schon beim aufrufen von spielesite.com wurde ich ständig auf bigpoint umgeleitet, selbst nach mehrmaligen Neustart des Browsers.

Ich hab keine Ahnung was ich machen soll.

cosinus · 03.02.2012, 14:23

Zitat:

Gestern hab ich dann mal Spybot SD durchlaufen lassen und der hat auch was gefunden.

So eine Info ist nichtssagend, du musst schon posten was wo genau gefunden wurde

Neowyn · 03.02.2012, 18:22

Sorry, hab das Ding einfach gelöscht. Habs aber raus gefunden, was es war

W3i.IQ5.fraud: [SBI $5ADC6E84] Program directory (Directory, nothing done)
C:\Windows\System32\AI_RecycleBin\

Heute hat Spybot das gefunden
MediaPlex: Verfolgender Cookie (Internet Explorer: User) (Cookie, nothing done)

MediaPlex: Verfolgender Cookie (Internet Explorer: User) (Cookie, nothing done)

Heute läuft mein Browser wieder normal, bin auch noch nicht umgeleitet worden.

cosinus · 04.02.2012, 13:35

Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Neowyn · 08.02.2012, 17:29

Hallo,

Malwarebytes habe ich durchlaufen lassen hat aber nicht gefunden, brauch den Bericht ja dann nicht posten.

Eset hat was gefunden hier ist der Log

Code:

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=460e65660419204b9cea4c21233d8bb0
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-08 04:23:36
# local_time=2012-02-08 05:23:36 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 412517 65254681 71317 0
# compatibility_mode=5893 16776573 100 94 4454 80347710 0 0
# compatibility_mode=8192 67108863 100 0 3687 3687 0 0
# scanned=10000
# found=9
# cleaned=0
# scan_time=356
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe	probably a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9	a variant of Win32/Adware.Toolbar.Dealio application (unable to clean)	00000000000000000000000000000000	I

cosinus · 09.02.2012, 11:19

Zitat:

brauch den Bericht ja dann nicht posten.

Doch, egal ob Fund oder kein Fund bitte immer Log posten

Neowyn · 09.02.2012, 17:31

Hier dann noch der Bericht von Malwarebytes

Code:

ATTFilter

Malwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.05.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: User-PC [Administrator]

05.02.2012 18:38:52
mbam-log-2012-02-05 (18-38-52).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 470712
Laufzeit: 1 Stunde(n), 14 Minute(n), 26 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus · 09.02.2012, 21:03

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Neowyn · 10.02.2012, 19:13

Hier ist das OTL-Log

Code:

ATTFilter

OTL logfile created on: 10.02.2012 18:56:42 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\NB\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 65,86% Memory free
8,00 Gb Paging File | 6,63 Gb Available in Paging File | 82,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 420,70 Gb Total Space | 343,85 Gb Free Space | 81,73% Space Free | Partition Type: NTFS
Drive D: | 488,18 Gb Total Space | 468,47 Gb Free Space | 95,96% Space Free | Partition Type: NTFS
Drive E: | 488,28 Gb Total Space | 465,79 Gb Free Space | 95,39% Space Free | Partition Type: NTFS
Drive H: | 279,45 Gb Total Space | 229,26 Gb Free Space | 82,04% Space Free | Partition Type: NTFS
 
Computer Name: NICOLEBUTZ-PC | User Name: NB | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.10 18:39:37 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\NB\Downloads\OTL.exe
PRC - [2012.01.31 13:46:41 | 000,247,968 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil11e_ActiveX.exe
PRC - [2011.12.14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2011.12.13 17:42:08 | 000,922,976 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011.07.02 16:23:49 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.27 18:09:41 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.01.10 14:22:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.08.12 17:45:00 | 000,024,064 | ---- | M] () -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe
PRC - [2007.04.05 10:29:28 | 000,208,896 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Keyboard & Mouse Driver\KMWDSrv.exe
PRC - [2007.04.04 11:30:40 | 000,327,680 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Keyboard & Mouse Driver\KMProcess.exe
PRC - [2007.03.28 00:38:48 | 000,397,312 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Keyboard & Mouse Driver\KMConfig.exe
PRC - [2007.03.06 14:51:14 | 000,212,992 | ---- | M] (UASSOFT.COM) -- C:\Program Files (x86)\Keyboard & Mouse Driver\StartAutorun.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007.03.29 12:17:42 | 000,106,496 | ---- | M] () -- C:\Program Files (x86)\Keyboard & Mouse Driver\keydll.dll
MOD - [2005.05.04 19:12:46 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Keyboard & Mouse Driver\MouseHook.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.01.12 17:32:16 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV:64bit: - [2009.08.18 01:36:20 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2011.12.14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011.07.02 16:23:49 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.04.27 18:09:41 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.03.01 19:30:13 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2011.01.12 17:36:56 | 001,403,200 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.01.12 17:32:10 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.08.12 17:45:00 | 000,024,064 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe -- (OpenVPNAccessClient)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.04.05 10:29:28 | 000,208,896 | ---- | M] (UASSOFT.COM) [Auto | Running] -- C:\Program Files (x86)\Keyboard & Mouse Driver\KMWDSrv.exe -- (KMWDSERVICE)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.11.17 10:38:32 | 000,047,208 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tbhsd.sys -- (tbhsd)
DRV:64bit: - [2011.11.17 10:38:28 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV:64bit: - [2011.11.17 10:38:28 | 000,037,480 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rrnetcap.sys -- (RRNetCap)
DRV:64bit: - [2011.07.02 16:23:49 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.02 16:23:49 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.08.03 16:25:30 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tapoas.sys -- (tapoas)
DRV:64bit: - [2010.05.13 16:48:19 | 000,421,248 | ---- | M] (Illusion & Hope. Porting to AMD64 by Sergey Sakharov.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\BT848.sys -- (BT848) Conexant's BtPCI WDM Video Capture (AMD64)
DRV:64bit: - [2009.11.12 12:48:56 | 000,005,504 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\StarOpen.sys -- (StarOpen)
DRV:64bit: - [2009.08.23 15:02:30 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.08.18 02:48:48 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:02 | 000,120,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\irda.sys -- (irda)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 00:30:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV:64bit: - [2009.04.29 16:28:30 | 000,030,208 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\KMWDFILTER.sys -- (KMWDFILTER)
DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008.01.19 06:36:12 | 000,027,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\irsir.sys -- (irsir)
DRV - [2010.02.24 13:41:50 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.11.12 12:48:56 | 000,007,168 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2009.07.31 17:06:30 | 000,022,488 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\PROGRA~2\DScaler\DSDRV4~2.SYS -- (DSDrv4AMD64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {e0dcd7a1-949c-490a-bd7b-d733c2bda820} - C:\Program Files (x86)\DieStaemme\prxtbDie2.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.spielesite.com/
IE - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A6 3C CF B3 96 90 CA 01  [binary data]
IE - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\..\URLSearchHook: {e0dcd7a1-949c-490a-bd7b-d733c2bda820} - C:\Program Files (x86)\DieStaemme\prxtbDie2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Users\NB\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\NB\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\NB\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.08 18:29:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.07.24 19:10:34 | 000,000,000 | ---D | M]
 
[2012.01.31 13:05:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NB\AppData\Roaming\mozilla\Extensions
[2011.12.11 17:05:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\NB\AppData\Roaming\mozilla\Extensions\net.openvpn.client
[2012.02.08 18:29:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.11.14 16:40:02 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.01.29 17:12:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.05.04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.03.19 08:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll
[2012.01.29 15:02:49 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.01.29 14:50:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.01.29 15:02:49 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.06.07 17:36:08 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
[2012.01.29 15:02:49 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.29 15:02:49 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.29 15:02:49 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (no name) - {02B1FD5A-D2A2-45AA-9959-C7BCA6AD319E} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (DieStaemme Toolbar) - {e0dcd7a1-949c-490a-bd7b-d733c2bda820} - C:\Program Files (x86)\DieStaemme\prxtbDie2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {1DD0B266-E640-46D1-AC22-C56831180C31} - No CLSID value found.
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\NB\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKLM\..\Toolbar: (DieStaemme Toolbar) - {e0dcd7a1-949c-490a-bd7b-d733c2bda820} - C:\Program Files (x86)\DieStaemme\prxtbDie2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\..\Toolbar\WebBrowser: (no name) - {1DD0B266-E640-46D1-AC22-C56831180C31} - No CLSID value found.
O3 - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\NB\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\..\Toolbar\WebBrowser: (DieStaemme Toolbar) - {E0DCD7A1-949C-490A-BD7B-D733C2BDA820} - C:\Program Files (x86)\DieStaemme\prxtbDie2.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [KMCONFIG] C:\Program Files (x86)\Keyboard & Mouse Driver\StartAutorun.exe KMConfig.exe File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files (x86)\Java\jre6\bin\npjpi160_29.dll (Sun Microsystems, Inc.)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\..Trusted Domains: hotmail.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\..Trusted Domains: live.com ([login] http in Trusted sites)
O15 - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\..Trusted Domains: msn.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\..Trusted Domains: passport.com ([www] * in Trusted sites)
O15 - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\..Trusted Domains: spielesite.com ([www] https in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{76AF22B5-1FB7-4D56-986A-DBA5D53091B9}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c6d6a28d-fc84-11de-9eff-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c6d6a28d-fc84-11de-9eff-806e6f6e6963}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^OpenVPN Client.lnk - C:\PROGRA~2\OPENVP~1\OPENVP~1\core\uiboot.exe - ()
MsConfig:64bit - StartUpReg: EA Core - hkey= - key= - C:\Program Files (x86)\Electronic Arts\EADM\Core.exe (Electronic Arts)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
MsConfig:64bit - State: "bootini" - Reg Error: Key error.
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codec - C:\Windows\SysWOW64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.08 17:16:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.02.05 18:37:23 | 000,000,000 | ---D | C] -- C:\Users\NB\AppData\Roaming\Malwarebytes
[2012.02.05 18:37:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.05 18:37:18 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.05 18:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.05 18:37:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.03 23:42:45 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2012.02.01 18:08:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.02.01 18:07:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SDHelper (Spybot - Search & Destroy)
[2012.02.01 18:07:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\File Scanner Library (Spybot - Search & Destroy)
[2012.02.01 18:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeaTimer (Spybot - Search & Destroy)
[2012.02.01 18:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Misc. Support Library (Spybot - Search & Destroy)
[2012.01.31 00:28:49 | 000,000,000 | ---D | C] -- C:\Users\NB\Desktop\SpybotPortable
[2012.01.26 18:16:00 | 000,000,000 | ---D | C] -- C:\Users\NB\AppData\Local\Audible
[2012.01.26 18:15:48 | 000,255,352 | ---- | C] (Audible, Inc.) -- C:\Windows\SysWow64\awrdscdc.ax
[2012.01.26 18:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AudibleManager
[2012.01.26 18:15:43 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2012.01.26 18:15:43 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2012.01.26 18:15:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Audible
[2012.01.26 18:15:16 | 000,000,000 | ---D | C] -- C:\Users\NB\Documents\Audible
[2012.01.26 18:15:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audible
[2012.01.26 18:15:04 | 000,000,000 | ---D | C] -- C:\Users\NB\Neuer Ordner
[2012.01.24 18:28:46 | 000,000,000 | ---D | C] -- C:\Users\NB\AppData\Roaming\Leadertech
[2012.01.24 15:10:38 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2012.01.24 11:20:10 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.01.24 11:20:10 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.01.24 11:20:09 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.01.24 11:20:09 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.01.24 11:20:08 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.01.24 11:20:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.01.24 11:20:06 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.01.24 11:20:05 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.01.24 11:20:05 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.01.24 11:20:05 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.01.24 11:20:04 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.01.24 11:14:44 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012.01.24 11:14:44 | 000,395,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\webio.dll
[2012.01.24 11:14:44 | 000,314,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\webio.dll
[2012.01.24 11:14:44 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2012.01.24 11:14:44 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2012.01.24 11:14:44 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2012.01.24 11:14:33 | 001,572,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\quartz.dll
[2012.01.24 11:14:33 | 001,328,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\quartz.dll
[2012.01.24 11:14:33 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2012.01.24 11:14:33 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2012.01.24 11:14:32 | 000,723,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\EncDec.dll
[2012.01.24 11:14:32 | 000,534,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\EncDec.dll
[2012.01.24 11:14:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2012.01.24 11:12:55 | 001,731,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2012.01.24 11:11:51 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\packager.dll
[2012.01.24 11:11:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\packager.dll
[2012.01.23 19:54:38 | 000,000,000 | ---D | C] -- C:\Users\NB\AppData\Local\MediaMonkey
[2012.01.23 19:54:30 | 000,000,000 | ---D | C] -- C:\Users\NB\AppData\Roaming\MediaMonkey
[2012.01.22 19:24:54 | 000,000,000 | ---D | C] -- C:\Users\NB\AppData\Roaming\COWON
[2012.01.22 18:28:50 | 000,000,000 | ---D | C] -- C:\Vimeo
[2012.01.22 18:19:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audials 9
[2012.01.19 19:44:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COWON
[2012.01.19 19:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jetAudio
[2012.01.19 19:41:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\COWON
[2012.01.19 19:40:41 | 000,000,000 | ---D | C] -- C:\Users\NB\AppData\Roaming\InstallShield
[2012.01.13 19:10:25 | 000,000,000 | ---D | C] -- C:\Users\NB\AppData\Roaming\AdobeUM
[2012.01.13 19:02:13 | 000,000,000 | ---D | C] -- C:\Users\NB\AppData\Local\NokiaAccount
[2012.01.13 18:54:47 | 000,000,000 | ---D | C] -- C:\Users\NB\AppData\Local\Nokia
[2012.01.13 18:53:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia
[2012.01.13 18:53:01 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2012.01.13 18:52:59 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys
[2012.01.13 18:52:56 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2012.01.13 18:50:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache
[2012.01.13 18:42:42 | 000,000,000 | -HSD | C] -- C:\Windows\ftpcache
[2012.01.13 18:38:26 | 000,000,000 | ---D | C] -- C:\Users\NB\Phone Browser
[2012.01.13 18:35:14 | 000,000,000 | ---D | C] -- C:\Users\NB\AppData\Roaming\Nokia
[2012.01.13 18:28:28 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.01.13 18:27:03 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite
[2012.01.13 18:26:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PCSuite
[2012.01.13 18:25:47 | 000,000,000 | ---D | C] -- C:\Users\NB\AppData\Roaming\PC Suite
[2012.01.13 18:25:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia
[2012.01.13 18:24:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.10 18:18:19 | 000,013,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.10 18:18:19 | 000,013,424 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.10 18:17:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.10 18:16:01 | 000,001,144 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1931242635-1971727323-3307929102-1001UA.job
[2012.02.10 18:10:43 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.10 18:10:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.10 18:09:51 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.08 18:29:34 | 000,001,134 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.02.05 18:37:19 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.03 23:44:31 | 000,001,360 | ---- | M] () -- C:\Users\NB\Desktop\SpybotSD - Verknüpfung.lnk
[2012.02.03 23:42:33 | 370,319,664 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.02.02 00:16:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1931242635-1971727323-3307929102-1001Core.job
[2012.01.31 18:00:50 | 001,512,238 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.31 18:00:50 | 000,658,946 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.31 18:00:50 | 000,620,132 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.31 18:00:50 | 000,132,516 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.31 18:00:50 | 000,108,314 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.31 13:46:41 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.01.26 18:15:56 | 000,001,969 | ---- | M] () -- C:\Users\NB\Desktop\Audible Manager.lnk
[2012.01.26 18:15:48 | 000,255,352 | ---- | M] (Audible, Inc.) -- C:\Windows\SysWow64\awrdscdc.ax
[2012.01.24 11:37:57 | 000,431,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.01.22 18:19:52 | 000,001,140 | ---- | M] () -- C:\Users\Public\Desktop\Audials 9.lnk
[2012.01.19 19:44:14 | 000,000,549 | ---- | M] () -- C:\Users\Public\Desktop\iAUDIO 9 German User's Guide.lnk
[2012.01.19 19:42:02 | 000,000,787 | ---- | M] () -- C:\Users\Public\Desktop\jetAudio.lnk
[2012.01.13 19:09:30 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012.01.13 18:34:21 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.02.08 18:29:34 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.02.08 18:29:34 | 000,001,134 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.02.05 18:37:19 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.03 23:44:31 | 000,001,360 | ---- | C] () -- C:\Users\NB\Desktop\SpybotSD - Verknüpfung.lnk
[2012.02.03 23:42:33 | 370,319,664 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.01.26 18:15:56 | 000,001,969 | ---- | C] () -- C:\Users\NB\Desktop\Audible Manager.lnk
[2012.01.22 18:19:52 | 000,001,140 | ---- | C] () -- C:\Users\Public\Desktop\Audials 9.lnk
[2012.01.19 19:44:14 | 000,000,549 | ---- | C] () -- C:\Users\Public\Desktop\iAUDIO 9 German User's Guide.lnk
[2012.01.19 19:42:02 | 000,000,787 | ---- | C] () -- C:\Users\Public\Desktop\jetAudio.lnk
[2012.01.13 19:09:30 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_PCCSWpdDriver_01_09_00.Wdf
[2012.01.13 18:34:21 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ccdcmbx64_01009.Wdf
[2011.12.06 15:45:44 | 000,005,120 | ---- | C] () -- C:\Users\NB\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.01 18:03:40 | 000,004,096 | -H-- | C] () -- C:\Users\NB\AppData\Local\keyfile3.drm
[2010.10.18 19:53:24 | 002,648,064 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll
[2010.05.16 14:59:05 | 000,000,206 | ---- | C] () -- C:\Windows\SHISETUP.SYS
[2010.01.08 15:05:21 | 000,007,168 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys
[2010.01.08 13:53:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.01.08 13:07:44 | 000,004,801 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2006.10.11 04:33:58 | 000,010,288 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.10.03 14:46:24 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\7-PDFMaker
[2010.10.03 14:44:20 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\7-PDFSplitMerge
[2012.01.13 19:10:25 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Adobe
[2012.01.13 19:10:25 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\AdobeUM
[2010.01.08 13:54:24 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\ATI
[2011.02.18 17:46:47 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Avira
[2011.08.03 18:38:27 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Canneverbe Limited
[2012.01.22 19:24:54 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\COWON
[2011.04.01 23:09:40 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\CyberLink
[2010.05.13 18:07:44 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\DScaler4
[2011.06.07 17:36:08 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Gutscheinmieze
[2010.01.08 12:45:08 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Identities
[2012.01.19 19:40:41 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\InstallShield
[2012.01.24 18:28:46 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Leadertech
[2010.05.26 14:31:56 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Lexware
[2010.01.08 13:57:39 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Macromedia
[2012.02.05 18:37:23 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Malwarebytes
[2009.07.14 19:18:34 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Media Center Programs
[2010.05.13 17:04:02 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Media Player Classic
[2012.01.31 19:52:48 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\MediaMonkey
[2011.11.02 19:40:42 | 000,000,000 | --SD | M] -- C:\Users\NB\AppData\Roaming\Microsoft
[2012.02.08 18:29:43 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Mozilla
[2012.01.13 18:54:47 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Nokia
[2010.10.03 14:26:47 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\OpenCandy
[2011.12.11 17:05:09 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\OpenVPN Technologies
[2012.01.13 18:27:04 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\PC Suite
[2010.06.14 14:51:57 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\phonostar GmbH
[2012.01.24 23:49:51 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Skype
[2011.06.05 13:27:04 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Swiss Academic Software
[2012.01.24 18:20:33 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Tobit
[2011.03.01 19:29:59 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\TuneUp Software
[2011.07.23 17:22:39 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\U3
[2010.11.29 18:58:35 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\Uniblue
[2010.01.11 19:11:06 | 000,000,000 | ---D | M] -- C:\Users\NB\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2010.06.10 13:19:22 | 000,825,856 | ---- | M] (Synatix GmbH) -- C:\Users\NB\AppData\Roaming\Gutscheinmieze\uninstall.exe
[2010.01.08 13:51:05 | 000,010,134 | R--- | M] () -- C:\Users\NB\AppData\Roaming\Microsoft\Installer\{42CA2096-C607-7F71-5550-F19BCD9A4100}\ARPPRODUCTICON.exe
[2011.05.25 16:42:51 | 000,137,750 | R--- | M] () -- C:\Users\NB\AppData\Roaming\Microsoft\Installer\{5D5509EA-B85A-411E-AB75-59069A411876}\_02506422F3D2BE4CA37487.exe
[2011.05.25 16:42:51 | 000,137,750 | R--- | M] () -- C:\Users\NB\AppData\Roaming\Microsoft\Installer\{5D5509EA-B85A-411E-AB75-59069A411876}\_267C690D0AFBAADCB8FC6B.exe
[2011.05.25 16:42:51 | 000,010,134 | R--- | M] () -- C:\Users\NB\AppData\Roaming\Microsoft\Installer\{5D5509EA-B85A-411E-AB75-59069A411876}\_4F0256E95A66B02112203A.exe
[2011.05.25 16:42:51 | 000,137,750 | R--- | M] () -- C:\Users\NB\AppData\Roaming\Microsoft\Installer\{5D5509EA-B85A-411E-AB75-59069A411876}\_853F67D554F05449430E7E.exe
[2010.02.12 14:39:13 | 000,010,134 | R--- | M] () -- C:\Users\NB\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2011.04.12 16:17:41 | 000,026,112 | ---- | M] () -- C:\Users\NB\AppData\Roaming\Microsoft\Windows\SendTo\Upload auf img5.exe
[2010.10.03 14:26:47 | 000,331,304 | ---- | M] () -- C:\Users\NB\AppData\Roaming\OpenCandy\OpenCandy_509F0B89C2544A04A3276C4B994AC032\DLMgr_3_1.6.44.exe
[2010.03.05 22:42:26 | 004,004,928 | ---- | M] (Uniblue Systems Ltd                                         ) -- C:\Users\NB\AppData\Roaming\OpenCandy\OpenCandy_509F0B89C2544A04A3276C4B994AC032\registrybooster(9).exe
[2010.06.16 14:14:16 | 010,350,912 | ---- | M] (                                                            ) -- C:\Users\NB\AppData\Roaming\phonostar GmbH\phonostar-Player\update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]

< End of report >

cosinus · 10.02.2012, 20:52

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

:OTL
PRC - [2011.12.14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2011.12.13 17:42:08 | 000,922,976 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
SRV - [2011.12.14 13:13:28 | 000,748,440 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
IE - HKLM\..\URLSearchHook: {e0dcd7a1-949c-490a-bd7b-d733c2bda820} - C:\Program Files (x86)\DieStaemme\prxtbDie2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.spielesite.com/
IE - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A6 3C CF B3 96 90 CA 01  [binary data]
IE - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\..\URLSearchHook: {e0dcd7a1-949c-490a-bd7b-d733c2bda820} - C:\Program Files (x86)\DieStaemme\prxtbDie2.dll (Conduit Ltd.)
O2 - BHO: (no name) - {02B1FD5A-D2A2-45AA-9959-C7BCA6AD319E} - No CLSID value found.
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (DieStaemme Toolbar) - {e0dcd7a1-949c-490a-bd7b-d733c2bda820} - C:\Program Files (x86)\DieStaemme\prxtbDie2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {1DD0B266-E640-46D1-AC22-C56831180C31} - No CLSID value found.
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\NB\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKLM\..\Toolbar: (DieStaemme Toolbar) - {e0dcd7a1-949c-490a-bd7b-d733c2bda820} - C:\Program Files (x86)\DieStaemme\prxtbDie2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\..\Toolbar\WebBrowser: (no name) - {1DD0B266-E640-46D1-AC22-C56831180C31} - No CLSID value found.
O3 - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - C:\Users\NB\AppData\Roaming\Gutscheinmieze\toolbar.dll (Synatix GmbH)
O3 - HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\..\Toolbar\WebBrowser: (DieStaemme Toolbar) - {E0DCD7A1-949C-490A-BD7B-D733C2BDA820} - C:\Program Files (x86)\DieStaemme\prxtbDie2.dll (Conduit Ltd.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c6d6a28d-fc84-11de-9eff-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{c6d6a28d-fc84-11de-9eff-806e6f6e6963}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a
:Commands
[emptytemp]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Neowyn · 12.02.2012, 18:12

Hier ist das Log
PS: Danke für deine Hilfe

Code:

ATTFilter

All processes killed
========== OTL ==========
Process ApplicationUpdater.exe killed successfully!
No active process named SearchSettings.exe was found!
Service Application Updater stopped successfully!
Service Application Updater deleted successfully!
C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{e0dcd7a1-949c-490a-bd7b-d733c2bda820} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0dcd7a1-949c-490a-bd7b-d733c2bda820}\ deleted successfully.
C:\Program Files (x86)\DieStaemme\prxtbDie2.dll moved successfully.
HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-1931242635-1971727323-3307929102-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1931242635-1971727323-3307929102-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll moved successfully.
Registry value HKEY_USERS\S-1-5-21-1931242635-1971727323-3307929102-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{e0dcd7a1-949c-490a-bd7b-d733c2bda820} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0dcd7a1-949c-490a-bd7b-d733c2bda820}\ not found.
File C:\Program Files (x86)\DieStaemme\prxtbDie2.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02B1FD5A-D2A2-45AA-9959-C7BCA6AD319E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02B1FD5A-D2A2-45AA-9959-C7BCA6AD319E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e0dcd7a1-949c-490a-bd7b-d733c2bda820}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0dcd7a1-949c-490a-bd7b-d733c2bda820}\ not found.
File C:\Program Files (x86)\DieStaemme\prxtbDie2.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{1DD0B266-E640-46D1-AC22-C56831180C31} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DD0B266-E640-46D1-AC22-C56831180C31}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files (x86)\pdfforge Toolbar\IE\4.9\pdfforgeToolbarIE.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ deleted successfully.
C:\Users\NB\AppData\Roaming\Gutscheinmieze\toolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{e0dcd7a1-949c-490a-bd7b-d733c2bda820} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e0dcd7a1-949c-490a-bd7b-d733c2bda820}\ not found.
File C:\Program Files (x86)\DieStaemme\prxtbDie2.dll not found.
Registry value HKEY_USERS\S-1-5-21-1931242635-1971727323-3307929102-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{1DD0B266-E640-46D1-AC22-C56831180C31} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1DD0B266-E640-46D1-AC22-C56831180C31}\ not found.
Registry value HKEY_USERS\S-1-5-21-1931242635-1971727323-3307929102-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
File C:\Users\NB\AppData\Roaming\Gutscheinmieze\toolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1931242635-1971727323-3307929102-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E0DCD7A1-949C-490A-BD7B-D733C2BDA820} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E0DCD7A1-949C-490A-BD7B-D733C2BDA820}\ not found.
File C:\Program Files (x86)\DieStaemme\prxtbDie2.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchSettings deleted successfully.
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\PromptOnSecureDesktop deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6d6a28d-fc84-11de-9eff-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c6d6a28d-fc84-11de-9eff-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c6d6a28d-fc84-11de-9eff-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c6d6a28d-fc84-11de-9eff-806e6f6e6963}\ not found.
File G:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\H\ not found.
File H:\LaunchU3.exe -a not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: NB
->Temp folder emptied: 19980316 bytes
->Temporary Internet Files folder emptied: 370151779 bytes
->Java cache emptied: 31348541 bytes
->FireFox cache emptied: 74626669 bytes
->Flash cache emptied: 8576 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85029 bytes
RecycleBin emptied: 200809510 bytes
 
Total Files Cleaned = 665,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 02122012_180147

cosinus · 12.02.2012, 18:45

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )

Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!

Neowyn · 13.02.2012, 12:47

Hier ist das Log vom TDSS Killer
Ist das normal das Antivir den Tdss Killer als Malware erkennt?

Code:

ATTFilter

12:36:23.0537 4060	TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
12:36:23.0635 4060	============================================================
12:36:23.0635 4060	Current date / time: 2012/02/13 12:36:23.0635
12:36:23.0635 4060	SystemInfo:
12:36:23.0635 4060	
12:36:23.0636 4060	OS Version: 6.1.7601 ServicePack: 1.0
12:36:23.0636 4060	Product type: Workstation
12:36:23.0636 4060	ComputerName: NB-PC
12:36:23.0636 4060	UserName: NB
12:36:23.0636 4060	Windows directory: C:\Windows
12:36:23.0636 4060	System windows directory: C:\Windows
12:36:23.0636 4060	Running under WOW64
12:36:23.0636 4060	Processor architecture: Intel x64
12:36:23.0636 4060	Number of processors: 4
12:36:23.0636 4060	Page size: 0x1000
12:36:23.0636 4060	Boot type: Normal boot
12:36:23.0636 4060	============================================================
12:36:24.0882 4060	Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:36:24.0884 4060	Drive \Device\Harddisk1\DR1 - Size: 0x45DD826000 (279.46 Gb), SectorSize: 0x200, Cylinders: 0x8E81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
12:36:24.0899 4060	\Device\Harddisk0\DR0:
12:36:24.0899 4060	MBR used
12:36:24.0899 4060	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:36:24.0899 4060	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3D05D800
12:36:24.0899 4060	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3D090000, BlocksNum 0x3D090000
12:36:24.0899 4060	\Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x7A120000, BlocksNum 0x34967000
12:36:24.0899 4060	\Device\Harddisk1\DR1:
12:36:24.0901 4060	MBR used
12:36:24.0905 4060	\Device\Harddisk1\DR1\Partition0: MBR, Type 0x7, StartLBA 0x3F00, BlocksNum 0x22EE6E41
12:36:25.0051 4060	Initialize success
12:36:25.0051 4060	============================================================
12:37:20.0887 3964	============================================================
12:37:20.0887 3964	Scan started
12:37:20.0887 3964	Mode: Manual; SigCheck; TDLFS; 
12:37:20.0887 3964	============================================================
12:37:23.0075 3964	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
12:37:23.0156 3964	1394ohci - ok
12:37:23.0191 3964	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
12:37:23.0206 3964	ACPI - ok
12:37:23.0229 3964	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
12:37:23.0292 3964	AcpiPmi - ok
12:37:23.0336 3964	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
12:37:23.0354 3964	adp94xx - ok
12:37:23.0375 3964	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
12:37:23.0390 3964	adpahci - ok
12:37:23.0403 3964	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
12:37:23.0416 3964	adpu320 - ok
12:37:23.0450 3964	AFD             (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
12:37:23.0500 3964	AFD - ok
12:37:23.0514 3964	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
12:37:23.0525 3964	agp440 - ok
12:37:23.0550 3964	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
12:37:23.0559 3964	aliide - ok
12:37:23.0576 3964	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
12:37:23.0586 3964	amdide - ok
12:37:23.0608 3964	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
12:37:23.0653 3964	AmdK8 - ok
12:37:23.0673 3964	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
12:37:23.0698 3964	AmdPPM - ok
12:37:23.0726 3964	amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
12:37:23.0738 3964	amdsata - ok
12:37:23.0758 3964	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
12:37:23.0771 3964	amdsbs - ok
12:37:23.0778 3964	amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
12:37:23.0787 3964	amdxata - ok
12:37:23.0841 3964	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
12:37:23.0980 3964	AppID - ok
12:37:24.0001 3964	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
12:37:24.0012 3964	arc - ok
12:37:24.0033 3964	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
12:37:24.0045 3964	arcsas - ok
12:37:24.0072 3964	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
12:37:24.0165 3964	AsyncMac - ok
12:37:24.0171 3964	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
12:37:24.0180 3964	atapi - ok
12:37:24.0222 3964	AtiHdmiService  (506934df94e3197f4a1bbe8fbeab0ccd) C:\Windows\system32\drivers\AtiHdmi.sys
12:37:24.0270 3964	AtiHdmiService - ok
12:37:24.0389 3964	atikmdag        (52bd95caa9cae8977fe043e9ad6d2d0e) C:\Windows\system32\DRIVERS\atikmdag.sys
12:37:24.0589 3964	atikmdag - ok
12:37:24.0603 3964	AtiPcie         (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
12:37:24.0612 3964	AtiPcie - ok
12:37:24.0627 3964	avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
12:37:24.0637 3964	avgntflt - ok
12:37:24.0697 3964	avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
12:37:24.0708 3964	avipbb - ok
12:37:24.0747 3964	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
12:37:24.0777 3964	b06bdrv - ok
12:37:24.0815 3964	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
12:37:24.0849 3964	b57nd60a - ok
12:37:24.0882 3964	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
12:37:24.0925 3964	Beep - ok
12:37:24.0947 3964	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
12:37:24.0971 3964	blbdrive - ok
12:37:24.0996 3964	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
12:37:25.0017 3964	bowser - ok
12:37:25.0039 3964	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:37:25.0090 3964	BrFiltLo - ok
12:37:25.0101 3964	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:37:25.0123 3964	BrFiltUp - ok
12:37:25.0145 3964	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
12:37:25.0177 3964	Brserid - ok
12:37:25.0195 3964	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
12:37:25.0208 3964	BrSerWdm - ok
12:37:25.0215 3964	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
12:37:25.0238 3964	BrUsbMdm - ok
12:37:25.0289 3964	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
12:37:25.0348 3964	BrUsbSer - ok
12:37:25.0536 3964	BT848           (ef5c778737ea9d4c3b35c93b77c08f97) C:\Windows\system32\drivers\BT848.sys
12:37:25.0549 3964	BT848 ( UnsignedFile.Multi.Generic ) - warning
12:37:25.0549 3964	BT848 - detected UnsignedFile.Multi.Generic (1)
12:37:25.0564 3964	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
12:37:25.0594 3964	BTHMODEM - ok
12:37:25.0605 3964	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
12:37:25.0632 3964	cdfs - ok
12:37:25.0664 3964	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
12:37:25.0679 3964	cdrom - ok
12:37:25.0702 3964	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
12:37:25.0715 3964	circlass - ok
12:37:25.0745 3964	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
12:37:25.0760 3964	CLFS - ok
12:37:25.0863 3964	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
12:37:25.0880 3964	CmBatt - ok
12:37:25.0906 3964	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
12:37:25.0916 3964	cmdide - ok
12:37:25.0945 3964	CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
12:37:25.0968 3964	CNG - ok
12:37:25.0978 3964	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
12:37:25.0994 3964	Compbatt - ok
12:37:26.0025 3964	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
12:37:26.0041 3964	CompositeBus - ok
12:37:26.0056 3964	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
12:37:26.0056 3964	crcdisk - ok
12:37:26.0103 3964	CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
12:37:26.0150 3964	CSC - ok
12:37:26.0181 3964	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
12:37:26.0228 3964	DfsC - ok
12:37:26.0228 3964	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
12:37:26.0275 3964	discache - ok
12:37:26.0306 3964	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
12:37:26.0306 3964	Disk - ok
12:37:26.0353 3964	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
12:37:26.0384 3964	drmkaud - ok
12:37:26.0447 3964	DSDrv4AMD64     (390fbd3f370406e0b3767d3c71a4b3e5) C:\PROGRA~2\DScaler\DSDRV4~2.SYS
12:37:26.0463 3964	DSDrv4AMD64 - ok
12:37:26.0494 3964	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
12:37:26.0509 3964	DXGKrnl - ok
12:37:26.0603 3964	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
12:37:26.0713 3964	ebdrv - ok
12:37:26.0744 3964	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
12:37:26.0759 3964	elxstor - ok
12:37:26.0791 3964	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
12:37:26.0806 3964	ErrDev - ok
12:37:26.0822 3964	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
12:37:26.0853 3964	exfat - ok
12:37:26.0869 3964	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
12:37:26.0900 3964	fastfat - ok
12:37:26.0916 3964	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
12:37:26.0931 3964	fdc - ok
12:37:26.0947 3964	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
12:37:26.0963 3964	FileInfo - ok
12:37:26.0978 3964	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
12:37:27.0009 3964	Filetrace - ok
12:37:27.0041 3964	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
12:37:27.0056 3964	flpydisk - ok
12:37:27.0072 3964	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
12:37:27.0088 3964	FltMgr - ok
12:37:27.0119 3964	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
12:37:27.0119 3964	FsDepends - ok
12:37:27.0134 3964	Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
12:37:27.0150 3964	Fs_Rec - ok
12:37:27.0166 3964	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
12:37:27.0181 3964	fvevol - ok
12:37:27.0197 3964	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
12:37:27.0213 3964	gagp30kx - ok
12:37:27.0259 3964	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
12:37:27.0275 3964	hcw85cir - ok
12:37:27.0322 3964	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
12:37:27.0338 3964	HdAudAddService - ok
12:37:27.0369 3964	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
12:37:27.0384 3964	HDAudBus - ok
12:37:27.0416 3964	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
12:37:27.0431 3964	HidBatt - ok
12:37:27.0431 3964	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
12:37:27.0463 3964	HidBth - ok
12:37:27.0478 3964	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
12:37:27.0494 3964	HidIr - ok
12:37:27.0509 3964	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
12:37:27.0541 3964	HidUsb - ok
12:37:27.0556 3964	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
12:37:27.0572 3964	HpSAMD - ok
12:37:27.0603 3964	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
12:37:27.0666 3964	HTTP - ok
12:37:27.0681 3964	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
12:37:27.0697 3964	hwpolicy - ok
12:37:27.0713 3964	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
12:37:27.0728 3964	i8042prt - ok
12:37:27.0759 3964	iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
12:37:27.0775 3964	iaStorV - ok
12:37:27.0791 3964	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
12:37:27.0806 3964	iirsp - ok
12:37:27.0869 3964	IntcAzAudAddService (d7dc70eb652bd2fba1e3cb6290a63452) C:\Windows\system32\drivers\RTKVHD64.sys
12:37:27.0900 3964	IntcAzAudAddService - ok
12:37:27.0916 3964	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
12:37:27.0916 3964	intelide - ok
12:37:27.0931 3964	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
12:37:27.0963 3964	intelppm - ok
12:37:27.0994 3964	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:37:28.0025 3964	IpFilterDriver - ok
12:37:28.0072 3964	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
12:37:28.0088 3964	IPMIDRV - ok
12:37:28.0103 3964	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
12:37:28.0134 3964	IPNAT - ok
12:37:28.0166 3964	irda            (05360b1ea5a2abf620d1d96ebd8bd8f1) C:\Windows\system32\DRIVERS\irda.sys
12:37:28.0181 3964	irda - ok
12:37:28.0197 3964	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
12:37:28.0228 3964	IRENUM - ok
12:37:28.0259 3964	irsir           (d2ca12736624ba636f8357dc3ef0757e) C:\Windows\system32\DRIVERS\irsir.sys
12:37:28.0275 3964	irsir - ok
12:37:28.0306 3964	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
12:37:28.0322 3964	isapnp - ok
12:37:28.0338 3964	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
12:37:28.0353 3964	iScsiPrt - ok
12:37:28.0384 3964	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
12:37:28.0384 3964	kbdclass - ok
12:37:28.0400 3964	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
12:37:28.0416 3964	kbdhid - ok
12:37:28.0447 3964	KMWDFILTER      (07071c1e3cd8f0f9114aac8b072ca1e5) C:\Windows\system32\DRIVERS\KMWDFILTER.sys
12:37:28.0463 3964	KMWDFILTER - ok
12:37:28.0494 3964	KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
12:37:28.0509 3964	KSecDD - ok
12:37:28.0541 3964	KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
12:37:28.0556 3964	KSecPkg - ok
12:37:28.0556 3964	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
12:37:28.0588 3964	ksthunk - ok
12:37:28.0619 3964	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
12:37:28.0650 3964	lltdio - ok
12:37:28.0681 3964	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
12:37:28.0697 3964	LSI_FC - ok
12:37:28.0713 3964	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
12:37:28.0728 3964	LSI_SAS - ok
12:37:28.0744 3964	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:37:28.0744 3964	LSI_SAS2 - ok
12:37:28.0775 3964	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:37:28.0775 3964	LSI_SCSI - ok
12:37:28.0791 3964	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
12:37:28.0822 3964	luafv - ok
12:37:28.0853 3964	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
12:37:28.0853 3964	megasas - ok
12:37:28.0869 3964	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
12:37:28.0884 3964	MegaSR - ok
12:37:28.0916 3964	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
12:37:28.0931 3964	Modem - ok
12:37:28.0963 3964	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
12:37:28.0978 3964	monitor - ok
12:37:28.0994 3964	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
12:37:29.0009 3964	mouclass - ok
12:37:29.0025 3964	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
12:37:29.0041 3964	mouhid - ok
12:37:29.0056 3964	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
12:37:29.0072 3964	mountmgr - ok
12:37:29.0088 3964	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
12:37:29.0103 3964	mpio - ok
12:37:29.0119 3964	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
12:37:29.0166 3964	mpsdrv - ok
12:37:29.0181 3964	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
12:37:29.0213 3964	MRxDAV - ok
12:37:29.0213 3964	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
12:37:29.0259 3964	mrxsmb - ok
12:37:29.0275 3964	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:37:29.0306 3964	mrxsmb10 - ok
12:37:29.0322 3964	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:37:29.0322 3964	mrxsmb20 - ok
12:37:29.0369 3964	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
12:37:29.0384 3964	msahci - ok
12:37:29.0384 3964	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
12:37:29.0400 3964	msdsm - ok
12:37:29.0416 3964	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
12:37:29.0447 3964	Msfs - ok
12:37:29.0463 3964	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
12:37:29.0494 3964	mshidkmdf - ok
12:37:29.0525 3964	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
12:37:29.0525 3964	msisadrv - ok
12:37:29.0556 3964	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
12:37:29.0588 3964	MSKSSRV - ok
12:37:29.0603 3964	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
12:37:29.0650 3964	MSPCLOCK - ok
12:37:29.0666 3964	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
12:37:29.0697 3964	MSPQM - ok
12:37:29.0728 3964	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
12:37:29.0744 3964	MsRPC - ok
12:37:29.0759 3964	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
12:37:29.0775 3964	mssmbios - ok
12:37:29.0775 3964	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
12:37:29.0806 3964	MSTEE - ok
12:37:29.0838 3964	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
12:37:29.0853 3964	MTConfig - ok
12:37:29.0884 3964	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
12:37:29.0900 3964	Mup - ok
12:37:29.0916 3964	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
12:37:29.0947 3964	NativeWifiP - ok
12:37:29.0994 3964	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
12:37:30.0025 3964	NDIS - ok
12:37:30.0041 3964	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
12:37:30.0072 3964	NdisCap - ok
12:37:30.0088 3964	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
12:37:30.0119 3964	NdisTapi - ok
12:37:30.0150 3964	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
12:37:30.0166 3964	Ndisuio - ok
12:37:30.0197 3964	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
12:37:30.0228 3964	NdisWan - ok
12:37:30.0259 3964	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
12:37:30.0291 3964	NDProxy - ok
12:37:30.0291 3964	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
12:37:30.0338 3964	NetBIOS - ok
12:37:30.0353 3964	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
12:37:30.0400 3964	NetBT - ok
12:37:30.0431 3964	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
12:37:30.0447 3964	nfrd960 - ok
12:37:30.0463 3964	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
12:37:30.0494 3964	Npfs - ok
12:37:30.0525 3964	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
12:37:30.0556 3964	nsiproxy - ok
12:37:30.0603 3964	Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
12:37:30.0681 3964	Ntfs - ok
12:37:30.0697 3964	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
12:37:30.0744 3964	Null - ok
12:37:30.0759 3964	nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
12:37:30.0775 3964	nvraid - ok
12:37:30.0791 3964	nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
12:37:30.0806 3964	nvstor - ok
12:37:30.0838 3964	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
12:37:30.0853 3964	nv_agp - ok
12:37:30.0884 3964	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
12:37:30.0916 3964	ohci1394 - ok
12:37:30.0978 3964	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
12:37:30.0994 3964	Parport - ok
12:37:31.0088 3964	partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
12:37:31.0103 3964	partmgr - ok
12:37:31.0119 3964	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
12:37:31.0134 3964	pci - ok
12:37:31.0134 3964	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
12:37:31.0150 3964	pciide - ok
12:37:31.0166 3964	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
12:37:31.0181 3964	pcmcia - ok
12:37:31.0181 3964	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
12:37:31.0197 3964	pcw - ok
12:37:31.0228 3964	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
12:37:31.0275 3964	PEAUTH - ok
12:37:31.0322 3964	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
12:37:31.0353 3964	PptpMiniport - ok
12:37:31.0384 3964	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
12:37:31.0400 3964	Processor - ok
12:37:31.0447 3964	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
12:37:31.0494 3964	Psched - ok
12:37:31.0541 3964	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
12:37:31.0588 3964	ql2300 - ok
12:37:31.0603 3964	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
12:37:31.0619 3964	ql40xx - ok
12:37:31.0634 3964	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
12:37:31.0666 3964	QWAVEdrv - ok
12:37:31.0681 3964	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
12:37:31.0697 3964	RasAcd - ok
12:37:31.0728 3964	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
12:37:31.0759 3964	RasAgileVpn - ok
12:37:31.0791 3964	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
12:37:31.0822 3964	Rasl2tp - ok
12:37:31.0853 3964	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
12:37:31.0884 3964	RasPppoe - ok
12:37:31.0916 3964	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
12:37:31.0931 3964	RasSstp - ok
12:37:31.0963 3964	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
12:37:32.0009 3964	rdbss - ok
12:37:32.0009 3964	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
12:37:32.0025 3964	rdpbus - ok
12:37:32.0056 3964	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
12:37:32.0088 3964	RDPCDD - ok
12:37:32.0103 3964	RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
12:37:32.0134 3964	RDPDR - ok
12:37:32.0134 3964	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
12:37:32.0166 3964	RDPENCDD - ok
12:37:32.0181 3964	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
12:37:32.0197 3964	RDPREFMP - ok
12:37:32.0228 3964	RDPWD           (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
12:37:32.0275 3964	RDPWD - ok
12:37:32.0306 3964	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
12:37:32.0322 3964	rdyboost - ok
12:37:32.0353 3964	RRNetCap        (2abd2b3ba2ef0c3ba82284c2a5e28675) C:\Windows\system32\DRIVERS\rrnetcap.sys
12:37:32.0369 3964	RRNetCap - ok
12:37:32.0369 3964	RRNetCapMP      (2abd2b3ba2ef0c3ba82284c2a5e28675) C:\Windows\system32\DRIVERS\rrnetcap.sys
12:37:32.0369 3964	RRNetCapMP - ok
12:37:32.0384 3964	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
12:37:32.0400 3964	rspndr - ok
12:37:32.0447 3964	RTL8167         (abcb5a38a0d85bdf69b7877e1ad1eed5) C:\Windows\system32\DRIVERS\Rt64win7.sys
12:37:32.0494 3964	RTL8167 - ok
12:37:32.0509 3964	s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
12:37:32.0525 3964	s3cap - ok
12:37:32.0556 3964	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
12:37:32.0556 3964	sbp2port - ok
12:37:32.0588 3964	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
12:37:32.0619 3964	scfilter - ok
12:37:32.0634 3964	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
12:37:32.0666 3964	secdrv - ok
12:37:32.0697 3964	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
12:37:32.0697 3964	Serenum - ok
12:37:32.0713 3964	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
12:37:32.0744 3964	Serial - ok
12:37:32.0775 3964	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
12:37:32.0791 3964	sermouse - ok
12:37:32.0838 3964	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
12:37:32.0869 3964	sffdisk - ok
12:37:32.0884 3964	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
12:37:32.0916 3964	sffp_mmc - ok
12:37:32.0931 3964	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
12:37:32.0963 3964	sffp_sd - ok
12:37:32.0978 3964	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
12:37:32.0994 3964	sfloppy - ok
12:37:33.0025 3964	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:37:33.0041 3964	SiSRaid2 - ok
12:37:33.0056 3964	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
12:37:33.0072 3964	SiSRaid4 - ok
12:37:33.0088 3964	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
12:37:33.0119 3964	Smb - ok
12:37:33.0134 3964	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
12:37:33.0134 3964	spldr - ok
12:37:33.0166 3964	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
12:37:33.0181 3964	srv - ok
12:37:33.0213 3964	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
12:37:33.0244 3964	srv2 - ok
12:37:33.0259 3964	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
12:37:33.0291 3964	srvnet - ok
12:37:33.0338 3964	StarOpen        (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys
12:37:33.0338 3964	StarOpen ( UnsignedFile.Multi.Generic ) - warning
12:37:33.0338 3964	StarOpen - detected UnsignedFile.Multi.Generic (1)
12:37:33.0353 3964	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
12:37:33.0353 3964	stexstor - ok
12:37:33.0369 3964	storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
12:37:33.0384 3964	storflt - ok
12:37:33.0400 3964	storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
12:37:33.0416 3964	storvsc - ok
12:37:33.0416 3964	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
12:37:33.0431 3964	swenum - ok
12:37:33.0463 3964	tapoas          (927d0cdb3f96efc1e98fb1a2c9fb67ad) C:\Windows\system32\DRIVERS\tapoas.sys
12:37:33.0494 3964	tapoas - ok
12:37:33.0509 3964	tbhsd           (4430e9b4c60aab672d16e801bad0555e) C:\Windows\system32\drivers\tbhsd.sys
12:37:33.0525 3964	tbhsd - ok
12:37:33.0572 3964	Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
12:37:33.0634 3964	Tcpip - ok
12:37:33.0666 3964	TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
12:37:33.0681 3964	TCPIP6 - ok
12:37:33.0713 3964	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
12:37:33.0728 3964	tcpipreg - ok
12:37:33.0744 3964	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
12:37:33.0791 3964	TDPIPE - ok
12:37:33.0806 3964	TDTCP           (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
12:37:33.0838 3964	TDTCP - ok
12:37:33.0884 3964	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
12:37:33.0900 3964	tdx - ok
12:37:33.0916 3964	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
12:37:33.0931 3964	TermDD - ok
12:37:33.0963 3964	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
12:37:34.0009 3964	tssecsrv - ok
12:37:34.0041 3964	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
12:37:34.0056 3964	TsUsbFlt - ok
12:37:34.0134 3964	TuneUpUtilitiesDrv (dcc94c51d27c7ec0dadeca8f64c94fcf) C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys
12:37:34.0150 3964	TuneUpUtilitiesDrv - ok
12:37:34.0166 3964	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
12:37:34.0213 3964	tunnel - ok
12:37:34.0228 3964	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
12:37:34.0228 3964	uagp35 - ok
12:37:34.0259 3964	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
12:37:34.0306 3964	udfs - ok
12:37:34.0353 3964	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
12:37:34.0353 3964	uliagpkx - ok
12:37:34.0384 3964	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
12:37:34.0400 3964	umbus - ok
12:37:34.0431 3964	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
12:37:34.0447 3964	UmPass - ok
12:37:34.0494 3964	usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
12:37:34.0494 3964	usbccgp - ok
12:37:34.0525 3964	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
12:37:34.0541 3964	usbcir - ok
12:37:34.0556 3964	usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
12:37:34.0588 3964	usbehci - ok
12:37:34.0603 3964	usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
12:37:34.0634 3964	usbhub - ok
12:37:34.0650 3964	usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\DRIVERS\usbohci.sys
12:37:34.0681 3964	usbohci - ok
12:37:34.0713 3964	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
12:37:34.0728 3964	usbprint - ok
12:37:34.0759 3964	usbser          (4acee387fa8fd39f83564fcd2fc234f2) C:\Windows\system32\drivers\usbser.sys
12:37:34.0775 3964	usbser - ok
12:37:34.0791 3964	USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:37:34.0806 3964	USBSTOR - ok
12:37:34.0838 3964	usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
12:37:34.0853 3964	usbuhci - ok
12:37:34.0916 3964	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
12:37:34.0916 3964	vdrvroot - ok
12:37:34.0947 3964	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
12:37:34.0963 3964	vga - ok
12:37:34.0978 3964	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
12:37:35.0009 3964	VgaSave - ok
12:37:35.0041 3964	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
12:37:35.0056 3964	vhdmp - ok
12:37:35.0072 3964	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
12:37:35.0088 3964	viaide - ok
12:37:35.0088 3964	vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
12:37:35.0103 3964	vmbus - ok
12:37:35.0119 3964	VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
12:37:35.0150 3964	VMBusHID - ok
12:37:35.0150 3964	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
12:37:35.0166 3964	volmgr - ok
12:37:35.0181 3964	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
12:37:35.0197 3964	volmgrx - ok
12:37:35.0228 3964	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
12:37:35.0244 3964	volsnap - ok
12:37:35.0259 3964	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
12:37:35.0275 3964	vsmraid - ok
12:37:35.0291 3964	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
12:37:35.0306 3964	vwifibus - ok
12:37:35.0322 3964	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
12:37:35.0353 3964	WacomPen - ok
12:37:35.0384 3964	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:37:35.0416 3964	WANARP - ok
12:37:35.0431 3964	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
12:37:35.0447 3964	Wanarpv6 - ok
12:37:35.0463 3964	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
12:37:35.0478 3964	Wd - ok
12:37:35.0494 3964	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
12:37:35.0509 3964	Wdf01000 - ok
12:37:35.0541 3964	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
12:37:35.0556 3964	WfpLwf - ok
12:37:35.0572 3964	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
12:37:35.0588 3964	WIMMount - ok
12:37:35.0619 3964	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
12:37:35.0634 3964	WmiAcpi - ok
12:37:35.0666 3964	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
12:37:35.0713 3964	ws2ifsl - ok
12:37:35.0744 3964	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
12:37:35.0775 3964	WudfPf - ok
12:37:35.0806 3964	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
12:37:35.0838 3964	WUDFRd - ok
12:37:35.0884 3964	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
12:37:36.0009 3964	\Device\Harddisk0\DR0 - ok
12:37:36.0009 3964	MBR (0x1B8)     (671b81004fdd1588fa9ed1331c9ceca9) \Device\Harddisk1\DR1
12:37:36.0197 3964	\Device\Harddisk1\DR1 - ok
12:37:36.0197 3964	Boot (0x1200)   (225f0c62e1cfe033803bdef787fddb8c) \Device\Harddisk0\DR0\Partition0
12:37:36.0197 3964	\Device\Harddisk0\DR0\Partition0 - ok
12:37:36.0213 3964	Boot (0x1200)   (c38e4fa79c30f40795210f1fabf020c4) \Device\Harddisk0\DR0\Partition1
12:37:36.0213 3964	\Device\Harddisk0\DR0\Partition1 - ok
12:37:36.0244 3964	Boot (0x1200)   (7e51fb042573b5ed4a8307e706889c55) \Device\Harddisk0\DR0\Partition2
12:37:36.0244 3964	\Device\Harddisk0\DR0\Partition2 - ok
12:37:36.0259 3964	Boot (0x1200)   (11b76a39c917a5c60c502eb8512b6b64) \Device\Harddisk0\DR0\Partition3
12:37:36.0259 3964	\Device\Harddisk0\DR0\Partition3 - ok
12:37:36.0275 3964	Boot (0x1200)   (f5cfa9020c3779ef96ccc8abdd19f436) \Device\Harddisk1\DR1\Partition0
12:37:36.0275 3964	\Device\Harddisk1\DR1\Partition0 - ok
12:37:36.0275 3964	============================================================
12:37:36.0275 3964	Scan finished
12:37:36.0275 3964	============================================================
12:37:36.0275 2600	Detected object count: 2
12:37:36.0275 2600	Actual detected object count: 2
12:37:48.0400 2600	BT848 ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:48.0400 2600	BT848 ( UnsignedFile.Multi.Generic ) - User select action: Skip 
12:37:48.0400 2600	StarOpen ( UnsignedFile.Multi.Generic ) - skipped by user
12:37:48.0400 2600	StarOpen ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus · 13.02.2012, 13:19

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Neowyn · 13.02.2012, 18:26

Das Log von Combofix

[code]

Combofix Logfile:

Code:

ATTFilter

ComboFix 12-02-13.01 - NB 13.02.2012  17:48:13.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.4095.2770 [GMT 1:00]
ausgeführt von:: c:\users\NB\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\NB\4.0
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_alg.exe            pid: 1568     3C: c:\windows\System32\de-DE\alg.exe.mui
-------\Service_conhost.exe        pid: 2396     24: c:\windows\System32\de-DE\conhost.exe.mui
-------\Service_conhost.exe        pid: 5040     24: c:\windows\System32\de-DE\conhost.exe.mui
-------\Service_Copyright (C) 1997-2008 Mark Russinovich
-------\Service_Handle v3.42
-------\Service_lsm.exe            pid: 560     260: c:\windows\System32\de-DE\lsm.exe.mui
-------\Service_sidebar.exe        pid: 2960     DC: c:\program files\Windows Sidebar\sidebar.exe
-------\Service_Sysinternals - www.sysinternals.com
-------\Service_wmpnetwk.exe       pid: 3596     3C: c:\program files\Windows Media Player\de-DE\wmpnetwk.exe.mui
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-01-13 bis 2012-02-13  ))))))))))))))))))))))))))))))
.
.
2012-02-13 17:00 . 2012-02-13 17:00	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-02-12 17:01 . 2012-02-12 17:01	--------	d-----w-	C:\_OTL
2012-02-08 16:31 . 2012-01-17 03:39	8602168	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{F8AAAB58-7623-4DE0-B4C1-E984326D6B49}\mpengine.dll
2012-02-08 16:16 . 2012-02-08 16:16	--------	d-----w-	c:\program files (x86)\ESET
2012-02-05 17:37 . 2012-02-05 17:37	--------	d-----w-	c:\users\NB\AppData\Roaming\Malwarebytes
2012-02-05 17:37 . 2012-02-05 17:37	--------	d-----w-	c:\programdata\Malwarebytes
2012-02-05 17:37 . 2011-12-10 14:24	23152	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-02-05 17:37 . 2012-02-05 17:37	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-01 17:08 . 2012-02-01 17:24	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2012-02-01 17:07 . 2012-02-01 17:07	--------	d-----w-	c:\program files (x86)\SDHelper (Spybot - Search & Destroy)
2012-02-01 17:07 . 2012-02-01 17:07	--------	d-----w-	c:\program files (x86)\File Scanner Library (Spybot - Search & Destroy)
2012-02-01 17:07 . 2012-02-01 17:07	--------	d-----w-	c:\program files (x86)\TeaTimer (Spybot - Search & Destroy)
2012-02-01 17:07 . 2012-02-01 17:07	--------	d-----w-	c:\program files (x86)\Misc. Support Library (Spybot - Search & Destroy)
2012-01-26 17:16 . 2012-01-31 18:13	--------	d-----w-	c:\users\NB\AppData\Local\Audible
2012-01-26 17:15 . 2012-01-26 17:15	255352	----a-w-	c:\windows\SysWow64\awrdscdc.ax
2012-01-26 17:15 . 2003-03-18 20:20	1060864	------w-	c:\windows\SysWow64\mfc71.dll
2012-01-26 17:15 . 2003-03-18 19:14	499712	------w-	c:\windows\SysWow64\msvcp71.dll
2012-01-26 17:15 . 2003-02-21 03:42	348160	------w-	c:\windows\SysWow64\msvcr71.dll
2012-01-26 17:15 . 2001-08-17 21:43	24576	------w-	c:\windows\SysWow64\msxml3a.dll
2012-01-26 17:15 . 2012-01-26 17:15	--------	d-----w-	c:\program files (x86)\Audible
2012-01-26 17:15 . 2012-01-26 17:15	--------	d-----w-	c:\users\NB\Neuer Ordner
2012-01-24 17:28 . 2012-01-24 17:28	--------	d-----w-	c:\users\NB\AppData\Roaming\Leadertech
2012-01-24 14:10 . 2012-01-24 14:10	--------	d-----w-	c:\windows\system32\Macromed
2012-01-24 10:15 . 2011-11-05 05:32	2048	----a-w-	c:\windows\system32\tzres.dll
2012-01-24 10:15 . 2011-11-05 04:26	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2012-01-24 10:12 . 2011-09-29 16:29	1923952	----a-w-	c:\windows\system32\drivers\tcpip.sys
2012-01-24 10:12 . 2011-11-17 06:41	1731920	----a-w-	c:\windows\system32\ntdll.dll
2012-01-24 10:12 . 2011-11-17 05:38	1292080	----a-w-	c:\windows\SysWow64\ntdll.dll
2012-01-24 10:11 . 2011-11-19 14:58	77312	----a-w-	c:\windows\system32\packager.dll
2012-01-24 10:11 . 2011-11-19 14:01	67072	----a-w-	c:\windows\SysWow64\packager.dll
2012-01-23 18:54 . 2012-01-23 18:54	--------	d-----w-	c:\users\NB\AppData\Local\MediaMonkey
2012-01-23 18:54 . 2012-01-31 18:52	--------	d-----w-	c:\users\NB\AppData\Roaming\MediaMonkey
2012-01-22 18:24 . 2012-01-22 18:24	--------	d-----w-	c:\users\NB\AppData\Roaming\COWON
2012-01-22 17:28 . 2012-01-22 18:21	--------	d-----w-	C:\Vimeo
2012-01-19 18:43 . 2002-12-05 13:12	692224	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2012-01-19 18:43 . 2002-12-05 13:10	155648	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2012-01-19 18:43 . 2002-12-02 14:22	5632	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2012-01-19 18:43 . 2002-12-02 12:33	57344	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2012-01-19 18:43 . 2002-12-02 12:33	237568	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2012-01-19 18:43 . 2012-01-19 18:43	282756	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2012-01-19 18:43 . 2012-01-19 18:43	163972	----a-w-	c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2012-01-19 18:41 . 2012-01-19 18:42	--------	d-----w-	c:\program files (x86)\Common Files\COWON
2012-01-19 18:40 . 2012-01-19 18:40	--------	d-----w-	c:\users\NB\AppData\Roaming\InstallShield
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-31 12:46 . 2011-05-17 17:08	414368	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-01-29 04:10 . 2010-01-08 12:44	279656	------w-	c:\windows\system32\MpSigStub.exe
2011-11-17 09:38 . 2011-11-17 09:38	47208	----a-w-	c:\windows\system32\drivers\tbhsd.sys
2011-11-17 09:38 . 2011-11-17 09:38	37480	----a-w-	c:\windows\system32\drivers\rrnetcap.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-18 98304]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-01-10 281768]
"KMCONFIG"="c:\program files (x86)\Keyboard & Mouse Driver\StartAutorun.exe" [2007-03-06 212992]
"RemoteControl"="c:\program files (x86)\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"LexwareInfoService"=c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 BT848;Conexant's BtPCI WDM Video Capture (AMD64);c:\windows\system32\drivers\BT848.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-14 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-14 136176]
R3 RRNetCap;RRNetCap Service;c:\windows\system32\DRIVERS\rrnetcap.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files (x86)\Keyboard & Mouse Driver\KMWDSrv.exe [2007-04-05 208896]
S2 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\OpenVPN Client\core\capiws.exe [2010-08-12 24064]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe [2011-01-12 1403200]
S3 RRNetCapMP;RRNetCapMP;c:\windows\system32\DRIVERS\rrnetcap.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys [2010-02-24 11856]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-14 07:51]
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-14 07:51]
.
2012-02-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1931242635-1971727323-3307929102-1001Core.job
- c:\users\NB\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-07 16:36]
.
2012-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1931242635-1971727323-3307929102-1001UA.job
- c:\users\NB\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-07 16:36]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2008-10-31 6847008]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-10-31 1833504]
"Logitech Download Assistant"="c:\windows\system32\rundll32.exe" [2009-07-14 45568]
"combofix"="c:\combofix\CF451.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: hotmail.com\www
Trusted Zone: live.com\login
Trusted Zone: msn.com\www
Trusted Zone: passport.com\www
Trusted Zone: spielesite.com\www
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\NB\AppData\Roaming\Mozilla\Firefox\Profiles\cz8j6yox.default\
.
"ImagePath"="%SystemRoot%\System32\alg.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\alg.exe            pid: 1568     3C: C:]
--
"ImagePath"="%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\conhost.exe        pid: 2396     24: C:]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\conhost.exe        pid: 5040     24: C:]
--
"ImagePath"="\SystemRoot\system32\DRIVERS\lsi_scsi.sys"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\lsm.exe            pid: 560     260: C:]
--
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\sidebar.exe        pid: 2960     DC: C:]
--
"ImagePath"="%systemroot%\system32\wbem\WmiApSrv.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wmpnetwk.exe       pid: 3596     3C: C:]
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-13  18:15:28 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-13 17:15
.
Vor Suchlauf: 13 Verzeichnis(se), 368.595.943.424 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 367.892.606.976 Bytes frei
.
- - End Of File - - E5534167E92C6299AB387E64F7032570

--- --- ---