Smart Defragmenter

cosinus · 05.04.2012, 19:24

Machen wir erstmal weiter.

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

lin.x · 07.04.2012, 17:31

Entschuldige bitte die Verzögerung. Ich hab in den letzten Tagen mehrmals versucht OTL zum laufen zu bringen, leider hängt sich das Programm aber immer auf. Am Anfang funktioniert der Prozess und dann bei "Scanning Firefox" bleibt er stecken. Ich kann nicht mehr im Fenster navigieren, oben erscheint "Keine Rückmeldung" und ich kann OTL nur noch über den task manager beenden.

Irgendwelche Ideen dazu?
(Ich hab eigentlich alle Programme ausgeschalten.)

Lg,
lin.x

cosinus · 07.04.2012, 18:40

Haste es im abgesicherten Modus probiert?

lin.x · 07.04.2012, 20:39

danke, so hats geklappt. viele sachen klingen sehr dubios, aber ich kenn mich da ja nicht aus...
(beispielsweise die ganzen dubiosen seiten unter "hosts file"?)

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 07.04.2012 20:16:08 - Run 1
OTL by OldTimer - Version 3.2.39.2     Folder = C:\Users\xxx\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 7.0.6002.18005)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,96 Gb Total Physical Memory | 2,56 Gb Available Physical Memory | 86,29% Memory free
7,75 Gb Paging File | 7,53 Gb Available in Paging File | 97,14% Paging File free
Paging file location(s): c:\pagefile.sys 5000 5000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 218,20 Gb Total Space | 43,87 Gb Free Space | 20,10% Space Free | Partition Type: NTFS
Drive E: | 14,65 Gb Total Space | 6,87 Gb Free Space | 46,91% Space Free | Partition Type: NTFS
 
Computer Name: xxx-NOTEBOOK | User Name: xxx| Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.04.05 21:52:38 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
PRC - [2012.01.03 09:19:16 | 000,016,824 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.01.03 23:52:52 | 007,581,696 | ---- | M] () -- c:\Programme\Adobe\Reader 9.0\Reader\RdLang32.DEU
MOD - [2012.01.03 10:45:08 | 000,016,832 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll
MOD - [2009.02.27 13:52:56 | 000,258,048 | ---- | M] () -- C:\Programme\Adobe\Reader 9.0\Reader\sqlite.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.04.05 10:22:42 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.03.07 02:15:14 | 000,044,768 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010.09.02 08:48:08 | 000,135,168 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\ChgService.exe -- (Change Modem Device Service)
SRV - [2009.07.05 20:40:21 | 000,016,680 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [On_Demand | Stopped] -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe -- (GoToAssist)
SRV - [2009.03.31 17:00:18 | 000,254,042 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\stacsv.exe -- (STacSV)
SRV - [2009.03.31 17:00:04 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\AEstSrv.exe -- (AESTFilters)
SRV - [2009.01.30 07:50:06 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Stopped] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_DellSupportCenter) SupportSoft Sprocket Service (DellSupportCenter)
SRV - [2008.12.18 20:05:28 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Stopped] -- C:\Programme\Dell\DellDock\DockLogin.exe -- (DockLoginService)
SRV - [2008.05.08 00:41:14 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.03.07 02:03:51 | 000,612,184 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012.03.07 02:03:38 | 000,337,880 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012.03.07 02:02:00 | 000,035,672 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012.03.07 02:01:53 | 000,053,848 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012.03.07 02:01:48 | 000,057,688 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012.03.07 02:01:30 | 000,020,696 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011.12.10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011.01.24 08:13:09 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2010.09.02 08:48:06 | 000,103,424 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\cmnsusbser.sys -- (cmnsusbser)
DRV - [2010.08.21 23:33:04 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2010.07.14 23:13:56 | 000,101,632 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2009.06.03 01:57:34 | 000,483,200 | ---- | M] (ITETech                  ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2009.03.31 17:00:26 | 000,398,336 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.03.31 16:18:30 | 000,192,048 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2009.03.19 18:02:00 | 000,271,552 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA009Vid.sys -- (OA009Vid)
DRV - [2009.03.06 08:30:08 | 000,133,632 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\OA009Ufd.sys -- (OA009Ufd)
DRV - [2008.12.31 04:00:04 | 000,144,128 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2008.12.21 20:32:18 | 000,018,424 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm42rly.sys -- (BCM42RLY)
DRV - [2008.11.05 01:16:40 | 000,022,904 | ---- | M] (PC-Doctor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Programme\Dell Support Center\HWDiag\bin\pcd5srvc.pkms -- (PCD5SRVC{3F6A8B78-EC003E00-05040104})
DRV - [2008.01.21 04:23:25 | 000,220,672 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) Intel(R)
DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300)
DRV - [2002.07.17 16:20:32 | 000,084,832 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ASPI32.SYS -- (ASPI)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=at&l=de&s=gen
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3542708398-1156162869-4016524895-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www1.euro.dell.com/content/default.aspx?c=at&l=de&s=gen
IE - HKU\S-1-5-21-3542708398-1156162869-4016524895-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
IE - HKU\S-1-5-21-3542708398-1156162869-4016524895-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-3542708398-1156162869-4016524895-1000\..\SearchScopes,DefaultScope = {0D7562AE-8EF6-416d-A838-AB665251703A}
IE - HKU\S-1-5-21-3542708398-1156162869-4016524895-1000\..\SearchScopes\Google.de: "URL" = hxxp://www.google.de/search?hl=de&q={searchTerms}
IE - HKU\S-1-5-21-3542708398-1156162869-4016524895-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.at/"
FF - prefs.js..extensions.enabledItems: {53A03D43-5363-4669-8190-99061B2DEBA5}:1.3.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: webmaster@keep-tube.com:1.2
FF - prefs.js..network.proxy.type: 0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_228.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.03.24 16:27:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.20 15:51:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.14 19:25:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.02.29 09:36:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2012.02.14 19:25:08 | 000,000,000 | ---D | M]
 
[2010.11.28 02:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions
[2010.11.28 02:03:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.04.04 11:14:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\hcby53ez.default\extensions
[2012.01.16 11:15:34 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\hcby53ez.default\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2012.04.02 13:56:25 | 000,000,000 | ---D | M] (WOT) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\hcby53ez.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2010.08.26 16:43:03 | 000,000,000 | ---D | M] (Keep Tube Downloader) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\hcby53ez.default\extensions\webmaster@keep-tube.com
[2011.05.02 05:19:44 | 000,002,289 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\hcby53ez.default\searchplugins\ecosia.xml
[2012.04.02 13:56:53 | 000,002,112 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\hcby53ez.default\searchplugins\wot-safe-search.xml
[2011.11.23 14:49:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
() (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\EXTENSIONS\{53A03D43-5363-4669-8190-99061B2DEBA5}.XPI
() (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\EXTENSIONS\CONTEXTMENUEXTENSION@LEO.ORG.XPI
() (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\EXTENSIONS\SHAREMENOT@FRANZIROESNER.COM.XPI
() (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\EXTENSIONS\SOCIALFIXER@MATTKRUSE.COM.XPI
[2012.03.20 15:51:54 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.03 23:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006.09.26 13:03:14 | 000,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2012.02.11 14:38:44 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.11 14:38:44 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.11 14:38:44 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.11 14:38:44 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.11 14:38:44 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.11 14:38:44 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.09.30 14:49:30 | 000,437,632 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 15054 more lines...
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk = C:\Programme\Dell\DellDock\DellDock.exe (Stardock Corporation)
O4 - Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - Reg Error: Key error. File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3542708398-1156162869-4016524895-1000\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{77DDFD15-5F32-41E9-B841-8289AAE4EBE8}: DhcpNameServer = 172.31.4.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C281DDA3-1EB1-4078-A2D7-2963FDC7777E}: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml - No CLSID value found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - (C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll) - C:\Programme\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Users\xxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\xxx\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{01864d73-ad6c-11df-9c06-0025643e9ca4}\Shell - "" = AutoRun
O33 - MountPoints2\{01864d73-ad6c-11df-9c06-0025643e9ca4}\Shell\AutoRun\command - "" = D:\Launch.exe
O33 - MountPoints2\{2e896abd-7883-11de-bdfe-0025643e9ca4}\Shell - "" = AutoRun
O33 - MountPoints2\{2e896abd-7883-11de-bdfe-0025643e9ca4}\Shell\AutoRun\command - "" = D:\Install.exe
O33 - MountPoints2\{2e896ae4-7883-11de-bdfe-0025643e9ca4}\Shell - "" = AutoRun
O33 - MountPoints2\{2e896ae4-7883-11de-bdfe-0025643e9ca4}\Shell\AutoRun\command - "" = D:\Install.exe
O33 - MountPoints2\{776b80f8-8f25-11df-b609-0025643e9ca4}\Shell - "" = AutoRun
O33 - MountPoints2\{776b80f8-8f25-11df-b609-0025643e9ca4}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{776b8113-8f25-11df-b609-0025643e9ca4}\Shell - "" = AutoRun
O33 - MountPoints2\{776b8113-8f25-11df-b609-0025643e9ca4}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{7ad54133-36c5-11e0-9b96-0025643e9ca4}\Shell - "" = AutoRun
O33 - MountPoints2\{7ad54133-36c5-11e0-9b96-0025643e9ca4}\Shell\AutoRun\command - "" = G:\.\ShowModem.exe
O33 - MountPoints2\{89a52340-91a0-11df-b343-0025643e9ca4}\Shell - "" = AutoRun
O33 - MountPoints2\{89a52340-91a0-11df-b343-0025643e9ca4}\Shell\AutoRun\command - "" = D:\Install.exe
O33 - MountPoints2\{92fc3e7a-5ff7-11e0-bdec-00225fbe67d4}\Shell - "" = AutoRun
O33 - MountPoints2\{92fc3e7a-5ff7-11e0-bdec-00225fbe67d4}\Shell\AutoRun\command - "" = H:\Install.exe
O33 - MountPoints2\{d11e3608-901f-11df-b2e2-0025643e9ca4}\Shell - "" = AutoRun
O33 - MountPoints2\{d11e3608-901f-11df-b2e2-0025643e9ca4}\Shell\AutoRun\command - "" = D:\Install.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk -  - File not found
MsConfig - StartUpFolder: C:^Users^xxx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk - C:\Programme\Dell\DellDock\DellDock.exe - (Stardock Corporation)
MsConfig - StartUpFolder: C:^Users^xxx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk - C:\Programme\OpenOffice.org 3\program\quickstart.exe - ()
MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
MsConfig - StartUpReg: dellsupportcenter - hkey= - key= - C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
MsConfig - StartUpReg: DivXUpdate - hkey= - key= -  File not found
MsConfig - StartUpReg: FlashPlayerUpdate - hkey= - key= -  File not found
MsConfig - StartUpReg: Goodnight Timer - hkey= - key= -  File not found
MsConfig - StartUpReg: PDFPrint - hkey= - key= - C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
MsConfig - StartUpReg: QuickSet - hkey= - key= - C:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.)
MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig - StartUpReg: UIExec - hkey= - key= -  File not found
MsConfig - StartUpReg: WinampAgent - hkey= - key= -  File not found
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
MsConfig - StartUpReg: Xvid - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
MsConfig - State: "services" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: MCODS - Reg Error: Value error.
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: GoToAssist - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SafeBootNet: HelpSvc - Service
SafeBootNet: MCODS - Reg Error: Value error.
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.VP60 - C:\Windows\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\System32\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Error creating restore point.
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.04.05 21:29:31 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2012.04.05 00:31:54 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.04.03 23:09:10 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Dell WebCam Central
[2012.04.02 16:07:42 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2012.04.02 13:30:59 | 000,389,024 | ---- | C] (Bleeping Computer, LLC) -- C:\Users\xxx\Desktop\unhide.exe
[2012.04.02 11:00:36 | 000,000,000 | R--D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2012.04.01 21:28:21 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes
[2012.04.01 21:27:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.01 21:27:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.01 21:27:51 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.04.01 21:27:51 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.01 21:20:28 | 000,000,000 | ---D | C] -- C:\avast! sandbox
[2012.04.01 21:06:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SMART HDD
[2012.04.01 11:58:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\PDF24
[2012.04.01 11:58:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012.04.01 11:58:03 | 000,000,000 | ---D | C] -- C:\Program Files\PDF24
[2012.03.30 21:23:14 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\vlc
[2012.03.30 21:22:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.03.30 19:49:36 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Tor Browser
[2012.03.26 11:16:44 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Google
[2012.03.26 11:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\Google
 
========== Files - Modified Within 30 Days ==========
 
[2012.04.07 20:19:40 | 000,617,456 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.04.07 20:19:40 | 000,586,568 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.04.07 20:19:40 | 000,122,258 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.04.07 20:19:40 | 000,100,640 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.04.07 20:15:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.04.07 20:10:44 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.04.07 20:10:30 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.07 20:10:30 | 000,003,616 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.07 20:05:13 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.07 20:03:48 | 000,001,167 | ---- | M] () -- C:\Users\xxx\Desktop\otlcopy.rtf
[2012.04.07 20:00:30 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E5908986-8A3F-4220-B0C8-45998620A305}.job
[2012.04.07 19:28:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.04.06 16:38:28 | 000,486,859 | ---- | M] () -- C:\Users\xxx\Desktop\nfpkurs.pdf
[2012.04.05 21:52:38 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2012.04.05 11:13:21 | 000,010,752 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.04 01:38:05 | 000,002,907 | ---- | M] () -- C:\Users\xxx\Desktop\Syntagma.rtf
[2012.04.03 15:29:50 | 000,000,513 | ---- | M] () -- C:\Users\xxx\Desktop\Desktop anzeigen - Verknüpfung.lnk
[2012.04.03 14:34:38 | 000,002,617 | ---- | M] () -- C:\Users\xxx\Desktop\Dokument.rtf
[2012.04.03 01:11:51 | 000,001,330 | ---- | M] () -- C:\Users\xxx\Desktop\eisen.rtf
[2012.04.02 13:31:01 | 000,389,024 | ---- | M] (Bleeping Computer, LLC) -- C:\Users\xxx\Desktop\unhide.exe
[2012.04.02 12:17:44 | 000,008,521 | ---- | M] () -- C:\Users\xxx\Desktop\gmer_an.zip
[2012.04.02 10:56:11 | 000,000,020 | ---- | M] () -- C:\Users\xxx\defogger_reenable
[2012.04.01 21:27:53 | 000,000,908 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.01 21:12:20 | 000,000,256 | ---- | M] () -- C:\ProgramData\tbEDQ75VFH2EJb
[2012.04.01 14:52:08 | 000,005,722 | ---- | M] () -- C:\Users\xxx\Documents\TXCUserDictionary.dic
[2012.04.01 11:58:10 | 000,001,655 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.03.29 09:44:12 | 000,376,919 | ---- | M] () -- C:\Users\xxx\Desktop\HackerCracker_eng.pdf
[2012.03.28 19:11:01 | 000,284,285 | ---- | M] () -- C:\Users\xxx\Desktop\CONF_2011_Vatikiotis_Kosmas.pdf
[2012.03.28 19:10:09 | 000,151,973 | ---- | M] () -- C:\Users\xxx\Desktop\WP262.pdf
[2012.03.28 16:08:57 | 002,021,671 | ---- | M] () -- C:\Users\xxx\Desktop\Broschur_Griechen2_dt_1203.pdf
[2012.03.26 22:44:57 | 000,018,644 | ---- | M] () -- C:\Users\xxx\Documents\Unbenannt 3.odt
[2012.03.26 17:18:20 | 000,000,289 | ---- | M] () -- C:\Windows\WININIT.INI
[2012.03.25 23:04:06 | 000,006,080 | ---- | M] () -- C:\Users\xxx\AppData\Local\d3d9caps.dat
[2012.03.25 22:08:02 | 000,009,139 | ---- | M] () -- C:\Users\xxx\Desktop\food.odt
[2012.03.24 16:27:24 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012.03.15 09:24:46 | 000,317,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2012.04.07 20:03:47 | 000,001,167 | ---- | C] () -- C:\Users\xxx\Desktop\otlcopy.rtf
[2012.04.06 16:38:28 | 000,486,859 | ---- | C] () -- C:\Users\xxx\Desktop\nfpkurs.pdf
[2012.04.05 19:15:07 | 000,001,655 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.04.05 10:22:42 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.04.04 01:38:05 | 000,002,907 | ---- | C] () -- C:\Users\xxx\Desktop\Syntagma.rtf
[2012.04.03 15:29:50 | 000,000,513 | ---- | C] () -- C:\Users\xxx\Desktop\Desktop anzeigen - Verknüpfung.lnk
[2012.04.03 00:44:20 | 000,001,330 | ---- | C] () -- C:\Users\xxx\Desktop\eisen.rtf
[2012.04.02 12:17:44 | 000,008,521 | ---- | C] () -- C:\Users\xxx\Desktop\gmer_an.zip
[2012.04.02 10:55:56 | 000,000,020 | ---- | C] () -- C:\Users\xxx\defogger_reenable
[2012.04.01 21:27:53 | 000,000,908 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.04.01 21:05:58 | 000,000,256 | ---- | C] () -- C:\ProgramData\tbEDQ75VFH2EJb
[2012.03.29 09:44:12 | 000,376,919 | ---- | C] () -- C:\Users\xxx\Desktop\HackerCracker_eng.pdf
[2012.03.28 19:11:01 | 000,284,285 | ---- | C] () -- C:\Users\xxx\Desktop\CONF_2011_Vatikiotis_Kosmas.pdf
[2012.03.28 19:10:09 | 000,151,973 | ---- | C] () -- C:\Users\xxx\Desktop\WP262.pdf
[2012.03.28 16:08:57 | 002,021,671 | ---- | C] () -- C:\Users\xxx\Desktop\Broschur_Griechen2_dt_1203.pdf
[2012.03.26 22:44:55 | 000,018,644 | ---- | C] () -- C:\Users\xxx\Documents\Unbenannt 3.odt
[2012.03.26 11:17:11 | 000,001,094 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.03.26 11:17:11 | 000,001,090 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.03.25 21:59:36 | 000,009,139 | ---- | C] () -- C:\Users\xxx\Desktop\food.odt
[2011.12.12 23:37:33 | 000,005,060 | ---- | C] () -- C:\ProgramData\ndhlopzv.syn
[2011.09.30 14:43:44 | 000,000,289 | ---- | C] () -- C:\Windows\WININIT.INI
[2011.09.29 16:12:52 | 000,255,531 | ---- | C] () -- C:\Users\xxx\AppData\Local\census.cache
[2011.09.29 16:12:24 | 000,164,557 | ---- | C] () -- C:\Users\xxx\AppData\Local\ars.cache
[2011.09.29 15:50:13 | 000,000,036 | ---- | C] () -- C:\Users\xxx\AppData\Local\housecall.guid.cache
[2011.06.15 10:20:52 | 000,105,240 | ---- | C] () -- C:\Windows\System32\RSTCoin.dll
[2011.02.12 18:33:40 | 000,135,168 | ---- | C] () -- C:\Windows\System32\ChgService.exe
[2011.01.27 09:33:22 | 000,026,624 | ---- | C] () -- C:\Windows\System32\ssb7mlm.dll
[2011.01.11 21:44:11 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2010.08.21 23:45:38 | 000,000,533 | ---- | C] () -- C:\Windows\eReg.dat
[2010.06.15 17:50:31 | 000,000,017 | ---- | C] () -- C:\Windows\popcinfo.dat
 
========== LOP Check ==========
 
[2010.04.07 23:38:58 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ahnenblatt
[2009.12.27 21:24:15 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Auslogics
[2011.05.09 11:41:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DAEMON Tools
[2011.10.18 16:26:14 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DAEMON Tools Lite
[2011.05.09 11:41:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DAEMON Tools Pro
[2011.12.28 00:18:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DBC2F6FD-3140-41E0-A2A1-D6BAB77D5E21__F893F7CA-8278-41DF-A76F-CAF0437A90CD__
[2012.04.07 20:11:53 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Dropbox
[2009.11.04 19:43:58 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Elluminate
[2011.02.21 03:03:45 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\EndNote
[2011.01.12 18:41:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Freeze Tag
[2011.10.18 19:17:49 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\gourmet
[2011.10.18 18:47:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\gtk-2.0
[2012.01.19 01:51:42 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\JabRef 2.7.2
[2012.01.28 20:01:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Mp3tag
[2009.07.13 13:44:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OpenOffice.org
[2009.09.24 20:59:28 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Participatory Culture Foundation
[2011.04.29 13:44:05 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PCDr
[2010.02.18 23:02:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PCF-VLC
[2011.01.02 15:35:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PlayFirst
[2011.09.29 15:40:14 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\QuickScan
[2011.10.18 16:20:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\softsentials
[2010.11.28 02:03:20 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Thunderbird
[2011.09.30 14:52:47 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TuneUp Software
[2011.10.18 22:30:09 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\URSoft
[2012.04.04 22:19:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\uTorrent
[2011.10.18 17:21:58 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Yiola
[2012.04.07 20:14:31 | 000,032,536 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.04.07 20:00:30 | 000,000,416 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E5908986-8A3F-4220-B0C8-45998620A305}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.07.15 09:27:53 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Adobe
[2010.04.07 23:38:58 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ahnenblatt
[2012.02.14 19:30:09 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Apple Computer
[2009.12.27 21:24:15 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Auslogics
[2009.09.25 17:43:35 | 000,000,000 | R--D | M] -- C:\Users\xxx\AppData\Roaming\Brother
[2009.07.24 17:36:42 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Creative
[2011.05.09 11:41:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DAEMON Tools
[2011.10.18 16:26:14 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DAEMON Tools Lite
[2011.05.09 11:41:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DAEMON Tools Pro
[2011.12.28 00:18:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DBC2F6FD-3140-41E0-A2A1-D6BAB77D5E21__F893F7CA-8278-41DF-A76F-CAF0437A90CD__
[2009.07.13 13:24:02 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Dell
[2012.04.07 20:11:53 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Dropbox
[2009.11.04 19:43:58 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Elluminate
[2011.02.21 03:03:45 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\EndNote
[2011.01.12 18:41:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Freeze Tag
[2011.10.18 19:17:49 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\gourmet
[2011.10.18 18:47:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\gtk-2.0
[2010.06.15 16:35:59 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Identities
[2012.01.19 01:51:42 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\JabRef 2.7.2
[2011.04.09 15:14:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Macromedia
[2012.04.01 21:28:21 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Media Center Programs
[2011.09.30 16:53:55 | 000,000,000 | --SD | M] -- C:\Users\xxx\AppData\Roaming\Microsoft
[2011.12.30 18:59:59 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\MiKTeX
[2009.07.24 21:14:11 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Mozilla
[2012.01.28 20:01:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Mp3tag
[2009.07.13 13:44:10 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\OpenOffice.org
[2009.09.24 20:59:28 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Participatory Culture Foundation
[2011.04.29 13:44:05 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PCDr
[2010.02.18 23:02:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PCF-VLC
[2011.01.02 15:35:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\PlayFirst
[2011.09.29 15:40:14 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\QuickScan
[2009.07.13 23:20:36 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Reallusion
[2011.01.08 04:47:46 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Realore_Whiterra Roads Of Rome 2
[2010.12.04 00:13:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Roxio
[2012.04.07 01:04:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Skype
[2011.06.13 06:57:46 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\skypePM
[2011.10.18 16:20:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\softsentials
[2010.11.28 02:03:20 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Thunderbird
[2011.09.30 14:52:47 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TuneUp Software
[2011.10.18 22:30:09 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\URSoft
[2012.04.04 22:19:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\uTorrent
[2012.04.07 19:57:39 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\vlc
[2012.04.03 23:58:41 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Winamp
[2009.09.25 17:20:53 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\WinRAR
[2011.10.18 17:21:58 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Yiola
 
< %APPDATA%\*.exe /s >
[2009.08.31 11:04:19 | 008,270,752 | ---- | M] (Dell, Inc.                                                   ) -- C:\Users\xxx\AppData\Roaming\DataSafeDotNet.exe
[2010.04.07 23:35:22 | 000,706,630 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\Ahnenblatt\unins000.exe
[2012.02.15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.02.15 01:03:44 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\xxx\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2011.11.01 21:27:06 | 000,048,969 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\JabRef 2.7.2\JabRef.exe
[2012.01.19 01:51:42 | 000,062,542 | ---- | M] (JabRef Team) -- C:\Users\xxx\AppData\Roaming\JabRef 2.7.2\uninstall.exe
[2010.08.26 20:30:46 | 000,010,134 | R--- | M] () -- C:\Users\xxx\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2011.08.19 16:12:54 | 002,771,456 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\MiKTeX\2.9\miktex\bin\miktex-taskbar-icon.exe
[2011.08.19 16:12:54 | 002,771,456 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\MiKTeX\2.9\miktex\bin\miktex-update.exe
[2011.08.19 16:12:59 | 002,771,456 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\MiKTeX\2.9\miktex\bin\miktex-update_admin.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.29 00:20:55 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\drivers\atapi.sys
[2009.04.29 00:20:55 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2009.04.29 00:20:55 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2009.04.29 00:20:55 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2008.05.08 00:40:38 | 000,395,288 | ---- | M] (Intel Corporation) MD5=07FB761600EFF44AF02C35B8B57E5863 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2011.06.15 10:00:28 | 000,461,080 | ---- | M] (Intel Corporation) MD5=4B80B97CBF0782B3BB3057F88D42C367 -- C:\Windows\System32\drivers\iaStor.sys
[2011.06.15 10:00:28 | 000,461,080 | ---- | M] (Intel Corporation) MD5=4B80B97CBF0782B3BB3057F88D42C367 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_802e0f1c\iaStor.sys
[2008.08.31 20:15:54 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Drivers\storage\R197861\IaStor.sys
[2008.05.08 00:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2008.05.08 00:40:02 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1ab0331f\iaStor.sys
[2008.08.31 20:15:54 | 000,317,976 | ---- | M] (Intel Corporation) MD5=80C633722DA72E97F3F5B3B11325696D -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_8e717be2\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\xxx\AppData\Local\Temp\RarSFX1\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\xxx\AppData\Local\Temp\RarSFX2\userinit.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\xxx\AppData\Local\Temp\RarSFX3\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\xxx\AppData\Local\Temp\RarSFX1\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\xxx\AppData\Local\Temp\RarSFX2\winlogon.exe
[2009.05.26 18:47:22 | 000,031,232 | ---- | M] (NirSoft) MD5=AC6094297CD882B8626466CDEB64F19F -- C:\Users\xxx\AppData\Local\Temp\RarSFX3\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E5BA9ADD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:1F96ED45

< End of report >

--- --- ---

cosinus · 08.04.2012, 16:17

Die Einträge bei hosts kommen von Spybot durch die Immunisierung...ich mach sowas lieber über das Hosts File von MVPS (mehr dazu später)

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

ATTFilter

:OTL
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{01864d73-ad6c-11df-9c06-0025643e9ca4}\Shell - "" = AutoRun
O33 - MountPoints2\{01864d73-ad6c-11df-9c06-0025643e9ca4}\Shell\AutoRun\command - "" = D:\Launch.exe
O33 - MountPoints2\{2e896abd-7883-11de-bdfe-0025643e9ca4}\Shell - "" = AutoRun
O33 - MountPoints2\{2e896abd-7883-11de-bdfe-0025643e9ca4}\Shell\AutoRun\command - "" = D:\Install.exe
O33 - MountPoints2\{2e896ae4-7883-11de-bdfe-0025643e9ca4}\Shell - "" = AutoRun
O33 - MountPoints2\{2e896ae4-7883-11de-bdfe-0025643e9ca4}\Shell\AutoRun\command - "" = D:\Install.exe
O33 - MountPoints2\{776b80f8-8f25-11df-b609-0025643e9ca4}\Shell - "" = AutoRun
O33 - MountPoints2\{776b80f8-8f25-11df-b609-0025643e9ca4}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{776b8113-8f25-11df-b609-0025643e9ca4}\Shell - "" = AutoRun
O33 - MountPoints2\{776b8113-8f25-11df-b609-0025643e9ca4}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{7ad54133-36c5-11e0-9b96-0025643e9ca4}\Shell - "" = AutoRun
O33 - MountPoints2\{7ad54133-36c5-11e0-9b96-0025643e9ca4}\Shell\AutoRun\command - "" = G:\.\ShowModem.exe
O33 - MountPoints2\{89a52340-91a0-11df-b343-0025643e9ca4}\Shell - "" = AutoRun
O33 - MountPoints2\{89a52340-91a0-11df-b343-0025643e9ca4}\Shell\AutoRun\command - "" = D:\Install.exe
O33 - MountPoints2\{92fc3e7a-5ff7-11e0-bdec-00225fbe67d4}\Shell - "" = AutoRun
O33 - MountPoints2\{92fc3e7a-5ff7-11e0-bdec-00225fbe67d4}\Shell\AutoRun\command - "" = H:\Install.exe
O33 - MountPoints2\{d11e3608-901f-11df-b2e2-0025643e9ca4}\Shell - "" = AutoRun
O33 - MountPoints2\{d11e3608-901f-11df-b2e2-0025643e9ca4}\Shell\AutoRun\command - "" = D:\Install.exe
[2011.12.12 23:37:33 | 000,005,060 | ---- | C] () -- C:\ProgramData\ndhlopzv.syn
[2011.10.18 17:21:58 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Yiola
@Alternate Data Stream - 971 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD
@Alternate Data Stream - 94 bytes -> C:\ProgramData\TEMP:1CE11B51
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:E5BA9ADD
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:1F96ED45
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

lin.x · 08.04.2012, 16:59

beim ersten versuch normal + im abgesicherten modus ist otl wieder stecken geblieben, beim 3. im abgesicherten hats dann geklappt und der pc wurde selbstständig neugestartet.

log:

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
File C:\autoexec.bat not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01864d73-ad6c-11df-9c06-0025643e9ca4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01864d73-ad6c-11df-9c06-0025643e9ca4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01864d73-ad6c-11df-9c06-0025643e9ca4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{01864d73-ad6c-11df-9c06-0025643e9ca4}\ not found.
File D:\Launch.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e896abd-7883-11de-bdfe-0025643e9ca4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e896abd-7883-11de-bdfe-0025643e9ca4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e896abd-7883-11de-bdfe-0025643e9ca4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e896abd-7883-11de-bdfe-0025643e9ca4}\ not found.
File D:\Install.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e896ae4-7883-11de-bdfe-0025643e9ca4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e896ae4-7883-11de-bdfe-0025643e9ca4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2e896ae4-7883-11de-bdfe-0025643e9ca4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2e896ae4-7883-11de-bdfe-0025643e9ca4}\ not found.
File D:\Install.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{776b80f8-8f25-11df-b609-0025643e9ca4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{776b80f8-8f25-11df-b609-0025643e9ca4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{776b80f8-8f25-11df-b609-0025643e9ca4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{776b80f8-8f25-11df-b609-0025643e9ca4}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{776b8113-8f25-11df-b609-0025643e9ca4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{776b8113-8f25-11df-b609-0025643e9ca4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{776b8113-8f25-11df-b609-0025643e9ca4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{776b8113-8f25-11df-b609-0025643e9ca4}\ not found.
File D:\AutoRun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ad54133-36c5-11e0-9b96-0025643e9ca4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ad54133-36c5-11e0-9b96-0025643e9ca4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{7ad54133-36c5-11e0-9b96-0025643e9ca4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7ad54133-36c5-11e0-9b96-0025643e9ca4}\ not found.
File G:\.\ShowModem.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89a52340-91a0-11df-b343-0025643e9ca4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89a52340-91a0-11df-b343-0025643e9ca4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{89a52340-91a0-11df-b343-0025643e9ca4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{89a52340-91a0-11df-b343-0025643e9ca4}\ not found.
File D:\Install.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92fc3e7a-5ff7-11e0-bdec-00225fbe67d4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92fc3e7a-5ff7-11e0-bdec-00225fbe67d4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{92fc3e7a-5ff7-11e0-bdec-00225fbe67d4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92fc3e7a-5ff7-11e0-bdec-00225fbe67d4}\ not found.
File H:\Install.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d11e3608-901f-11df-b2e2-0025643e9ca4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d11e3608-901f-11df-b2e2-0025643e9ca4}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{d11e3608-901f-11df-b2e2-0025643e9ca4}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d11e3608-901f-11df-b2e2-0025643e9ca4}\ not found.
File D:\Install.exe not found.
File C:\ProgramData\ndhlopzv.syn not found.
Folder C:\Users\xxx\AppData\Roaming\Yiola\ not found.
Unable to delete ADS C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD .
Unable to delete ADS C:\ProgramData\TEMP:1CE11B51 .
Unable to delete ADS C:\ProgramData\TEMP:E5BA9ADD .
Unable to delete ADS C:\ProgramData\TEMP:1F96ED45 .
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: xxx
->Temp folder emptied: 9547291 bytes
->Temporary Internet Files folder emptied: 2760088 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 397903737 bytes
->Flash cache emptied: 5569 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 9973858 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 401,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: xxx
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.39.2 log created on 04082012_175251

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

lg,
lin.x

cosinus · 08.04.2012, 17:17

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

lin.x · 08.04.2012, 17:25

Bittesehr, Log:

Code:

ATTFilter

18:21:29.0508 3220	TDSS rootkit removing tool 2.7.26.0 Apr  4 2012 19:52:02
18:21:29.0572 3220	============================================================
18:21:29.0572 3220	Current date / time: 2012/04/08 18:21:29.0572
18:21:29.0572 3220	SystemInfo:
18:21:29.0572 3220	
18:21:29.0572 3220	OS Version: 6.0.6002 ServicePack: 2.0
18:21:29.0572 3220	Product type: Workstation
18:21:29.0572 3220	ComputerName: xxx-NOTEBOOK
18:21:29.0573 3220	UserName: xxx
18:21:29.0573 3220	Windows directory: C:\Windows
18:21:29.0573 3220	System windows directory: C:\Windows
18:21:29.0573 3220	Processor architecture: Intel x86
18:21:29.0573 3220	Number of processors: 2
18:21:29.0573 3220	Page size: 0x1000
18:21:29.0573 3220	Boot type: Normal boot
18:21:29.0573 3220	============================================================
18:21:30.0006 3220	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:21:30.0008 3220	\Device\Harddisk0\DR0:
18:21:30.0009 3220	MBR used
18:21:30.0009 3220	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x14000, BlocksNum 0x1D4C000
18:21:30.0009 3220	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1D60000, BlocksNum 0x1B465170
18:21:30.0103 3220	Initialize success
18:21:30.0103 3220	============================================================
18:21:56.0190 1656	============================================================
18:21:56.0190 1656	Scan started
18:21:56.0190 1656	Mode: Manual; SigCheck; TDLFS; 
18:21:56.0190 1656	============================================================
18:21:56.0736 1656	ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
18:21:56.0860 1656	ACPI - ok
18:21:57.0063 1656	AdobeFlashPlayerUpdateSvc (0d4c486a24a711a45fd83acdf4d18506) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:21:57.0079 1656	AdobeFlashPlayerUpdateSvc - ok
18:21:57.0250 1656	adp94xx         (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
18:21:57.0297 1656	adp94xx - ok
18:21:57.0422 1656	adpahci         (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
18:21:57.0438 1656	adpahci - ok
18:21:57.0500 1656	adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
18:21:57.0516 1656	adpu160m - ok
18:21:57.0562 1656	adpu320         (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
18:21:57.0578 1656	adpu320 - ok
18:21:57.0625 1656	AeLookupSvc     (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
18:21:57.0781 1656	AeLookupSvc - ok
18:21:57.0937 1656	AESTFilters     (827dbc22c96eecf6d36a13162fabafd3) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe
18:21:58.0030 1656	AESTFilters - ok
18:21:58.0186 1656	AF15BDA         (e3f08935158038d385ad382442f4bb2d) C:\Windows\system32\DRIVERS\AF15BDA.sys
18:21:58.0280 1656	AF15BDA - ok
18:21:58.0358 1656	AFD             (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
18:21:58.0436 1656	AFD - ok
18:21:58.0545 1656	agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
18:21:58.0561 1656	agp440 - ok
18:21:58.0732 1656	aic78xx         (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
18:21:58.0748 1656	aic78xx - ok
18:21:58.0873 1656	ALG             (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
18:21:59.0076 1656	ALG - ok
18:21:59.0169 1656	aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
18:21:59.0185 1656	aliide - ok
18:21:59.0216 1656	amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
18:21:59.0232 1656	amdagp - ok
18:21:59.0263 1656	amdide          (9b78a39a4c173fdbc1321e0dd659b34c) C:\Windows\system32\drivers\amdide.sys
18:21:59.0278 1656	amdide - ok
18:21:59.0294 1656	AmdK7           (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
18:21:59.0341 1656	AmdK7 - ok
18:21:59.0481 1656	AmdK8           (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
18:21:59.0528 1656	AmdK8 - ok
18:21:59.0793 1656	ApfiltrService  (5bffa4db168d2d0f99c182732535e82f) C:\Windows\system32\DRIVERS\Apfiltr.sys
18:21:59.0824 1656	ApfiltrService - ok
18:21:59.0949 1656	Appinfo         (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
18:22:00.0027 1656	Appinfo - ok
18:22:00.0214 1656	arc             (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
18:22:00.0230 1656	arc - ok
18:22:00.0308 1656	arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
18:22:00.0324 1656	arcsas - ok
18:22:00.0370 1656	ASPI            (e54e27976e2c5a6465d44c10b1d87ac0) C:\Windows\System32\DRIVERS\ASPI32.sys
18:22:00.0402 1656	ASPI ( UnsignedFile.Multi.Generic ) - warning
18:22:00.0402 1656	ASPI - detected UnsignedFile.Multi.Generic (1)
18:22:00.0480 1656	aswFsBlk        (0ae43c6c411254049279c2ee55630f95) C:\Windows\system32\drivers\aswFsBlk.sys
18:22:00.0495 1656	aswFsBlk - ok
18:22:00.0558 1656	aswMonFlt       (6693141560b1615d8dccf0d8eb00087e) C:\Windows\system32\drivers\aswMonFlt.sys
18:22:00.0573 1656	aswMonFlt - ok
18:22:00.0604 1656	aswRdr          (da12626fd9a67f4e917e2f2fbe1e1764) C:\Windows\system32\drivers\aswRdr.sys
18:22:00.0620 1656	aswRdr - ok
18:22:00.0636 1656	aswSnx          (dcb199b967375753b5019ec15f008f53) C:\Windows\system32\drivers\aswSnx.sys
18:22:00.0698 1656	aswSnx - ok
18:22:00.0729 1656	aswSP           (b32873e5a1443c0a1e322266e203bf10) C:\Windows\system32\drivers\aswSP.sys
18:22:00.0745 1656	aswSP - ok
18:22:00.0776 1656	aswTdi          (6ff544175a9180c5d88534d3d9c9a9f7) C:\Windows\system32\drivers\aswTdi.sys
18:22:00.0776 1656	aswTdi - ok
18:22:00.0838 1656	AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
18:22:00.0901 1656	AsyncMac - ok
18:22:00.0932 1656	atapi           (0d83c87a801a3dfcd1bf73893fe7518c) C:\Windows\system32\drivers\atapi.sys
18:22:00.0948 1656	atapi - ok
18:22:00.0979 1656	AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:22:01.0026 1656	AudioEndpointBuilder - ok
18:22:01.0057 1656	Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
18:22:01.0088 1656	Audiosrv - ok
18:22:01.0197 1656	avast! Antivirus (4041d31508a2a084dfb42c595854090f) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
18:22:01.0213 1656	avast! Antivirus - ok
18:22:01.0338 1656	BCM42RLY        (423c7b87e886ac93d22936ea82665f83) C:\Windows\system32\drivers\BCM42RLY.sys
18:22:01.0338 1656	BCM42RLY - ok
18:22:01.0416 1656	BCM43XX         (b56999be8f22ba3071e4ceafa9e82e26) C:\Windows\system32\DRIVERS\bcmwl6.sys
18:22:01.0525 1656	BCM43XX - ok
18:22:01.0572 1656	Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
18:22:01.0603 1656	Beep - ok
18:22:01.0665 1656	BFE             (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
18:22:01.0728 1656	BFE - ok
18:22:01.0806 1656	BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\System32\qmgr.dll
18:22:01.0930 1656	BITS - ok
18:22:01.0993 1656	blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
18:22:02.0024 1656	blbdrive - ok
18:22:02.0071 1656	bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
18:22:02.0133 1656	bowser - ok
18:22:02.0149 1656	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
18:22:02.0196 1656	BrFiltLo - ok
18:22:02.0227 1656	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
18:22:02.0274 1656	BrFiltUp - ok
18:22:02.0320 1656	Browser         (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
18:22:02.0367 1656	Browser - ok
18:22:02.0414 1656	Brserid         (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
18:22:02.0617 1656	Brserid - ok
18:22:02.0679 1656	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
18:22:02.0726 1656	BrSerWdm - ok
18:22:02.0757 1656	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
18:22:02.0820 1656	BrUsbMdm - ok
18:22:02.0851 1656	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
18:22:02.0898 1656	BrUsbSer - ok
18:22:02.0929 1656	BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
18:22:03.0007 1656	BTHMODEM - ok
18:22:03.0038 1656	cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
18:22:03.0100 1656	cdfs - ok
18:22:03.0147 1656	cdrom           (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
18:22:03.0178 1656	cdrom - ok
18:22:03.0210 1656	CertPropSvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:22:03.0256 1656	CertPropSvc - ok
18:22:03.0303 1656	Change Modem Device Service (74fffb94d7ffd4750bd429ccb197720e) C:\Windows\system32\ChgService.exe
18:22:03.0350 1656	Change Modem Device Service ( UnsignedFile.Multi.Generic ) - warning
18:22:03.0350 1656	Change Modem Device Service - detected UnsignedFile.Multi.Generic (1)
18:22:03.0412 1656	circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
18:22:03.0444 1656	circlass - ok
18:22:03.0490 1656	CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
18:22:03.0506 1656	CLFS - ok
18:22:03.0568 1656	clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:22:03.0584 1656	clr_optimization_v2.0.50727_32 - ok
18:22:03.0615 1656	CmBatt          (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
18:22:03.0646 1656	CmBatt - ok
18:22:03.0678 1656	cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
18:22:03.0693 1656	cmdide - ok
18:22:03.0724 1656	cmnsusbser      (675d67423980fc1784b93aa47d350a31) C:\Windows\system32\DRIVERS\cmnsusbser.sys
18:22:03.0787 1656	cmnsusbser - ok
18:22:03.0802 1656	Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
18:22:03.0818 1656	Compbatt - ok
18:22:03.0834 1656	COMSysApp - ok
18:22:03.0865 1656	crcdisk         (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
18:22:03.0880 1656	crcdisk - ok
18:22:03.0896 1656	Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
18:22:03.0943 1656	Crusoe - ok
18:22:03.0990 1656	CryptSvc        (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
18:22:04.0021 1656	CryptSvc - ok
18:22:04.0083 1656	CtClsFlt        (281b2b60b5cb449bcf0474eecf73ebec) C:\Windows\system32\DRIVERS\CtClsFlt.sys
18:22:04.0130 1656	CtClsFlt - ok
18:22:04.0161 1656	DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
18:22:04.0255 1656	DcomLaunch - ok
18:22:04.0317 1656	DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
18:22:04.0364 1656	DfsC - ok
18:22:04.0442 1656	DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
18:22:04.0598 1656	DFSR - ok
18:22:04.0645 1656	Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
18:22:04.0692 1656	Dhcp - ok
18:22:04.0754 1656	disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
18:22:04.0770 1656	disk - ok
18:22:04.0801 1656	Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
18:22:04.0863 1656	Dnscache - ok
18:22:04.0941 1656	DockLoginService (0840abbbdf438691ee65a20040635cbe) C:\Program Files\Dell\DellDock\DockLogin.exe
18:22:04.0988 1656	DockLoginService ( UnsignedFile.Multi.Generic ) - warning
18:22:04.0988 1656	DockLoginService - detected UnsignedFile.Multi.Generic (1)
18:22:05.0097 1656	dot3svc         (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
18:22:05.0144 1656	dot3svc - ok
18:22:05.0191 1656	DPS             (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
18:22:05.0238 1656	DPS - ok
18:22:05.0300 1656	drmkaud         (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
18:22:05.0362 1656	drmkaud - ok
18:22:05.0425 1656	DXGKrnl         (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
18:22:05.0472 1656	DXGKrnl - ok
18:22:05.0518 1656	e1express       (908ed85b7806e8af3af5e9b74f7809d4) C:\Windows\system32\DRIVERS\e1e6032.sys
18:22:05.0550 1656	e1express - ok
18:22:05.0565 1656	E1G60           (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
18:22:05.0596 1656	E1G60 - ok
18:22:05.0643 1656	EapHost         (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
18:22:05.0674 1656	EapHost - ok
18:22:05.0721 1656	Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
18:22:05.0737 1656	Ecache - ok
18:22:05.0799 1656	ehRecvr         (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
18:22:05.0830 1656	ehRecvr - ok
18:22:05.0846 1656	ehSched         (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
18:22:05.0908 1656	ehSched - ok
18:22:05.0908 1656	ehstart         (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
18:22:05.0924 1656	ehstart - ok
18:22:05.0986 1656	elxstor         (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
18:22:06.0018 1656	elxstor - ok
18:22:06.0096 1656	EMDMgmt         (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
18:22:06.0158 1656	EMDMgmt - ok
18:22:06.0205 1656	ErrDev          (f2a80de2d1b7116052c09cb4d4ca1416) C:\Windows\system32\drivers\errdev.sys
18:22:06.0283 1656	ErrDev - ok
18:22:06.0345 1656	EventSystem     (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
18:22:06.0392 1656	EventSystem - ok
18:22:06.0439 1656	exfat           (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
18:22:06.0517 1656	exfat - ok
18:22:06.0564 1656	fastfat         (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
18:22:06.0579 1656	fastfat - ok
18:22:06.0610 1656	fdc             (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
18:22:06.0657 1656	fdc - ok
18:22:06.0735 1656	fdPHost         (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
18:22:06.0798 1656	fdPHost - ok
18:22:06.0813 1656	FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
18:22:06.0876 1656	FDResPub - ok
18:22:06.0969 1656	FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
18:22:06.0969 1656	FileInfo - ok
18:22:06.0985 1656	Filetrace       (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
18:22:07.0032 1656	Filetrace - ok
18:22:07.0047 1656	flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
18:22:07.0110 1656	flpydisk - ok
18:22:07.0172 1656	FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
18:22:07.0188 1656	FltMgr - ok
18:22:07.0234 1656	FontCache       (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
18:22:07.0328 1656	FontCache - ok
18:22:07.0406 1656	FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:22:07.0422 1656	FontCache3.0.0.0 - ok
18:22:07.0578 1656	Fs_Rec          (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
18:22:07.0624 1656	Fs_Rec - ok
18:22:07.0983 1656	gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
18:22:07.0983 1656	gagp30kx - ok
18:22:08.0061 1656	GoToAssist      (d3316f6e3c011435f36e3d6e49b3196c) C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
18:22:08.0077 1656	GoToAssist - ok
18:22:08.0264 1656	gpsvc           (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
18:22:08.0311 1656	gpsvc - ok
18:22:08.0436 1656	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:22:08.0451 1656	gupdate - ok
18:22:08.0467 1656	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
18:22:08.0482 1656	gupdatem - ok
18:22:08.0576 1656	HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
18:22:08.0654 1656	HdAudAddService - ok
18:22:08.0857 1656	HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
18:22:08.0919 1656	HDAudBus - ok
18:22:09.0106 1656	HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
18:22:09.0184 1656	HidBth - ok
18:22:09.0434 1656	HidIr           (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
18:22:09.0512 1656	HidIr - ok
18:22:09.0621 1656	hidserv         (84067081f3318162797385e11a8f0582) C:\Windows\system32\hidserv.dll
18:22:09.0668 1656	hidserv - ok
18:22:09.0730 1656	HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
18:22:09.0793 1656	HidUsb - ok
18:22:09.0824 1656	hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
18:22:09.0871 1656	hkmsvc - ok
18:22:09.0918 1656	HpCISSs         (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
18:22:09.0933 1656	HpCISSs - ok
18:22:09.0980 1656	HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
18:22:10.0058 1656	HTTP - ok
18:22:10.0089 1656	hwdatacard      (19e6885a061011d8dabe8f64498423fa) C:\Windows\system32\DRIVERS\ewusbmdm.sys
18:22:10.0120 1656	hwdatacard ( UnsignedFile.Multi.Generic ) - warning
18:22:10.0120 1656	hwdatacard - detected UnsignedFile.Multi.Generic (1)
18:22:10.0167 1656	i2omp           (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
18:22:10.0183 1656	i2omp - ok
18:22:10.0214 1656	i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
18:22:10.0261 1656	i8042prt - ok
18:22:10.0417 1656	IAANTMON        (7b96206e4bdd2fe582f0dbc46f5f410e) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
18:22:10.0432 1656	IAANTMON - ok
18:22:10.0635 1656	iaStor          (4b80b97cbf0782b3bb3057f88d42c367) C:\Windows\system32\drivers\iastor.sys
18:22:10.0666 1656	iaStor - ok
18:22:10.0713 1656	iaStorV         (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
18:22:10.0729 1656	iaStorV - ok
18:22:10.0807 1656	idsvc           (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:22:10.0869 1656	idsvc - ok
18:22:10.0994 1656	igfx            (938753888eaddb29d4b3754139ec19e8) C:\Windows\system32\DRIVERS\igdkmd32.sys
18:22:11.0259 1656	igfx - ok
18:22:12.0460 1656	iirsp           (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
18:22:12.0476 1656	iirsp - ok
18:22:12.0850 1656	IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
18:22:12.0960 1656	IKEEXT - ok
18:22:13.0225 1656	intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
18:22:13.0225 1656	intelide - ok
18:22:13.0334 1656	intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
18:22:13.0428 1656	intelppm - ok
18:22:13.0490 1656	IPBusEnum       (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
18:22:13.0537 1656	IPBusEnum - ok
18:22:13.0818 1656	IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:22:13.0864 1656	IpFilterDriver - ok
18:22:13.0974 1656	iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
18:22:14.0052 1656	iphlpsvc - ok
18:22:14.0098 1656	IpInIp - ok
18:22:14.0130 1656	IPMIDRV         (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
18:22:14.0208 1656	IPMIDRV - ok
18:22:14.0254 1656	IPNAT           (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
18:22:14.0286 1656	IPNAT - ok
18:22:14.0301 1656	IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
18:22:14.0348 1656	IRENUM - ok
18:22:14.0379 1656	isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
18:22:14.0395 1656	isapnp - ok
18:22:14.0426 1656	iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
18:22:14.0442 1656	iScsiPrt - ok
18:22:15.0487 1656	iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
18:22:15.0502 1656	iteatapi - ok
18:22:17.0858 1656	iteraid         (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
18:22:17.0874 1656	iteraid - ok
18:22:17.0952 1656	kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
18:22:17.0967 1656	kbdclass - ok
18:22:18.0248 1656	kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
18:22:18.0310 1656	kbdhid - ok
18:22:18.0825 1656	KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:22:18.0872 1656	KeyIso - ok
18:22:19.0168 1656	KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
18:22:19.0215 1656	KSecDD - ok
18:22:19.0293 1656	KtmRm           (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
18:22:19.0356 1656	KtmRm - ok
18:22:19.0418 1656	LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\system32\srvsvc.dll
18:22:19.0465 1656	LanmanServer - ok
18:22:19.0527 1656	LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
18:22:19.0574 1656	LanmanWorkstation - ok
18:22:19.0636 1656	lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
18:22:19.0668 1656	lltdio - ok
18:22:19.0714 1656	lltdsvc         (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
18:22:19.0746 1656	lltdsvc - ok
18:22:19.0777 1656	lmhosts         (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
18:22:19.0839 1656	lmhosts - ok
18:22:20.0073 1656	LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
18:22:20.0089 1656	LSI_FC - ok
18:22:20.0198 1656	LSI_SAS         (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
18:22:20.0214 1656	LSI_SAS - ok
18:22:20.0260 1656	LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
18:22:20.0276 1656	LSI_SCSI - ok
18:22:20.0292 1656	luafv           (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
18:22:20.0338 1656	luafv - ok
18:22:20.0338 1656	massfilter - ok
18:22:20.0385 1656	MBAMProtector   (b7ca8cc3f978201856b6ab82f40953c3) C:\Windows\system32\drivers\mbam.sys
18:22:20.0401 1656	MBAMProtector - ok
18:22:21.0368 1656	MBAMService     (056b19651bd7b7ce5f89a3ac46dbdc08) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
18:22:21.0399 1656	MBAMService - ok
18:22:21.0555 1656	Mcx2Svc         (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
18:22:21.0618 1656	Mcx2Svc - ok
18:22:21.0711 1656	megasas         (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
18:22:21.0727 1656	megasas - ok
18:22:21.0774 1656	MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
18:22:21.0805 1656	MegaSR - ok
18:22:21.0852 1656	MMCSS           (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:22:21.0914 1656	MMCSS - ok
18:22:21.0945 1656	Modem           (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
18:22:21.0992 1656	Modem - ok
18:22:22.0008 1656	monitor         (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
18:22:22.0070 1656	monitor - ok
18:22:22.0101 1656	mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
18:22:22.0117 1656	mouclass - ok
18:22:22.0132 1656	mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
18:22:22.0148 1656	mouhid - ok
18:22:22.0179 1656	MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
18:22:22.0195 1656	MountMgr - ok
18:22:22.0210 1656	mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
18:22:22.0226 1656	mpio - ok
18:22:22.0257 1656	mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
18:22:22.0288 1656	mpsdrv - ok
18:22:22.0335 1656	MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
18:22:22.0413 1656	MpsSvc - ok
18:22:22.0444 1656	Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
18:22:22.0460 1656	Mraid35x - ok
18:22:22.0491 1656	MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
18:22:22.0507 1656	MRxDAV - ok
18:22:22.0569 1656	mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:22:22.0616 1656	mrxsmb - ok
18:22:22.0647 1656	mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:22:22.0694 1656	mrxsmb10 - ok
18:22:22.0725 1656	mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:22:22.0756 1656	mrxsmb20 - ok
18:22:22.0803 1656	msahci          (f70590424eefbf5c27a40c67afdb8383) C:\Windows\system32\drivers\msahci.sys
18:22:22.0819 1656	msahci - ok
18:22:22.0834 1656	msdsm           (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
18:22:22.0850 1656	msdsm - ok
18:22:22.0881 1656	MSDTC           (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
18:22:22.0912 1656	MSDTC - ok
18:22:22.0959 1656	Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
18:22:23.0022 1656	Msfs - ok
18:22:23.0037 1656	msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
18:22:23.0053 1656	msisadrv - ok
18:22:23.0084 1656	MSiSCSI         (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
18:22:23.0115 1656	MSiSCSI - ok
18:22:23.0131 1656	msiserver - ok
18:22:23.0146 1656	MSKSSRV         (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
18:22:23.0209 1656	MSKSSRV - ok
18:22:23.0240 1656	MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
18:22:23.0302 1656	MSPCLOCK - ok
18:22:23.0334 1656	MSPQM           (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
18:22:23.0365 1656	MSPQM - ok
18:22:23.0412 1656	MsRPC           (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
18:22:23.0427 1656	MsRPC - ok
18:22:23.0427 1656	mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
18:22:23.0443 1656	mssmbios - ok
18:22:23.0474 1656	MSTEE           (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
18:22:23.0505 1656	MSTEE - ok
18:22:23.0536 1656	Mup             (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
18:22:23.0552 1656	Mup - ok
18:22:23.0646 1656	napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
18:22:23.0677 1656	napagent - ok
18:22:23.0895 1656	NativeWifiP     (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
18:22:23.0911 1656	NativeWifiP - ok
18:22:24.0036 1656	NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
18:22:24.0067 1656	NDIS - ok
18:22:24.0114 1656	NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
18:22:24.0160 1656	NdisTapi - ok
18:22:24.0176 1656	Ndisuio         (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
18:22:24.0223 1656	Ndisuio - ok
18:22:24.0270 1656	NdisWan         (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
18:22:24.0348 1656	NdisWan - ok
18:22:24.0379 1656	NDProxy         (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
18:22:24.0410 1656	NDProxy - ok
18:22:24.0426 1656	NetBIOS         (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
18:22:24.0472 1656	NetBIOS - ok
18:22:24.0519 1656	netbt           (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
18:22:24.0582 1656	netbt - ok
18:22:24.0628 1656	Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:22:24.0644 1656	Netlogon - ok
18:22:24.0987 1656	Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
18:22:25.0065 1656	Netman - ok
18:22:25.0299 1656	netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
18:22:25.0377 1656	netprofm - ok
18:22:25.0440 1656	NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:22:25.0455 1656	NetTcpPortSharing - ok
18:22:25.0752 1656	nfrd960         (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
18:22:25.0752 1656	nfrd960 - ok
18:22:26.0376 1656	NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
18:22:26.0438 1656	NlaSvc - ok
18:22:26.0563 1656	Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
18:22:26.0641 1656	Npfs - ok
18:22:26.0688 1656	nsi             (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
18:22:26.0750 1656	nsi - ok
18:22:26.0828 1656	nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
18:22:26.0890 1656	nsiproxy - ok
18:22:26.0953 1656	Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
18:22:27.0031 1656	Ntfs - ok
18:22:27.0124 1656	ntrigdigi       (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
18:22:27.0171 1656	ntrigdigi - ok
18:22:27.0218 1656	Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
18:22:27.0234 1656	Null - ok
18:22:27.0265 1656	nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
18:22:27.0280 1656	nvraid - ok
18:22:27.0296 1656	nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
18:22:27.0312 1656	nvstor - ok
18:22:27.0343 1656	nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
18:22:27.0358 1656	nv_agp - ok
18:22:27.0358 1656	NwlnkFlt - ok
18:22:27.0374 1656	NwlnkFwd - ok
18:22:27.0421 1656	OA009Ufd        (2cf21d5f8f1b74bb1922135ac2b12ddb) C:\Windows\system32\DRIVERS\OA009Ufd.sys
18:22:27.0483 1656	OA009Ufd - ok
18:22:27.0514 1656	OA009Vid        (636c6ee8bb6ec473b8fe221eff77e0cc) C:\Windows\system32\DRIVERS\OA009Vid.sys
18:22:27.0546 1656	OA009Vid - ok
18:22:27.0577 1656	ohci1394        (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
18:22:27.0639 1656	ohci1394 - ok
18:22:27.0967 1656	p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:22:27.0998 1656	p2pimsvc - ok
18:22:28.0060 1656	p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:22:28.0092 1656	p2psvc - ok
18:22:28.0201 1656	Parport         (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
18:22:28.0248 1656	Parport - ok
18:22:28.0310 1656	partmgr         (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
18:22:28.0310 1656	partmgr - ok
18:22:28.0341 1656	Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
18:22:28.0435 1656	Parvdm - ok
18:22:28.0981 1656	PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
18:22:28.0996 1656	PcaSvc - ok
18:22:29.0542 1656	PCD5SRVC{3F6A8B78-EC003E00-05040104} (42ede7d217325ff56cb8a9983cd7f73b) C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms
18:22:29.0605 1656	PCD5SRVC{3F6A8B78-EC003E00-05040104} - ok
18:22:29.0714 1656	pci             (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
18:22:29.0730 1656	pci - ok
18:22:30.0775 1656	pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
18:22:30.0790 1656	pciide - ok
18:22:30.0900 1656	pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
18:22:30.0900 1656	pcmcia - ok
18:22:32.0023 1656	PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
18:22:32.0116 1656	PEAUTH - ok
18:22:32.0288 1656	pla             (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
18:22:32.0413 1656	pla - ok
18:22:32.0569 1656	PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
18:22:32.0631 1656	PlugPlay - ok
18:22:32.0694 1656	PNRPAutoReg     (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:22:32.0740 1656	PNRPAutoReg - ok
18:22:32.0772 1656	PNRPsvc         (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
18:22:32.0818 1656	PNRPsvc - ok
18:22:32.0928 1656	PolicyAgent     (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
18:22:33.0006 1656	PolicyAgent - ok
18:22:33.0349 1656	PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
18:22:33.0380 1656	PptpMiniport - ok
18:22:33.0474 1656	Processor       (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\drivers\processr.sys
18:22:33.0505 1656	Processor - ok
18:22:33.0552 1656	ProfSvc         (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
18:22:33.0598 1656	ProfSvc - ok
18:22:33.0645 1656	ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:22:33.0661 1656	ProtectedStorage - ok
18:22:33.0754 1656	PSched          (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
18:22:33.0770 1656	PSched - ok
18:22:33.0817 1656	PxHelp20        (153d02480a0a2f45785522e814c634b6) C:\Windows\system32\Drivers\PxHelp20.sys
18:22:33.0817 1656	PxHelp20 - ok
18:22:33.0879 1656	ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
18:22:33.0973 1656	ql2300 - ok
18:22:34.0004 1656	ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
18:22:34.0020 1656	ql40xx - ok
18:22:34.0051 1656	QWAVE           (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
18:22:34.0129 1656	QWAVE - ok
18:22:34.0144 1656	QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
18:22:34.0176 1656	QWAVEdrv - ok
18:22:34.0254 1656	R300            (e642b131fb74caf4bb8a014f31113142) C:\Windows\system32\DRIVERS\atikmdag.sys
18:22:34.0456 1656	R300 - ok
18:22:34.0628 1656	RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
18:22:34.0690 1656	RasAcd - ok
18:22:35.0377 1656	RasAuto         (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
18:22:35.0486 1656	RasAuto - ok
18:22:35.0580 1656	Rasl2tp         (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:22:35.0611 1656	Rasl2tp - ok
18:22:35.0673 1656	RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
18:22:35.0751 1656	RasMan - ok
18:22:35.0814 1656	RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
18:22:35.0829 1656	RasPppoe - ok
18:22:35.0845 1656	RasSstp         (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
18:22:35.0892 1656	RasSstp - ok
18:22:35.0938 1656	rdbss           (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
18:22:35.0985 1656	rdbss - ok
18:22:36.0032 1656	RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:22:36.0048 1656	RDPCDD - ok
18:22:36.0110 1656	rdpdr           (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
18:22:36.0141 1656	rdpdr - ok
18:22:36.0141 1656	RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
18:22:36.0219 1656	RDPENCDD - ok
18:22:36.0266 1656	RDPWD           (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
18:22:36.0344 1656	RDPWD - ok
18:22:36.0375 1656	RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
18:22:36.0438 1656	RemoteAccess - ok
18:22:36.0609 1656	RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
18:22:36.0672 1656	RemoteRegistry - ok
18:22:37.0062 1656	RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
18:22:37.0108 1656	RpcLocator - ok
18:22:37.0171 1656	RpcSs           (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
18:22:37.0218 1656	RpcSs - ok
18:22:37.0264 1656	rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
18:22:37.0280 1656	rspndr - ok
18:22:37.0420 1656	RTSTOR          (d97d8259293b7a82cb891f37f997df3f) C:\Windows\system32\drivers\RTSTOR.SYS
18:22:37.0483 1656	RTSTOR - ok
18:22:37.0576 1656	SamSs           (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
18:22:37.0592 1656	SamSs - ok
18:22:37.0842 1656	sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
18:22:37.0857 1656	sbp2port - ok
18:22:37.0966 1656	SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
18:22:37.0998 1656	SCardSvr - ok
18:22:38.0169 1656	Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
18:22:38.0232 1656	Schedule - ok
18:22:38.0341 1656	SCPolicySvc     (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
18:22:38.0356 1656	SCPolicySvc - ok
18:22:38.0590 1656	SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
18:22:38.0653 1656	SDRSVC - ok
18:22:38.0856 1656	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
18:22:38.0902 1656	secdrv - ok
18:22:39.0495 1656	seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
18:22:39.0526 1656	seclogon - ok
18:22:39.0620 1656	SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\System32\sens.dll
18:22:39.0682 1656	SENS - ok
18:22:39.0760 1656	Serenum         (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
18:22:39.0838 1656	Serenum - ok
18:22:39.0870 1656	Serial          (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
18:22:39.0948 1656	Serial - ok
18:22:39.0979 1656	sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
18:22:39.0994 1656	sermouse - ok
18:22:40.0852 1656	SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
18:22:40.0930 1656	SessionEnv - ok
18:22:42.0069 1656	sffdisk         (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
18:22:42.0147 1656	sffdisk - ok
18:22:42.0444 1656	sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
18:22:42.0506 1656	sffp_mmc - ok
18:22:42.0865 1656	sffp_sd         (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
18:22:42.0943 1656	sffp_sd - ok
18:22:43.0317 1656	sfloppy         (c33bfbd6e9e41fcd9ffef9729e9faed6) C:\Windows\system32\DRIVERS\sfloppy.sys
18:22:43.0348 1656	sfloppy - ok
18:22:43.0645 1656	SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
18:22:43.0707 1656	SharedAccess - ok
18:22:44.0175 1656	ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
18:22:44.0238 1656	ShellHWDetection - ok
18:22:44.0362 1656	sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
18:22:44.0378 1656	sisagp - ok
18:22:44.0409 1656	SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
18:22:44.0425 1656	SiSRaid2 - ok
18:22:44.0456 1656	SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
18:22:44.0456 1656	SiSRaid4 - ok
18:22:44.0534 1656	SkypeUpdate     (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files\Skype\Updater\Updater.exe
18:22:44.0550 1656	SkypeUpdate - ok
18:22:45.0267 1656	slsvc           (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
18:22:45.0595 1656	slsvc - ok
18:22:46.0671 1656	SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
18:22:46.0734 1656	SLUINotify - ok
18:22:46.0827 1656	Smb             (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
18:22:46.0921 1656	Smb - ok
18:22:46.0968 1656	SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
18:22:46.0999 1656	SNMPTRAP - ok
18:22:47.0061 1656	spldr           (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
18:22:47.0077 1656	spldr - ok
18:22:47.0108 1656	Spooler         (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
18:22:47.0139 1656	Spooler - ok
18:22:47.0623 1656	sprtsvc_DellSupportCenter (777115c9cc675bd98127660712d2f784) C:\Program Files\Dell Support Center\bin\sprtsvc.exe
18:22:47.0638 1656	sprtsvc_DellSupportCenter - ok
18:22:48.0325 1656	sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\System32\Drivers\sptd.sys
18:22:48.0356 1656	sptd - ok
18:22:48.0481 1656	srv             (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
18:22:48.0559 1656	srv - ok
18:22:48.0606 1656	srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
18:22:48.0668 1656	srv2 - ok
18:22:48.0684 1656	srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
18:22:48.0715 1656	srvnet - ok
18:22:48.0746 1656	SSDPSRV         (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
18:22:48.0808 1656	SSDPSRV - ok
18:22:48.0918 1656	SSPORT          (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
18:22:48.0964 1656	SSPORT ( UnsignedFile.Multi.Generic ) - warning
18:22:48.0964 1656	SSPORT - detected UnsignedFile.Multi.Generic (1)
18:22:49.0011 1656	SstpSvc         (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
18:22:49.0058 1656	SstpSvc - ok
18:22:49.0136 1656	STacSV          (ddeb942850278d67edc108d57f774bf8) C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe
18:22:49.0152 1656	STacSV - ok
18:22:49.0230 1656	STHDA           (c4be9c3af8af6f2e4cdd22fcabf77a1b) C:\Windows\system32\DRIVERS\stwrt.sys
18:22:49.0339 1656	STHDA - ok
18:22:49.0432 1656	stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
18:22:49.0464 1656	stisvc - ok
18:22:49.0526 1656	swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
18:22:49.0542 1656	swenum - ok
18:22:49.0588 1656	swprv           (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
18:22:49.0651 1656	swprv - ok
18:22:49.0713 1656	Symc8xx         (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
18:22:49.0729 1656	Symc8xx - ok
18:22:49.0760 1656	Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
18:22:49.0776 1656	Sym_hi - ok
18:22:49.0807 1656	Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
18:22:49.0822 1656	Sym_u3 - ok
18:22:50.0244 1656	SysMain         (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
18:22:50.0322 1656	SysMain - ok
18:22:50.0446 1656	TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
18:22:50.0462 1656	TabletInputService - ok
18:22:50.0571 1656	TapiSrv         (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
18:22:50.0649 1656	TapiSrv - ok
18:22:50.0680 1656	TBS             (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
18:22:50.0743 1656	TBS - ok
18:22:50.0821 1656	Tcpip           (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
18:22:50.0899 1656	Tcpip - ok
18:22:50.0930 1656	Tcpip6          (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
18:22:50.0977 1656	Tcpip6 - ok
18:22:51.0039 1656	tcpipreg        (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
18:22:51.0133 1656	tcpipreg - ok
18:22:51.0164 1656	TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
18:22:51.0211 1656	TDPIPE - ok
18:22:51.0242 1656	TDTCP           (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
18:22:51.0273 1656	TDTCP - ok
18:22:51.0304 1656	tdx             (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
18:22:51.0351 1656	tdx - ok
18:22:51.0398 1656	TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
18:22:51.0414 1656	TermDD - ok
18:22:51.0445 1656	TermService     (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
18:22:51.0507 1656	TermService - ok
18:22:51.0679 1656	Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
18:22:51.0694 1656	Themes - ok
18:22:52.0131 1656	THREADORDER     (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
18:22:52.0162 1656	THREADORDER - ok
18:22:53.0005 1656	TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
18:22:53.0036 1656	TrkWks - ok
18:22:53.0286 1656	TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
18:22:53.0301 1656	TrustedInstaller - ok
18:22:54.0222 1656	tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:22:54.0253 1656	tssecsrv - ok
18:22:54.0783 1656	tunmp           (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
18:22:54.0799 1656	tunmp - ok
18:22:54.0908 1656	tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
18:22:54.0970 1656	tunnel - ok
18:22:55.0033 1656	uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
18:22:55.0048 1656	uagp35 - ok
18:22:55.0282 1656	udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
18:22:55.0314 1656	udfs - ok
18:22:55.0407 1656	UI0Detect       (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
18:22:55.0438 1656	UI0Detect - ok
18:22:56.0437 1656	uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
18:22:56.0452 1656	uliagpkx - ok
18:22:56.0655 1656	uliahci         (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
18:22:56.0671 1656	uliahci - ok
18:22:56.0842 1656	UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
18:22:56.0842 1656	UlSata - ok
18:22:56.0874 1656	ulsata2         (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
18:22:56.0889 1656	ulsata2 - ok
18:22:56.0905 1656	umbus           (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
18:22:56.0936 1656	umbus - ok
18:22:56.0998 1656	upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
18:22:57.0030 1656	upnphost - ok
18:22:57.0076 1656	usbccgp         (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
18:22:57.0123 1656	usbccgp - ok
18:22:57.0170 1656	usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
18:22:57.0217 1656	usbcir - ok
18:22:57.0388 1656	usbehci         (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
18:22:57.0482 1656	usbehci - ok
18:22:57.0591 1656	usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
18:22:57.0669 1656	usbhub - ok
18:22:57.0747 1656	usbohci         (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
18:22:57.0794 1656	usbohci - ok
18:22:57.0825 1656	usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
18:22:57.0888 1656	usbprint - ok
18:22:57.0950 1656	USBSTOR         (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:22:57.0997 1656	USBSTOR - ok
18:22:58.0028 1656	usbuhci         (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
18:22:58.0075 1656	usbuhci - ok
18:22:58.0122 1656	usbvideo        (e67998e8f14cb0627a769f6530bcb352) C:\Windows\system32\Drivers\usbvideo.sys
18:22:58.0184 1656	usbvideo - ok
18:22:58.0231 1656	UxSms           (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
18:22:58.0262 1656	UxSms - ok
18:22:58.0309 1656	vds             (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
18:22:58.0371 1656	vds - ok
18:22:58.0434 1656	vga             (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
18:22:58.0480 1656	vga - ok
18:22:58.0496 1656	VgaSave         (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
18:22:58.0527 1656	VgaSave - ok
18:22:58.0558 1656	viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
18:22:58.0574 1656	viaagp - ok
18:22:58.0590 1656	ViaC7           (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
18:22:58.0621 1656	ViaC7 - ok
18:22:58.0636 1656	viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
18:22:58.0652 1656	viaide - ok
18:22:58.0668 1656	volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
18:22:58.0683 1656	volmgr - ok
18:22:58.0730 1656	volmgrx         (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
18:22:58.0746 1656	volmgrx - ok
18:22:58.0761 1656	volsnap         (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
18:22:58.0777 1656	volsnap - ok
18:22:58.0808 1656	vsmraid         (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
18:22:58.0824 1656	vsmraid - ok
18:22:58.0886 1656	VSS             (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
18:22:58.0933 1656	VSS - ok
18:22:59.0292 1656	W32Time         (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
18:22:59.0338 1656	W32Time - ok
18:22:59.0448 1656	WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
18:22:59.0494 1656	WacomPen - ok
18:22:59.0526 1656	Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:22:59.0557 1656	Wanarp - ok
18:22:59.0557 1656	Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
18:22:59.0572 1656	Wanarpv6 - ok
18:22:59.0619 1656	wcncsvc         (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
18:22:59.0666 1656	wcncsvc - ok
18:22:59.0713 1656	WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
18:22:59.0744 1656	WcsPlugInService - ok
18:22:59.0775 1656	Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
18:22:59.0791 1656	Wd - ok
18:22:59.0822 1656	Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
18:22:59.0869 1656	Wdf01000 - ok
18:22:59.0900 1656	WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:22:59.0947 1656	WdiServiceHost - ok
18:22:59.0947 1656	WdiSystemHost   (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
18:22:59.0978 1656	WdiSystemHost - ok
18:23:00.0009 1656	WebClient       (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
18:23:00.0025 1656	WebClient - ok
18:23:00.0072 1656	Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
18:23:00.0087 1656	Wecsvc - ok
18:23:00.0103 1656	wercplsupport   (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
18:23:00.0150 1656	wercplsupport - ok
18:23:00.0196 1656	WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
18:23:00.0243 1656	WerSvc - ok
18:23:00.0321 1656	WinDefend       (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
18:23:00.0321 1656	WinDefend - ok
18:23:00.0337 1656	WinHttpAutoProxySvc - ok
18:23:00.0384 1656	Winmgmt         (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
18:23:00.0415 1656	Winmgmt - ok
18:23:00.0462 1656	WinRM           (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
18:23:00.0586 1656	WinRM - ok
18:23:00.0633 1656	Wlansvc         (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
18:23:00.0680 1656	Wlansvc - ok
18:23:00.0696 1656	wltrysvc - ok
18:23:00.0758 1656	WmiAcpi         (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
18:23:00.0789 1656	WmiAcpi - ok
18:23:00.0852 1656	wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
18:23:00.0898 1656	wmiApSrv - ok
18:23:00.0992 1656	WMPNetworkSvc   (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
18:23:01.0070 1656	WMPNetworkSvc - ok
18:23:01.0164 1656	WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
18:23:01.0210 1656	WPCSvc - ok
18:23:01.0257 1656	WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
18:23:01.0288 1656	WPDBusEnum - ok
18:23:01.0335 1656	WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
18:23:01.0351 1656	WpdUsb - ok
18:23:01.0398 1656	ws2ifsl         (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
18:23:01.0413 1656	ws2ifsl - ok
18:23:01.0444 1656	wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\System32\wscsvc.dll
18:23:01.0476 1656	wscsvc - ok
18:23:01.0476 1656	WSearch - ok
18:23:01.0554 1656	wuauserv        (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
18:23:01.0647 1656	wuauserv - ok
18:23:01.0694 1656	WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:23:01.0772 1656	WUDFRd - ok
18:23:01.0803 1656	wudfsvc         (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
18:23:01.0866 1656	wudfsvc - ok
18:23:01.0866 1656	yksvc - ok
18:23:01.0912 1656	yukonwlh        (1a51df1a5c658d534ed980d18f7982de) C:\Windows\system32\DRIVERS\yk60x86.sys
18:23:01.0975 1656	yukonwlh - ok
18:23:01.0990 1656	ZTEusbmdm6k - ok
18:23:02.0006 1656	ZTEusbnmea - ok
18:23:02.0006 1656	ZTEusbser6k - ok
18:23:02.0037 1656	MBR (0x1B8)     (cdb4de4bbd714f152979da2dcbef57eb) \Device\Harddisk0\DR0
18:23:07.0294 1656	\Device\Harddisk0\DR0 - ok
18:23:07.0996 1656	Boot (0x1200)   (c02a8eb95172ce8b1019933a058d6e82) \Device\Harddisk0\DR0\Partition0
18:23:07.0996 1656	\Device\Harddisk0\DR0\Partition0 - ok
18:23:08.0012 1656	Boot (0x1200)   (51978da9ce1ee83243a174ecc4bb7cab) \Device\Harddisk0\DR0\Partition1
18:23:08.0012 1656	\Device\Harddisk0\DR0\Partition1 - ok
18:23:08.0012 1656	============================================================
18:23:08.0012 1656	Scan finished
18:23:08.0012 1656	============================================================
18:23:08.0028 3292	Detected object count: 5
18:23:08.0028 3292	Actual detected object count: 5
18:23:19.0166 3292	ASPI ( UnsignedFile.Multi.Generic ) - skipped by user
18:23:19.0166 3292	ASPI ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:23:19.0182 3292	Change Modem Device Service ( UnsignedFile.Multi.Generic ) - skipped by user
18:23:19.0182 3292	Change Modem Device Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:23:19.0182 3292	DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
18:23:19.0182 3292	DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:23:19.0182 3292	hwdatacard ( UnsignedFile.Multi.Generic ) - skipped by user
18:23:19.0182 3292	hwdatacard ( UnsignedFile.Multi.Generic ) - User select action: Skip 
18:23:19.0182 3292	SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
18:23:19.0182 3292	SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip

Lg

lin.x

cosinus · 08.04.2012, 18:14

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

lin.x · 08.04.2012, 19:47

hier das combofix-log. am ende des prozesses, beim erstellen der log-datei ist das programm leider stecken geblieben, ich hoffe das log (der die das?) ist trotzdem brauchbar:

Code:

ATTFilter

ComboFix 12-04-07.04 - xxx 08.04.2012  19:20:26.1.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.43.1031.18.3034.2025 [GMT 2:00]
ausgeführt von:: C:\Users\xxx\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))


C:\ProgramData\tbEDQ75VFH2EJb
C:\Windows\system32\drivers\etc\hosts.ics


(((((((((((((((((((((((   Dateien erstellt von 2012-03-08 bis 2012-04-08  ))))))))))))))))))))))))))))))


2012-04-08 17:29:04 . 2012-04-08 17:29:35	--------	dc----w-	C:\Users\xxx\AppData\Local\temp
2012-04-08 17:29:04 . 2012-04-08 17:29:04	--------	dc----w-	C:\Users\Default\AppData\Local\temp
2012-04-08 15:30:51 . 2012-04-08 15:30:51	--------	dc----w-	C:\_OTL
2012-04-05 08:22:42 . 2012-04-05 08:22:42	418464	-c--a-w-	C:\Windows\system32\FlashPlayerApp.exe
2012-04-04 22:31:54 . 2012-04-04 22:31:54	--------	dc----w-	C:\Program Files\ESET
2012-04-02 14:07:42 . 2012-04-02 14:07:59	--------	dc----w-	C:\Program Files\Defraggler
2012-04-01 19:28:21 . 2012-04-01 19:28:21	--------	dc----w-	C:\Users\xxx\AppData\Roaming\Malwarebytes
2012-04-01 19:27:52 . 2012-04-01 19:27:52	--------	dc----w-	C:\ProgramData\Malwarebytes
2012-04-01 19:27:51 . 2012-04-01 19:27:56	--------	dc----w-	C:\Program Files\Malwarebytes' Anti-Malware
2012-04-01 19:27:51 . 2011-12-10 13:24:06	20464	-c--a-w-	C:\Windows\system32\drivers\mbam.sys
2012-04-01 09:58:46 . 2012-04-01 09:58:46	--------	dc----w-	C:\Users\xxx\AppData\Local\PDF24
2012-04-01 09:58:03 . 2012-04-01 09:58:22	--------	dc----w-	C:\Program Files\PDF24
2012-03-30 19:23:14 . 2012-04-08 17:15:37	--------	dc----w-	C:\Users\xxx\AppData\Roaming\vlc
2012-03-27 15:17:25 . 2012-03-14 02:15:38	6582328	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B2E75756-952B-4BAC-98D2-ADAED3D4EA29}\mpengine.dll
2012-03-26 09:16:44 . 2012-03-26 09:16:44	--------	dc----w-	C:\Users\xxx\AppData\Local\Google
2012-03-26 09:16:44 . 2012-03-26 09:16:44	--------	dc----w-	C:\Program Files\Google
2012-03-20 13:51:54 . 2012-03-20 13:51:54	592824	-c--a-w-	C:\Program Files\Mozilla Firefox\gkmedias.dll
2012-03-20 13:51:54 . 2012-03-20 13:51:54	44472	-c--a-w-	C:\Program Files\Mozilla Firefox\mozglue.dll
2012-03-14 10:51:16 . 2012-01-09 15:54:08	613376	-c--a-w-	C:\Windows\system32\rdpencom.dll
2012-03-14 10:51:15 . 2012-02-02 15:16:25	2044416	-c--a-w-	C:\Windows\system32\win32k.sys
2012-03-14 10:51:15 . 2012-01-09 13:58:29	180736	-c--a-w-	C:\Windows\system32\drivers\rdpwd.sys
2012-03-14 10:51:04 . 2012-02-13 13:44:40	1068544	-c--a-w-	C:\Windows\system32\DWrite.dll
2012-03-14 10:51:03 . 2012-02-14 15:45:30	219648	-c--a-w-	C:\Windows\system32\d3d10_1core.dll
2012-03-14 10:51:03 . 2012-02-14 15:45:30	160768	-c--a-w-	C:\Windows\system32\d3d10_1.dll
2012-03-14 10:51:03 . 2012-02-13 14:12:08	1172480	-c--a-w-	C:\Windows\system32\d3d10warp.dll
2012-03-14 10:51:03 . 2012-02-13 13:47:57	683008	-c--a-w-	C:\Windows\system32\d2d1.dll
.


((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-04-05 08:22:42 . 2011-09-27 06:54:48	70304	-c--a-w-	C:\Windows\system32\FlashPlayerCPLApp.cpl
2012-03-07 00:15:19 . 2011-07-30 09:01:27	41184	-c--a-w-	C:\Windows\avastSS.scr
2012-03-07 00:15:14 . 2011-07-30 09:01:21	201352	-c--a-w-	C:\Windows\system32\aswBoot.exe
2012-03-07 00:03:51 . 2011-07-30 09:03:32	612184	----a-w-	C:\Windows\system32\drivers\aswSnx.sys
2012-03-07 00:03:38 . 2011-07-30 09:03:44	337880	----a-w-	C:\Windows\system32\drivers\aswSP.sys
2012-03-07 00:02:00 . 2011-07-30 09:03:33	35672	----a-w-	C:\Windows\system32\drivers\aswRdr.sys
2012-03-07 00:01:53 . 2011-07-30 09:03:33	53848	----a-w-	C:\Windows\system32\drivers\aswTdi.sys
2012-03-07 00:01:48 . 2011-07-30 09:03:31	57688	----a-w-	C:\Windows\system32\drivers\aswMonFlt.sys
2012-03-07 00:01:30 . 2011-07-30 09:03:45	20696	----a-w-	C:\Windows\system32\drivers\aswFsBlk.sys
2012-02-23 08:18:36 . 2011-08-01 01:21:22	237072	-c----w-	C:\Windows\system32\MpSigStub.exe
2012-03-20 13:51:54 . 2011-04-09 07:16:51	97208	-c--a-w-	C:\Program Files\mozilla firefox\components\browsercomps.dll


((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))


*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15:06	123536	----a-w-	C:\Program Files\AVAST Software\Avast\ashShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20	94208	----a-w-	C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20	94208	----a-w-	C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12:20	94208	----a-w-	C:\Users\xxx\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [2009-03-31 14:18:34 217088]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2009-03-31 16:55:48 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2009-03-31 16:55:22 173592]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2009-03-31 16:55:34 150552]
"Broadcom Wireless Manager UI"="C:\Windows\system32\WLTRAY.exe" [2008-12-21 18:34:46 3810304]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-05-07 22:41:12 178712]
"Dell Webcam Central"="C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 18:49:08 405639]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray.exe" [2009-03-31 15:00:24 483428]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2012-03-07 00:15:17 4241512]
"Malwarebytes' Anti-Malware"="C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 12:53:18 460872]

C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-2-15 24246216]

C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - C:\Program Files\Dell\DellDock\DellDock.exe [2009-2-27 1316192]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2009-07-05 18:40:21	10536	-c--a-w-	C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^xxx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk]
path=C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
backup=C:\Windows\pss\Dell Dock.lnk.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^xxx^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=C:\Windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07:56	843712	-c--a-r-	C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51:18	37296	-c--a-w-	C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2008-12-29 10:40:30	687560	-c--a-w-	C:\Program Files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dellsupportcenter]
2009-06-03 12:46:38	206064	----a-w-	C:\Program Files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDFPrint]
2012-03-14 07:02:08	155648	-c--a-w-	C:\Program Files\PDF24\pdf24.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickSet]
2009-01-09 17:06:32	1735760	-c--a-w-	C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28:03	1233920	----a-w-	C:\Program Files\Windows Sidebar\sidebar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 06:55:08	17148552	-c--a-r-	C:\Program Files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-04-08 05:59:52	254696	-c--a-w-	C:\Program Files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23:32	1008184	----a-w-	C:\Program Files\Windows Defender\MSASCui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25:33	202240	----a-w-	C:\Program Files\Windows Media Player\wmpnscfg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Dell DataSafe Online"="C:\Program Files\Dell DataSafe Online\DataSafeOnline.exe" /m
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"dellsupportcenter"="C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
"MPlayerForWindows_UpdateReminder"="C:\Program Files\MPlayer für Windows\AutoUpdate.exe" /L=1031 /TASK

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 08:22:42 253600]
S2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [2009-03-31 15:00:04 81920]


--- Andere Dienste/Treiber im Speicher ---

*NewlyCreated* - 25723643
*Deregistered* - 25723643

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache

Inhalt des "geplante Tasks" Ordners

2012-04-08 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 08:22:42 . 2012-04-05 08:22:42]

2012-04-08 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2012-03-26 09:16:55 . 2012-03-26 09:16:43]

2012-04-08 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2012-03-26 09:16:55 . 2012-03-26 09:16:43]

2012-04-08 C:\Windows\Tasks\User_Feed_Synchronization-{E5908986-8A3F-4220-B0C8-45998620A305}.job
- C:\Windows\system32\msfeedssync.exe [2008-01-21 02:24:52 . 2008-01-21 02:24:52]

danke
+lg

cosinus · 08.04.2012, 20:17

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

lin.x · 08.04.2012, 23:05

hi,
hab alles drei durchgeführt. gmer ist ist zu groß, daher in zwei teilen im anhang.

osam:

Code:

ATTFilter

OSAM Logfile:

	Code: 

 ATTFilter

  
	Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:31:14 on 08.04.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 11.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"bcmwlcpl.cpl" - "Dell Inc." - C:\Windows\System32\bcmwlcpl.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Advanced SCSI Programming Interface Driver" (ASPI) - ? - C:\Windows\System32\DRIVERS\ASPI32.sys
"aswFsBlk" (aswFsBlk) - "AVAST Software" - C:\Windows\system32\drivers\aswFsBlk.sys
"aswMonFlt" (aswMonFlt) - "AVAST Software" - C:\Windows\system32\drivers\aswMonFlt.sys
"aswRdr" (aswRdr) - "AVAST Software" - C:\Windows\system32\drivers\aswRdr.sys
"aswSnx" (aswSnx) - "AVAST Software" - C:\Windows\system32\drivers\aswSnx.sys
"aswSP" (aswSP) - "AVAST Software" - C:\Windows\system32\drivers\aswSP.sys
"avast! Network Shield Support" (aswTdi) - "AVAST Software" - C:\Windows\system32\drivers\aswTdi.sys
"BCM42RLY" (BCM42RLY) - "Broadcom Corporation" - C:\Windows\System32\drivers\BCM42RLY.sys
"catchme" (catchme) - ? - C:\Users\xxx\AppData\Local\Temp\catchme.sys  (File not found)
"Huawei DataCard USB Modem and USB Serial" (hwdatacard) - "Huawei Technologies Co., Ltd." - C:\Windows\System32\DRIVERS\ewusbmdm.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"kxtoqpog" (kxtoqpog) - ? - C:\Users\xxx\AppData\Local\Temp\kxtoqpog.sys  (Hidden registry entry, rootkit activity | File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"PCD5SRVC{3F6A8B78-EC003E00-05040104} - PCDR Kernel Mode Service Helper Driver" (PCD5SRVC{3F6A8B78-EC003E00-05040104}) - "PC-Doctor, Inc." - C:\PROGRA~1\DELLSU~1\HWDiag\bin\PCD5SRVC.pkms
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"SSPORT" (SSPORT) - "Samsung Electronics" - C:\Windows\system32\Drivers\SSPORT.sys
"ZTE Diagnostic Port" (ZTEusbser6k) - ? - C:\Windows\System32\DRIVERS\ZTEusbser6k.sys  (File not found)
"ZTE Mass Storage Filter Driver" (massfilter) - ? - C:\Windows\System32\drivers\massfilter.sys  (File not found)
"ZTE NMEA Port" (ZTEusbnmea) - ? - C:\Windows\System32\DRIVERS\ZTEusbnmea.sys  (File not found)
"ZTE Proprietary USB Driver" (ZTEusbmdm6k) - ? - C:\Windows\System32\DRIVERS\ZTEusbmdm6k.sys  (File not found)

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "text/xml" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{472083B0-C522-11CF-8763-00608CC02F24} "avast" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\ashShell.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - ? -   (File not found | COM-object registry key not found)
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - ? -   (File not found | COM-object registry key not found)
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - ? -   (File not found | COM-object registry key not found)
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - ? -   (File not found | COM-object registry key not found)
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - "Alexander Roshal" - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "ClsidExtension" - ? -   (File not found | COM-object registry key not found)
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} "avast! WebRep" - "AVAST Software" - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

[Logon]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avast" - "AVAST Software" - "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
"Broadcom Wireless Manager UI" - "Dell Inc." - C:\Windows\system32\WLTRAY.exe
"Dell Webcam Central" - "Creative Technology Ltd" - "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
"IAAnotif" - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

[Network Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )-----
"Dell Wireless WLAN Card Logon Provider" - "Dell Inc." - C:\Windows\System32\BCMLogon.dll

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"avast! Antivirus" (avast! Antivirus) - "AVAST Software" - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
"Change Modem Device Service" (Change Modem Device Service) - ? - C:\Windows\system32\ChgService.exe  (File found, but it contains no detailed information)
"Dell Wireless WLAN Tray Service" (wltrysvc) - ? - C:\Windows\System32\WLTRYSVC.EXE  (File found, but it contains no detailed information)
"Dock Login Service" (DockLoginService) - "Stardock Corporation" - C:\Program Files\Dell\DellDock\DockLogin.exe
"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoToAssist" (GoToAssist) - "Citrix Online, a division of Citrix Systems, Inc." - C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe
"SupportSoft Sprocket Service (DellSupportCenter)" (sprtsvc_DellSupportCenter) - "SupportSoft, Inc." - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

[Winlogon]
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"GoToAssist" - "Citrix Online, a division of Citrix Systems, Inc." - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll

===[ Logfile end ]=========================================[ Logfile end ]===
         
 --- --- ---

aswmbr

Code:

ATTFilter

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-08 23:50:08
-----------------------------
23:50:08.290    OS Version: Windows 6.0.6002 Service Pack 2
23:50:08.291    Number of processors: 2 586 0x170A
23:50:08.293    ComputerName: xxx-NOTEBOOK  UserName: xxx
23:50:09.594    Initialize success
23:50:09.779    AVAST engine defs: 12040801
23:50:36.853    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
23:50:36.855    Disk 0 Vendor: WDC_WD25 11.0 Size: 238475MB BusType: 3
23:50:36.905    Disk 0 MBR read successfully
23:50:36.908    Disk 0 MBR scan
23:50:36.911    Disk 0 Windows VISTA default MBR code
23:50:36.914    Disk 0 Partition 1 00     DE Dell Utility Dell 8.0       39 MB offset 63
23:50:36.922    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS        15000 MB offset 81920
23:50:36.942    Disk 0 Partition 3 80 (A) 07    HPFS/NTFS NTFS       223434 MB offset 30801920
23:50:36.948    Disk 0 scanning sectors +488395120
23:50:37.032    Disk 0 scanning C:\Windows\system32\drivers
23:50:49.704    Service scanning
23:51:05.872    Modules scanning
23:51:28.377    Disk 0 trace - called modules:
23:51:28.418    ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll 
23:51:28.419    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87fe7510]
23:51:28.420    3 CLASSPNP.SYS[8b5a58b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x86146028]
23:51:29.267    AVAST engine scan C:\Windows
23:51:32.113    AVAST engine scan C:\Windows\system32
23:53:33.609    AVAST engine scan C:\Windows\system32\drivers
23:53:46.926    AVAST engine scan C:\Users\xxx
23:56:20.169    Disk 0 MBR has been saved successfully to "C:\Users\xxx\Desktop\MBR.dat"
23:56:20.176    The log file has been saved successfully to "C:\Users\xxx\Desktop\aswMBR.txt"

lg,
lin.x

cosinus · 08.04.2012, 23:09

Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

lin.x · 09.04.2012, 21:57

Juchu!

Mbam war clean, logfile:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.04.09.02

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 7.0.6002.18005
xxx:: xxx-NOTEBOOK [Administrator]

Schutz: Aktiviert

09.04.2012 13:31:28
mbam-log-2012-04-09 (13-31-28).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 364675
Laufzeit: 5 Stunde(n), 37 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Hier die Ergebnisse von SUPERantispyware, hab ein paar links entfernt:

Code:

ATTFilter

SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/09/2012 at 10:00 PM

Application Version : 5.0.1146

Core Rules Database Version : 8426
Trace Rules Database Version: 6238

Scan type       : Complete Scan
Total Scan Time : 02:40:28

Operating System Information
Windows Vista Home Premium 32-bit, Service Pack 2 (Build 6.00.6002)
UAC On - Limited User (Administrator User)

Memory items scanned      : 778
Memory threats detected   : 0
Registry items scanned    : 32497
Registry threats detected : 0
File items scanned        : 213287
File threats detected     : 77

Adware.Tracking Cookie
	.imrworldwide.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.imrworldwide.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.webresint.122.2o7.net [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.liveperson.net [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.xiti.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	livestat.derstandard.at [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.findingvegan.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	stats.talkingpointsmemo.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.nakedcapitalism.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.philips.112.2o7.net [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	s09.flagcounter.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.guj.122.2o7.net [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	stats.greenpeace.at [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.dmtracker.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	www.countertool.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.getclicky.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.static.getclicky.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	in.getclicky.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.paypal.112.2o7.net [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.findthebest.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.findthebest.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.findthebest.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	stats.marketingtruthserum.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	www.blogcounter.de [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.care2.112.2o7.net [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	bb.b5media.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.invitemedia.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	www.blogcounter.de [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	link [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	link [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	tracking.oe24.at [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	tracking.oe24.at [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	servestats.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	servestats.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.toplist.cz [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	tracking.weinwelt.at [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	counters.gigya.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.bonniercorp.122.2o7.net [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.2o7.net [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.findmyhome.at [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.findmyhome.at [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.findmyhome.at [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	wstat.wibiya.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	a.visualrevenue.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.liveperson.net [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	server.lon.liveperson.net [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	de.sitestat.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	link [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	link [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	link [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.nakedcapitalism.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.nakedcapitalism.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.nakedcapitalism.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	www.etracker.de [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	accounts.youtube.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	accounts.google.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	www.blogcounter.de [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.findingvegan.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.findingvegan.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]
	.findingvegan.com [ C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HCBY53EZ.DEFAULT\COOKIES.SQLITE ]

Lg

cosinus · 09.04.2012, 22:22

Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

07.04.2012, 18:40	#18
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Smart Defragmenter Haste es im abgesicherten Modus probiert? __________________ __________________

08.04.2012, 23:09	#28
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Smart Defragmenter Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! __________________ Logfiles bitte immer in CODE-Tags posten

Smart Defragmenter

Log-Analyse und Auswertung: Smart Defragmenter