LOG-Analys von DDS und Anti-Malware / Internet immer langsamer bis zum kompletten abbruch

Bobby91 · 02.05.2012, 17:37

Hallo Trojaner-Team,

seit ein paar Wochen fängt meine W-Lan Verbindung immer mal an langsamer zu werden bis hin zum kompletten Abbruch. Das komische daran ist, dass das nur bei mir am Pc der Fall ist, mein Bruder und meine Eltern bleiben davon verschont.

Meistens bekomme ich die Internet Verbindung wieder wenn ich die Verbindung einfach "trenne" und nach einer Minute wiederherstelle , oder wenn ich den Stick rausziehe und später wieder reinstecke. Das klappte die letzten paar mal auch nicht.
Ich hab mir schon öfters gedacht dass das vielleicht daran liegen kann das ich manchmal auf diversen Seiten unterwegs bin , die zwar legal sind aber auch bekannt dafür Trojaner oder ähnliches auf den PC zu schicken. Hier ist der Log der nach der Analyse herauskam :

.DDS Logfile:

Code:

ATTFilter

DDS (Ver_2011-08-26.01) - NTFSAMD64 
Internet Explorer: 9.0.8112.16421  BrowserJavaVersion: 1.6.0_24
Run by Christoph at 22:22:30 on 2012-05-01
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.4094.2397 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\ASUS.SYS\config\DVMExportService.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\DAODx.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Logitech\GamePanel Software\LGDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\ICQ7.4\ICQ.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\Program Files (x86)\ASUS\EPU\EPU.exe
C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\taskhost.exe
C:\Users\Christoph\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Christoph\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Christoph\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Users\Christoph\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.daemon-search.com/startpage
uInternet Settings,ProxyOverride = fritz.box;*.local
uURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
uURLSearchHooks: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll
mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
mURLSearchHooks: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll
mURLSearchHooks: H - No File
mURLSearchHooks: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
mURLSearchHooks: H - No File
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: softonic-de3 Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
EB: ICQToolBar: {855f3b16-6d32-4fe6-8a56-bbb695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
uRun: [Google Update] "C:\Users\Christoph\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [ICQ] "C:\Program Files (x86)\ICQ7.4\ICQ.exe" silent loginmode=4
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
mRun: [RoccatKone+] "C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE"
mRun: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe
mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\Users\CHRIST~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{4B5DBC2F-B0CA-45D3-A0D3-5167F5C40D7B} : NameServer = 192.168.178.1
TCP: Interfaces\{DA30CE20-75F2-4C0D-8C1C-39626E24A26D} : NameServer = 192.168.178.1
TCP: Interfaces\{E43AE3F9-C7EC-403D-8512-A2BC1DC8408E} : DhcpNameServer = 192.168.178.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\HmelyoffLabs\VHToolkit\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
{30F9B915-B755-4826-820B-08FBA6BD249D}
{326E768D-4182-46FD-9C16-1449A49795F4}
{593DDEC6-7468-4cdd-90E1-42DADAA222E9}
{9030D464-4C02-4ABF-8ECC-5164760863C6}
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
{DBC80044-A445-435b-BC74-9C25C1C588A9}
{855F3B16-6D32-4FE6-8A56-BBB695989046}
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
{30F9B915-B755-4826-820B-08FBA6BD249D}
{32099AAC-C132-4136-9E9A-4E364A424E17}
EB-X64: {855F3B16-6D32-4FE6-8A56-BBB695989046} - No File
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [Six Engine] "C:\Program Files (x86)\ASUS\EPU\EPU.exe" -b
mRun-x64: [RoccatKone+] "C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE"
mRun-x64: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe
mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
IE-X64: {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\ht840s7s.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - www.team-andro.com
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - prefs.js: network.proxy.type - 0
FF - component: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\ht840s7s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components\RadioWMPCoreGecko19.dll
FF - component: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\ht840s7s.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\ht840s7s.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Christoph\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: softonic-de3 Community Toolbar: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - %profile%\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
FF - Ext: DAEMON Tools Toolbar: DTToolbar@toolbarnet.com - %profile%\extensions\DTToolbar@toolbarnet.com
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\system32\DRIVERS\avkmgr.sys --> C:\Windows\system32\DRIVERS\avkmgr.sys [?]
R1 VWiFiFlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-1-26 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-4-22 86224]
R2 AntiVirService;Avira Echtzeit Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-4-22 110032]
R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?]
R2 DvmMDES;DeviceVM Meta Data Export Service;C:\ASUS.SYS\config\DVMExportService.exe [2009-10-16 319488]
R2 ICQ Service;ICQ Service;C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-2-1 247096]
R3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys --> C:\Windows\system32\DRIVERS\amdiox64.sys [?]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 fwlanusbn;FRITZ!WLAN N;C:\Windows\system32\DRIVERS\fwlanusbn.sys --> C:\Windows\system32\DRIVERS\fwlanusbn.sys [?]
R3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys --> C:\Windows\system32\drivers\LGBusEnum.sys [?]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 avmeject;AVM Eject;C:\Windows\system32\drivers\avmeject.sys --> C:\Windows\system32\drivers\avmeject.sys [?]
S3 FWLANUSB;AVM FRITZ!WLAN;C:\Windows\system32\DRIVERS\fwlanusb.sys --> C:\Windows\system32\DRIVERS\fwlanusb.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
.
=============== Created Last 30 ================
.
2012-05-01 08:32:30	8917360	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DACE2C1D-5DF9-49A2-A4F4-A884069C353C}\mpengine.dll
2012-04-22 12:22:23	--------	d-----w-	C:\Users\Christoph\AppData\Roaming\Avira
2012-04-22 12:16:55	97312	----a-w-	C:\Windows\System32\drivers\avgntflt.sys
2012-04-22 12:16:55	27760	----a-w-	C:\Windows\System32\drivers\avkmgr.sys
2012-04-22 12:16:55	--------	d-----w-	C:\ProgramData\Avira
2012-04-22 12:16:55	--------	d-----w-	C:\Program Files (x86)\Avira
2012-04-11 15:46:38	80896	----a-w-	C:\Windows\System32\imagehlp.dll
2012-04-11 15:46:38	22896	----a-w-	C:\Windows\System32\drivers\fs_rec.sys
2012-04-11 15:46:38	158720	----a-w-	C:\Windows\SysWow64\imagehlp.dll
2012-04-11 15:46:37	5120	----a-w-	C:\Windows\SysWow64\wmi.dll
2012-04-11 15:46:37	5120	----a-w-	C:\Windows\System32\wmi.dll
2012-04-11 15:46:37	220672	----a-w-	C:\Windows\System32\wintrust.dll
2012-04-11 15:46:37	172544	----a-w-	C:\Windows\SysWow64\wintrust.dll
.
==================== Find3M  ====================
.
2012-03-06 06:43:21	5504880	----a-w-	C:\Windows\System32\ntoskrnl.exe
2012-03-06 05:59:41	3958128	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2012-03-06 05:59:41	3902320	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2012-02-28 06:56:48	2311168	----a-w-	C:\Windows\System32\jscript9.dll
2012-02-28 06:49:56	1390080	----a-w-	C:\Windows\System32\wininet.dll
2012-02-28 06:48:57	1493504	----a-w-	C:\Windows\System32\inetcpl.cpl
2012-02-28 06:42:55	2382848	----a-w-	C:\Windows\System32\mshtml.tlb
2012-02-28 01:18:55	1799168	----a-w-	C:\Windows\SysWow64\jscript9.dll
2012-02-28 01:11:21	1427456	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2012-02-28 01:11:07	1127424	----a-w-	C:\Windows\SysWow64\wininet.dll
2012-02-28 01:03:16	2382848	----a-w-	C:\Windows\SysWow64\mshtml.tlb
2012-02-23 08:18:36	279656	------w-	C:\Windows\System32\MpSigStub.exe
2012-02-15 06:27:54	1031680	----a-w-	C:\Windows\System32\rdpcore.dll
2012-02-15 05:44:57	826368	----a-w-	C:\Windows\SysWow64\rdpcore.dll
2012-02-15 04:47:21	204800	----a-w-	C:\Windows\System32\drivers\rdpwd.sys
2012-02-15 04:46:59	23552	----a-w-	C:\Windows\System32\drivers\tdtcp.sys
2012-02-10 06:18:10	1541120	----a-w-	C:\Windows\System32\DWrite.dll
2012-02-10 06:17:55	1837568	----a-w-	C:\Windows\System32\d3d10warp.dll
2012-02-10 06:17:54	902656	----a-w-	C:\Windows\System32\d2d1.dll
2012-02-10 06:17:54	320512	----a-w-	C:\Windows\System32\d3d10_1core.dll
2012-02-10 06:17:54	197120	----a-w-	C:\Windows\System32\d3d10_1.dll
2012-02-10 05:41:38	1074176	----a-w-	C:\Windows\SysWow64\DWrite.dll
2012-02-10 05:41:20	218624	----a-w-	C:\Windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41:20	161792	----a-w-	C:\Windows\SysWow64\d3d10_1.dll
2012-02-10 05:41:20	1170944	----a-w-	C:\Windows\SysWow64\d3d10warp.dll
2012-02-10 05:41:19	739840	----a-w-	C:\Windows\SysWow64\d2d1.dll
2012-02-03 04:16:03	3143168	----a-w-	C:\Windows\System32\win32k.sys
.
============= FINISH: 22:23:

--- --- ---

Und hier ist der Log von Anti-Malware

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.01.11

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Christoph :: CHRISTOPH-PC [Administrator]

01.05.2012 22:44:55
mbam-log-2012-05-01 (22-44-55).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 201187
Laufzeit: 3 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 13
HKCR\AppID\{D2083641-E57F-4eab-BB85-0582424F4A29} (Adware.HotBar.CP) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{69725738-CD68-4f36-8D02-8C43722EE5DA} (Adware.Hotbar) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B58926D6-CFB0-45D2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ClickPotatoLiteAx.Info (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ClickPotatoLiteAx.Info.1 (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ClickPotatoLiteAX.UserProfiles (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\ClickPotatoLiteAX.UserProfiles.1 (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MenuButtonIE.ButtonIE (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\MenuButtonIE.ButtonIE.1 (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\MenuButtonIE.DLL (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\clickpotatolitesa (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\ClickPotatoLite (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKLM\SOFTWARE\Mozilla\Firefox\extensions|ClickPotatoLite@ClickPotatoLite.com (Adware.ClickPotato) -> Daten: C:\Program Files (x86)\ClickPotatoLite\bin\10.0.659.0\firefox\extensions -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 14
C:\ProgramData\2ACA5CC3-0F83-453D-A079-1076FE1A8B65 (Adware.Seekmo) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\ClickPotatoLiteSA (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Christoph\AppData\Roaming\ClickPotatoLite (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ClickPotatoLite (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ClickPotatoLite\bin (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.655.0 (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.655.0\firefox (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.655.0\firefox\extensions (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.655.0\firefox\extensions\plugins (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.659.0 (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.659.0\firefox (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.659.0\firefox\extensions (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.659.0\firefox\extensions\plugins (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 13
C:\$Recycle.Bin\S-1-5-21-1074455031-1119761506-3827550617-1000\$RP7QQ7O.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA.dat (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAAbout.mht (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAau.dat (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSAEULA.mht (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_hpk.dat (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\ClickPotatoLiteSA\ClickPotatoLiteSA_kyf.dat (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.655.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.655.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.659.0\ClickPotatoLiteSAHook.dll (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.659.0\firefox\extensions\install.rdf (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\ClickPotatoLite\bin\10.0.659.0\firefox\extensions\plugins\npclntax_ClickPotatoLiteSA.dll (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClickPotato\About Us.lnk (Adware.ClickPotato) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Ich habe die infizierten Sachen nun gelöscht ( das meiste davon war " Clickpotatoe " ) , mein PC ist aber denke ich noch lange nicht sauber, wie sollte ich weiter vorgehen ?

Mfg

cosinus · 02.05.2012, 19:28

Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

Bobby91 · 03.05.2012, 06:34

Hallo,

Danke für deine schnelle Antwort.

Hab jetzt nochmal alles nochmal so gemacht wie du es gesagt hast.

1.Hier der Log von Anti-Malware Full-Scan.

Code:

ATTFilter

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.05.01.11

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Christoph :: CHRISTOPH-PC [Administrator]

02.05.2012 21:24:57
mbam-log-2012-05-02 (21-24-57).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 380641
Laufzeit: 59 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\$Recycle.Bin\S-1-5-21-1074455031-1119761506-3827550617-1000\$RP7QQ7O.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.

(Ende)

2. Hier der von Eset.

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=c699995a3ddae246b8bc472bc1ff204f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-05-02 10:00:42
# local_time=2012-05-03 12:00:42 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1024 16777215 100 0 42602309 42602309 0 0
# compatibility_mode=1792 16777215 100 0 893628 893628 0 0
# compatibility_mode=5893 16776573 100 94 129493 88396314 0 0
# compatibility_mode=8192 67108863 100 0 59 59 0 0
# scanned=197644
# found=5
# cleaned=0
# scan_time=5399
C:\$Recycle.Bin\S-1-5-21-1074455031-1119761506-3827550617-1000\$R5GSWEG.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\$Recycle.Bin\S-1-5-21-1074455031-1119761506-3827550617-1000\$RP7QQ7O.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\$Recycle.Bin\S-1-5-21-1074455031-1119761506-3827550617-1000\$RV6X57V.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\c_PC.sys\FreeVideoDownloader\Iggels_VideoPlayer\SoftonicDownloader_fuer_iggels-videoplayer.exe	a variant of Win32/SoftonicDownloader.A application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\c1ae1c2-4f71b055	multiple threats (unable to clean)	00000000000000000000000000000000	I

Danke :-)

Liebe Grüße.

cosinus · 03.05.2012, 14:55

Zitat:

C:\c_PC.sys\FreeVideoDownloader\Iggels_VideoPlayer\SoftonicDownloader_fuer_iggels-videoplayer.ex

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Bobby91 · 03.05.2012, 20:31

Softonic habe ich aktiv nie heruntergeladen , könnte das eventuell von dem Google Chrome Browser mitgekommen sein den ich zur Zeit benutze?

zu 1 : Der Modus geht uneingeschränkt, ich habe soweit keine Beschwerden. Außer das vor einer Woche Windows nicht geladen hat und ich Windows zuerst überprüfen lassen musste ( anscheinend vom eigenen System) , jedenfalls kam dann wie ein BIOS Bildschirm und es wurde auch ein Log geschrieben, nach einer halben Stunde war das vorbei und ich konnte wieder normal in Windows reingehen. Doch davor ist es immer bei dem Anfans Symbol "Windows wird geladen" hängen geblieben.

2. Im Startmenü vermisse ich nichts, bzw. ist mir nichts aufgefallen

Danke.

cosinus · 04.05.2012, 10:29

Zitat:

Softonic habe ich aktiv nie heruntergeladen , könnte das eventuell von dem Google Chrome Browser mitgekommen sein den ich zur Zeit benutze?

Nein wie denn? Softonic ist eine Seite, die Softwaredownloads anbietet, aber in diesen Downloads von Softonic ist nunmal dieser Müll enthalten
Das hat so mit Chrome, Firefox oder mit dem IE nichts zu tun

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Bobby91 · 04.05.2012, 15:39

Ok jetzt wo ich das weiß versuche ich die Sachen dann direkt vom Anbieter zu laden, danke.

Hab OLT durchlaufen lassen, hier der Log

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 04.05.2012 16:20:02 - Run 1
OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\Christoph\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,52 Gb Available Physical Memory | 63,09% Memory free
7,99 Gb Paging File | 6,09 Gb Available in Paging File | 76,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 488,18 Gb Total Space | 178,16 Gb Free Space | 36,49% Space Free | Partition Type: NTFS
Drive E: | 7,78 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: CHRISTOPH-PC | User Name: Christoph | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.05.04 16:15:21 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe
PRC - [2012.04.21 01:58:24 | 000,489,256 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.01.31 08:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.12.23 04:39:22 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2011.01.17 19:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 19:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.12.09 21:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2010.09.01 06:26:04 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
PRC - [2010.08.02 16:35:56 | 000,552,960 | ---- | M] (ROCCAT GmbH) -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
PRC - [2010.04.27 04:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.03.16 19:22:40 | 005,309,056 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU\EPU.exe
PRC - [2009.10.16 11:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009.08.13 18:37:44 | 000,522,760 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe
PRC - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
PRC - [2009.03.20 02:03:00 | 001,904,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2009.03.20 02:03:00 | 000,368,640 | R--- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.04.21 01:58:23 | 020,297,512 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012.04.21 01:58:12 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012.04.21 01:58:12 | 000,907,048 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2012.04.21 01:58:12 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012.04.21 01:58:12 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2011.02.21 18:38:06 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.12.09 21:29:16 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2010.12.09 21:28:24 | 001,226,608 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.11.17 14:16:56 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010.06.22 14:50:52 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\hiddriver.dll
MOD - [2010.01.08 18:17:24 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\pngio.dll
MOD - [2010.01.08 18:17:24 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\AsSpindownTimeout.dll
MOD - [2009.09.30 05:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009.04.22 21:20:00 | 000,179,712 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU\ASUSSERVICE.DLL
MOD - [2009.03.30 08:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.03.05 23:21:20 | 000,203,776 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.01.26 19:01:28 | 000,354,304 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2012.04.21 01:58:24 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.01.31 08:56:05 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.01.31 08:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010.06.17 06:23:36 | 000,194,496 | ---- | M] (Advanced Micro Devices) [Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe -- (AMD Reservation Manager)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.16 11:42:48 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.03.20 02:03:00 | 000,368,640 | R--- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.31 08:56:33 | 000,132,320 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.01.31 08:56:33 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.09.06 20:17:04 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.05 23:24:31 | 000,115,216 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.03.05 23:22:16 | 009,085,952 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.03.05 23:21:22 | 000,299,520 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.12.14 19:51:20 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2010.05.31 05:46:50 | 000,333,928 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.04.27 03:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.04.27 03:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 16:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.19 09:56:08 | 000,712,704 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.20 02:03:00 | 000,552,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusbn.sys -- (fwlanusbn)
DRV:64bit: - [2009.03.20 02:03:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2009.03.20 02:03:00 | 000,014,120 | R--- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
 
 
IE - HKU\.DEFAULT\..\URLSearchHook:  - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.daemon-search.com/startpage
IE - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A CD EA A9 0F 8E CB 01  [binary data]
IE - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
IE - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\..\SearchScopes\{25EEA06D-94AA-454C-9923-A2937B483F6E}: "URL" = hxxp://search.avg.com/route/?d=4d1798b0&v=6.10.23.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = fritz.box;*.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..browser.startup.homepage: "www.team-andro.com"
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065}:3.2.5.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - prefs.js..network.proxy.no_proxies_on: "fritz.box"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_10_2_161.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Christoph\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Christoph\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010.12.22 10:22:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010.12.22 10:22:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.01 20:04:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.01 20:04:33 | 000,000,000 | ---D | M]
 
[2010.11.29 15:16:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Extensions
[2012.05.01 20:45:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions
[2011.02.01 22:56:33 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.02.10 20:05:51 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.09.06 20:19:05 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\DTToolbar@toolbarnet.com
[2011.02.10 20:05:51 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\engine@conduit.com
[2010.12.08 16:47:52 | 000,000,927 | ---- | M] () -- C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\ht840s7s.default\searchplugins\conduit.xml
[2011.09.06 20:18:53 | 000,002,055 | ---- | M] () -- C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\ht840s7s.default\searchplugins\daemon-search.xml
[2012.05.01 20:32:16 | 000,001,056 | ---- | M] () -- C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\ht840s7s.default\searchplugins\icqplugin.xml
[2012.05.01 20:04:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.02.21 18:37:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.03.19 21:29:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010.12.22 10:22:58 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2010.12.22 10:22:59 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2011.02.02 22:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.27 07:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010.10.27 07:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2010.10.27 07:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2010.10.27 07:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2010.10.27 07:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Christoph\AppData\Local\Google\Chrome\Application\18.0.1025.168\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Christoph\AppData\Local\Google\Chrome\Application\18.0.1025.168\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Christoph\AppData\Local\Google\Chrome\Application\18.0.1025.168\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Christoph\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - Extension: YouTube = C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Christoph\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [RoccatKone+] C:\Program Files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.EXE (ROCCAT GmbH)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000..\Run: [ICQ] C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B5DBC2F-B0CA-45D3-A0D3-5167F5C40D7B}: NameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DA30CE20-75F2-4C0D-8C1C-39626E24A26D}: NameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E43AE3F9-C7EC-403D-8512-A2BC1DC8408E}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\HmelyoffLabs\VHToolkit\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.11.10 19:51:06 | 000,000,041 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{b9fe4dba-f849-11df-9174-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b9fe4dba-f849-11df-9174-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2011.11.10 19:51:26 | 001,828,544 | R--- | M] (BioWare, LucasArts)
O33 - MountPoints2\{c59e57e8-fa5c-11df-878c-20cf30beabed}\Shell - "" = AutoRun
O33 - MountPoints2\{c59e57e8-fa5c-11df-878c-20cf30beabed}\Shell\AutoRun\command - "" = F:\pushinst.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32: msacm.divxa32 - C:\Windows\SysWow64\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.05.04 16:15:25 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe
[2012.05.02 22:29:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.05.02 22:29:30 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Christoph\Desktop\esetsmartinstaller_enu.exe
[2012.05.01 22:42:16 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Malwarebytes
[2012.05.01 22:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.05.01 22:41:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.05.01 22:41:56 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.05.01 22:41:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.05.01 22:41:43 | 009,502,424 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Christoph\Desktop\mbam-setup-1.60.1.1000.exe
[2012.05.01 22:21:36 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Christoph\Desktop\dds.com
[2012.04.24 01:17:45 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.04.22 14:22:23 | 000,000,000 | ---D | C] -- C:\Users\Christoph\AppData\Roaming\Avira
[2012.04.22 14:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.04.22 14:16:55 | 000,132,320 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.04.22 14:16:55 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.04.22 14:16:55 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.04.22 14:16:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.04.22 14:16:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.05.04 16:19:53 | 000,013,408 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.05.04 16:19:53 | 000,013,408 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.05.04 16:19:53 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012.05.04 16:15:45 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.05.04 16:15:45 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.05.04 16:15:45 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.05.04 16:15:45 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.05.04 16:15:45 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.05.04 16:15:21 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\Christoph\Desktop\OTL.exe
[2012.05.04 16:09:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.05.04 16:09:43 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
[2012.05.03 21:46:10 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1074455031-1119761506-3827550617-1000UA.job
[2012.05.02 22:47:59 | 000,002,383 | ---- | M] () -- C:\Users\Christoph\Desktop\Google Chrome.lnk
[2012.05.02 22:29:26 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Christoph\Desktop\esetsmartinstaller_enu.exe
[2012.05.01 22:44:18 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.01 22:41:45 | 009,502,424 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Christoph\Desktop\mbam-setup-1.60.1.1000.exe
[2012.05.01 22:21:28 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Christoph\Desktop\dds.com
[2012.05.01 22:16:38 | 000,000,188 | ---- | M] () -- C:\Users\Christoph\defogger_reenable
[2012.05.01 22:16:03 | 000,050,477 | ---- | M] () -- C:\Users\Christoph\Desktop\Defogger.exe
[2012.05.01 20:04:35 | 000,001,943 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.05.01 17:18:03 | 000,000,506 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for Christoph.job
[2012.05.01 16:46:03 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1074455031-1119761506-3827550617-1000Core.job
[2012.04.26 11:51:24 | 000,044,908 | ---- | M] () -- C:\Users\Christoph\Desktop\2-week-beginner-cf-program.pdf
[2012.04.25 23:02:00 | 000,735,719 | ---- | M] () -- C:\Users\Christoph\Desktop\468108_317016988368691_100001811760406_724898_176241380_o.jpg
[2012.04.22 14:17:09 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.04.11 12:13:14 | 000,014,852 | ---- | M] () -- C:\Users\Christoph\Desktop\Studium.ods
[2012.04.04 23:10:59 | 000,550,489 | ---- | M] () -- C:\Users\Christoph\Desktop\2i74fpt.png
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.05.01 22:41:57 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.05.01 22:16:37 | 000,000,188 | ---- | C] () -- C:\Users\Christoph\defogger_reenable
[2012.05.01 22:16:07 | 000,050,477 | ---- | C] () -- C:\Users\Christoph\Desktop\Defogger.exe
[2012.05.01 20:04:35 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.04.26 11:51:27 | 000,044,908 | ---- | C] () -- C:\Users\Christoph\Desktop\2-week-beginner-cf-program.pdf
[2012.04.25 23:02:06 | 000,735,719 | ---- | C] () -- C:\Users\Christoph\Desktop\468108_317016988368691_100001811760406_724898_176241380_o.jpg
[2012.04.22 14:17:09 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.04.04 23:11:03 | 000,550,489 | ---- | C] () -- C:\Users\Christoph\Desktop\2i74fpt.png
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.08.30 19:12:49 | 000,040,960 | ---- | C] () -- C:\Windows\SysWow64\psfind.dll
[2011.03.21 16:32:41 | 000,005,632 | ---- | C] () -- C:\Users\Christoph\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.05 23:24:25 | 000,003,113 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.01.26 22:43:49 | 000,815,104 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.01.26 22:43:49 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.11.25 19:40:04 | 000,007,605 | ---- | C] () -- C:\Users\Christoph\AppData\Local\Resmon.ResmonCfg
[2010.11.25 19:33:43 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.11.25 19:24:18 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010.11.25 19:24:18 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010.11.25 19:24:15 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010.11.25 19:24:15 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010.11.25 19:03:28 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.11.25 19:03:23 | 000,031,232 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
 
========== LOP Check ==========
 
[2011.01.31 17:23:01 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\AnvSoft
[2010.12.22 14:52:46 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\AVG10
[2011.09.24 17:02:21 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Bioshock2
[2011.09.24 23:56:00 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DAEMON Tools Lite
[2012.05.04 16:19:30 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\ICQ
[2010.12.22 10:23:00 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Local
[2011.03.25 19:34:05 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\LolClient
[2011.02.21 18:38:54 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\OpenOffice.org
[2011.09.06 22:49:07 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\The Creative Assembly
[2011.03.27 13:32:23 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\TS3Client
[2012.02.28 22:15:39 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2010.12.06 14:19:15 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Adobe
[2010.11.26 20:27:52 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\AdobeUM
[2011.01.31 17:23:01 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\AnvSoft
[2011.02.10 15:26:16 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Apple Computer
[2010.11.25 19:34:16 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\ATI
[2010.12.22 14:52:46 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\AVG10
[2012.04.22 14:22:23 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Avira
[2011.09.24 17:02:21 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Bioshock2
[2011.09.24 23:56:00 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DAEMON Tools Lite
[2011.01.25 15:23:25 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\DivX
[2012.02.16 00:08:06 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\dvdcss
[2011.01.20 22:58:05 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\GRETECH
[2012.05.04 16:19:30 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\ICQ
[2010.11.24 23:18:14 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Identities
[2010.12.22 10:23:00 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Local
[2011.03.25 19:34:05 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\LolClient
[2010.11.28 04:13:03 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Macromedia
[2012.05.01 22:42:16 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Media Center Programs
[2010.12.13 20:14:00 | 000,000,000 | --SD | M] -- C:\Users\Christoph\AppData\Roaming\Microsoft
[2011.02.10 20:05:46 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\mIRC
[2010.11.29 15:16:41 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\Mozilla
[2011.02.21 18:38:54 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\OpenOffice.org
[2011.04.12 18:23:28 | 000,000,000 | RH-D | M] -- C:\Users\Christoph\AppData\Roaming\SecuROM
[2011.12.23 01:02:06 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\teamspeak2
[2011.09.06 22:49:07 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\The Creative Assembly
[2011.03.27 13:32:23 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\TS3Client
[2012.02.29 23:27:46 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\vlc
[2011.01.02 15:49:24 | 000,000,000 | ---D | M] -- C:\Users\Christoph\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
[2007.11.07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2010.09.01 06:29:28 | 011,406,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\wmp.dll

< End of report >

--- --- ---

Danke

cosinus · 04.05.2012, 18:50

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

ATTFilter

:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
IE - HKU\.DEFAULT\..\URLSearchHook:  - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-18\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.daemon-search.com/startpage
IE - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8A CD EA A9 0F 8E CB 01  [binary data]
IE - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\..\URLSearchHook: {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\..\SearchScopes,DefaultScope = {AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}
IE - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\..\SearchScopes\{25EEA06D-94AA-454C-9923-A2937B483F6E}: "URL" = http://search.avg.com/route/?d=4d1798b0&v=6.10.23.1&i=23&tp=chrome&q={searchTerms}&lng={language}&iy=&ychte=us
IE - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2431245
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.defaultthis.engineName: "softonic-de3 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "DAEMON Search"
FF - prefs.js..extensions.enabledItems: engine@conduit.com:3.2.5.2
FF - prefs.js..extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.2.0185
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
FF - user.js - File not found
[2011.02.01 22:56:33 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.02.10 20:05:51 | 000,000,000 | ---D | M] (softonic-de3 Community Toolbar) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}
[2011.09.06 20:19:05 | 000,000,000 | ---D | M] ("DAEMON Tools Toolbar") -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\DTToolbar@toolbarnet.com
[2011.02.10 20:05:51 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\engine@conduit.com
[2010.12.08 16:47:52 | 000,000,927 | ---- | M] () -- C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\ht840s7s.default\searchplugins\conduit.xml
[2011.09.06 20:18:53 | 000,002,055 | ---- | M] () -- C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\ht840s7s.default\searchplugins\daemon-search.xml
[2012.05.01 20:32:16 | 000,001,056 | ---- | M] () -- C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\ht840s7s.default\searchplugins\icqplugin.xml
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (softonic-de3 Toolbar) - {cc05a3e3-64c3-4af2-bfc1-af0d66b69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\..\Toolbar\WebBrowser: (softonic-de3 Toolbar) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - C:\Program Files (x86)\softonic-de3\tbsoft.dll (Conduit Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{b9fe4dba-f849-11df-9174-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{b9fe4dba-f849-11df-9174-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe -- [2011.11.10 19:51:26 | 001,828,544 | R--- | M] (BioWare, LucasArts)
O33 - MountPoints2\{c59e57e8-fa5c-11df-878c-20cf30beabed}\Shell - "" = AutoRun
O33 - MountPoints2\{c59e57e8-fa5c-11df-878c-20cf30beabed}\Shell\AutoRun\command - "" = F:\pushinst.exe
:Files
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Bobby91 · 04.05.2012, 19:34

Guten Abend,

Hab alles befolgt, danke.

hier der Log , nach dem Neustart.

Code:

ATTFilter

All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
C:\Program Files (x86)\softonic-de3\tbsoft.dll moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.
HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Secondary Start Pages| /E : value set successfully!
HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-1074455031-1119761506-3827550617-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-1074455031-1119761506-3827550617-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1074455031-1119761506-3827550617-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1074455031-1119761506-3827550617-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{A3BC75A2-1F87-4686-AA43-5347D756017C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A3BC75A2-1F87-4686-AA43-5347D756017C}\ not found.
Registry value HKEY_USERS\S-1-5-21-1074455031-1119761506-3827550617-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Program Files (x86)\softonic-de3\tbsoft.dll not found.
HKEY_USERS\S-1-5-21-1074455031-1119761506-3827550617-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1074455031-1119761506-3827550617-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1074455031-1119761506-3827550617-1000\Software\Microsoft\Internet Explorer\SearchScopes\{25EEA06D-94AA-454C-9923-A2937B483F6E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{25EEA06D-94AA-454C-9923-A2937B483F6E}\ not found.
Registry key HKEY_USERS\S-1-5-21-1074455031-1119761506-3827550617-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-1074455031-1119761506-3827550617-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry key HKEY_USERS\S-1-5-21-1074455031-1119761506-3827550617-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "softonic-de3 Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2431245&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturl
Prefs.js: "DAEMON Search" removed from browser.search.selectedEngine
Prefs.js: engine@conduit.com:3.2.5.2 removed from extensions.enabledItems
Prefs.js: DTToolbar@toolbarnet.com:1.1.2.0185 removed from extensions.enabledItems
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" removed from keyword.URL
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\searchplugin folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\META-INF folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\lib folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\defaults folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\components folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\chrome folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\DTToolbar@toolbarnet.com\components\Resources folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\DTToolbar@toolbarnet.com\components folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\DTToolbar@toolbarnet.com\chrome folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\DTToolbar@toolbarnet.com folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\engine@conduit.com\searchplugin folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\engine@conduit.com\META-INF folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\engine@conduit.com\lib folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\engine@conduit.com\DualPackage folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\engine@conduit.com\defaults folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\engine@conduit.com\components folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\engine@conduit.com\chrome folder moved successfully.
C:\Users\Christoph\AppData\Roaming\mozilla\Firefox\Profiles\ht840s7s.default\extensions\engine@conduit.com folder moved successfully.
C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\ht840s7s.default\searchplugins\conduit.xml moved successfully.
C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\ht840s7s.default\searchplugins\daemon-search.xml moved successfully.
C:\Users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\ht840s7s.default\searchplugins\icqplugin.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ deleted successfully.
C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File C:\Program Files (x86)\softonic-de3\tbsoft.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{30F9B915-B755-4826-820B-08FBA6BD249D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}\ not found.
File C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
File C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cc05a3e3-64c3-4af2-bfc1-af0d66b69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}\ not found.
64bit-Registry value HKEY_USERS\S-1-5-21-1074455031-1119761506-3827550617-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found.
Registry value HKEY_USERS\S-1-5-21-1074455031-1119761506-3827550617-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-1074455031-1119761506-3827550617-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.
File de3\tbsoft.dll not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9fe4dba-f849-11df-9174-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9fe4dba-f849-11df-9174-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b9fe4dba-f849-11df-9174-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b9fe4dba-f849-11df-9174-806e6f6e6963}\ not found.
File move failed. E:\Setup.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59e57e8-fa5c-11df-878c-20cf30beabed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c59e57e8-fa5c-11df-878c-20cf30beabed}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c59e57e8-fa5c-11df-878c-20cf30beabed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c59e57e8-fa5c-11df-878c-20cf30beabed}\ not found.
File F:\pushinst.exe not found.
========== FILES ==========
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Christoph\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Christoph
->Temp folder emptied: 1033938450 bytes
->Temporary Internet Files folder emptied: 262793115 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 53197887 bytes
->Google Chrome cache emptied: 396694378 bytes
->Flash cache emptied: 1134 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: KaloMa
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 163813039 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36063133 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 1.856,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Christoph
->Flash cache emptied: 0 bytes
 
User: Default
 
User: Default User
 
User: KaloMa
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.42.2 log created on 05042012_202812

Files\Folders moved on Reboot...
File move failed. E:\Setup.exe scheduled to be moved on reboot.
C:\Users\Christoph\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

lg und schönes Wochenende

cosinus · 04.05.2012, 20:28

Ich brauch den Quarantäneordner von OTL. Bitte folgendes machen:

1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen!
2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen
3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten!

4.) Wenns erfolgreich war Bescheid sagen
5.) Erst dann wieder den Virenscanner einschalten

Bobby91 · 04.05.2012, 22:02

Hi Cosinus, hab den upload erfolgreich gemacht.

P.S Das Internet Problem ist die letzten 2 Tage jetzt nicht mehr aufgetreten, war aber auch nicht oft am PC.

Lg und danke.

cosinus · 04.05.2012, 22:23

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

Bobby91 · 04.05.2012, 22:53

Hier der Log

Code:

ATTFilter

23:50:37.0641 3808	TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18
23:50:37.0934 3808	============================================================
23:50:37.0935 3808	Current date / time: 2012/05/04 23:50:37.0934
23:50:37.0935 3808	SystemInfo:
23:50:37.0935 3808	
23:50:37.0935 3808	OS Version: 6.1.7600 ServicePack: 0.0
23:50:37.0935 3808	Product type: Workstation
23:50:37.0935 3808	ComputerName: CHRISTOPH-PC
23:50:37.0935 3808	UserName: Christoph
23:50:37.0935 3808	Windows directory: C:\Windows
23:50:37.0936 3808	System windows directory: C:\Windows
23:50:37.0936 3808	Running under WOW64
23:50:37.0936 3808	Processor architecture: Intel x64
23:50:37.0936 3808	Number of processors: 6
23:50:37.0936 3808	Page size: 0x1000
23:50:37.0936 3808	Boot type: Normal boot
23:50:37.0936 3808	============================================================
23:50:39.0638 3808	Drive \Device\Harddisk0\DR0 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:50:39.0641 3808	============================================================
23:50:39.0641 3808	\Device\Harddisk0\DR0:
23:50:39.0641 3808	MBR partitions:
23:50:39.0641 3808	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:50:39.0641 3808	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3D05E000
23:50:39.0641 3808	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x6, StartLBA 0x3D090800, BlocksNum 0xABD77800
23:50:39.0641 3808	============================================================
23:50:39.0684 3808	C: <-> \Device\Harddisk0\DR0\Partition1
23:50:39.0695 3808	============================================================
23:50:39.0695 3808	Initialize success
23:50:39.0695 3808	============================================================
23:51:41.0908 5216	============================================================
23:51:41.0908 5216	Scan started
23:51:41.0908 5216	Mode: Manual; SigCheck; TDLFS; 
23:51:41.0908 5216	============================================================
23:51:44.0094 5216	1394ohci        (1b00662092f9f9568b995902f0cc40d5) C:\Windows\system32\DRIVERS\1394ohci.sys
23:51:44.0266 5216	1394ohci - ok
23:51:44.0293 5216	ACPI            (6f11e88748cdefd2f76aa215f97ddfe5) C:\Windows\system32\DRIVERS\ACPI.sys
23:51:44.0304 5216	ACPI - ok
23:51:44.0327 5216	AcpiPmi         (63b05a0420ce4bf0e4af6dcc7cada254) C:\Windows\system32\DRIVERS\acpipmi.sys
23:51:44.0437 5216	AcpiPmi - ok
23:51:44.0487 5216	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
23:51:44.0525 5216	adp94xx - ok
23:51:44.0549 5216	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
23:51:44.0571 5216	adpahci - ok
23:51:44.0591 5216	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
23:51:44.0600 5216	adpu320 - ok
23:51:44.0626 5216	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
23:51:44.0722 5216	AeLookupSvc - ok
23:51:44.0775 5216	AFD             (db9d6c6b2cd95a9ca414d045b627422e) C:\Windows\system32\drivers\afd.sys
23:51:44.0852 5216	AFD - ok
23:51:44.0876 5216	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\DRIVERS\agp440.sys
23:51:44.0905 5216	agp440 - ok
23:51:44.0919 5216	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
23:51:44.0994 5216	ALG - ok
23:51:45.0009 5216	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\DRIVERS\aliide.sys
23:51:45.0023 5216	aliide - ok
23:51:45.0070 5216	AMD External Events Utility (5eba5e837d6635aea999bae47e186c6f) C:\Windows\system32\atiesrxx.exe
23:51:45.0162 5216	AMD External Events Utility - ok
23:51:45.0234 5216	AMD FUEL Service - ok
23:51:45.0287 5216	AMD Reservation Manager (dd27f6c3de9bfe50635c721e09edc5dd) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
23:51:45.0317 5216	AMD Reservation Manager - ok
23:51:45.0336 5216	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\DRIVERS\amdide.sys
23:51:45.0350 5216	amdide - ok
23:51:45.0394 5216	amdiox64        (6a2eeb0c4133b20773bb3dd0b7b377b4) C:\Windows\system32\DRIVERS\amdiox64.sys
23:51:45.0440 5216	amdiox64 - ok
23:51:45.0468 5216	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
23:51:45.0497 5216	AmdK8 - ok
23:51:45.0886 5216	amdkmdag        (dcc8177244fe79c61c4e73c65e63922a) C:\Windows\system32\DRIVERS\atikmdag.sys
23:51:46.0065 5216	amdkmdag - ok
23:51:46.0191 5216	amdkmdap        (7fe67d107329dc2cf89136a8e19bceb7) C:\Windows\system32\DRIVERS\atikmpag.sys
23:51:46.0265 5216	amdkmdap - ok
23:51:46.0283 5216	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
23:51:46.0353 5216	AmdPPM - ok
23:51:46.0443 5216	amdsata         (ec7ebab00a4d8448bab68d1e49b4beb9) C:\Windows\system32\drivers\amdsata.sys
23:51:46.0470 5216	amdsata - ok
23:51:46.0489 5216	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
23:51:46.0508 5216	amdsbs - ok
23:51:46.0518 5216	amdxata         (db27766102c7bf7e95140a2aa81d042e) C:\Windows\system32\drivers\amdxata.sys
23:51:46.0528 5216	amdxata - ok
23:51:46.0641 5216	AntiVirSchedulerService (a122d68ea2541453f787f341877cb40b) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:51:46.0682 5216	AntiVirSchedulerService - ok
23:51:46.0748 5216	AntiVirService  (2fe359edeb34efcf42574752f8aebd3f) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:51:46.0769 5216	AntiVirService - ok
23:51:46.0804 5216	AppID           (42fd751b27fa0e9c69bb39f39e409594) C:\Windows\system32\drivers\appid.sys
23:51:46.0886 5216	AppID - ok
23:51:46.0915 5216	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
23:51:46.0958 5216	AppIDSvc - ok
23:51:46.0974 5216	Appinfo         (d065be66822847b7f127d1f90158376e) C:\Windows\System32\appinfo.dll
23:51:47.0004 5216	Appinfo - ok
23:51:47.0061 5216	Apple Mobile Device (5aa788d5a2c6737bb9c45933985bc1b8) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:51:47.0074 5216	Apple Mobile Device - ok
23:51:47.0099 5216	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
23:51:47.0115 5216	arc - ok
23:51:47.0128 5216	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
23:51:47.0139 5216	arcsas - ok
23:51:47.0239 5216	AsIO            (a82c01606dc27d05d9d3bfb6bb807e32) C:\Windows\syswow64\drivers\AsIO.sys
23:51:47.0262 5216	AsIO - ok
23:51:47.0289 5216	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
23:51:47.0352 5216	AsyncMac - ok
23:51:47.0365 5216	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\DRIVERS\atapi.sys
23:51:47.0372 5216	atapi - ok
23:51:47.0406 5216	AtiHDAudioService (4bf5bca6e2608cd8a00bc4a6673a9f47) C:\Windows\system32\drivers\AtihdW76.sys
23:51:47.0414 5216	AtiHDAudioService - ok
23:51:47.0439 5216	AudioEndpointBuilder (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
23:51:47.0469 5216	AudioEndpointBuilder - ok
23:51:47.0473 5216	AudioSrv        (07721a77180edd4d39ccb865bf63c7fd) C:\Windows\System32\Audiosrv.dll
23:51:47.0500 5216	AudioSrv - ok
23:51:47.0570 5216	avgntflt        (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
23:51:47.0587 5216	avgntflt - ok
23:51:47.0623 5216	avipbb          (852e3c0a60d368c487949e55ad52a47f) C:\Windows\system32\DRIVERS\avipbb.sys
23:51:47.0640 5216	avipbb - ok
23:51:47.0654 5216	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
23:51:47.0668 5216	avkmgr - ok
23:51:47.0784 5216	AVM WLAN Connection Service (d1a9ae485fff7c72ca50d8949b2210b9) C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
23:51:47.0818 5216	AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning
23:51:47.0818 5216	AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1)
23:51:47.0861 5216	avmeject        (1dc2f715792cf33428ad7993acbd224d) C:\Windows\system32\drivers\avmeject.sys
23:51:47.0886 5216	avmeject - ok
23:51:47.0926 5216	AxInstSV        (b20b5fa5ca050e9926e4d1db81501b32) C:\Windows\System32\AxInstSV.dll
23:51:48.0040 5216	AxInstSV - ok
23:51:48.0095 5216	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
23:51:48.0139 5216	b06bdrv - ok
23:51:48.0173 5216	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
23:51:48.0252 5216	b57nd60a - ok
23:51:48.0267 5216	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
23:51:48.0315 5216	BDESVC - ok
23:51:48.0330 5216	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
23:51:48.0404 5216	Beep - ok
23:51:48.0459 5216	BFE             (4992c609a6315671463e30f6512bc022) C:\Windows\System32\bfe.dll
23:51:48.0516 5216	BFE - ok
23:51:48.0555 5216	BITS            (7f0c323fe3da28aa4aa1bda3f575707f) C:\Windows\System32\qmgr.dll
23:51:48.0634 5216	BITS - ok
23:51:48.0682 5216	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
23:51:48.0717 5216	blbdrive - ok
23:51:48.0828 5216	Bonjour Service (f832f1505ad8b83474bd9a5b1b985e01) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
23:51:48.0861 5216	Bonjour Service - ok
23:51:48.0911 5216	bowser          (19d20159708e152267e53b66677a4995) C:\Windows\system32\DRIVERS\bowser.sys
23:51:48.0959 5216	bowser - ok
23:51:48.0974 5216	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:51:49.0012 5216	BrFiltLo - ok
23:51:49.0016 5216	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:51:49.0032 5216	BrFiltUp - ok
23:51:49.0060 5216	Browser         (94fbc06f294d58d02361918418f996e3) C:\Windows\System32\browser.dll
23:51:49.0096 5216	Browser - ok
23:51:49.0116 5216	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
23:51:49.0206 5216	Brserid - ok
23:51:49.0225 5216	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
23:51:49.0271 5216	BrSerWdm - ok
23:51:49.0290 5216	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:51:49.0322 5216	BrUsbMdm - ok
23:51:49.0326 5216	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
23:51:49.0357 5216	BrUsbSer - ok
23:51:49.0377 5216	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
23:51:49.0407 5216	BTHMODEM - ok
23:51:49.0429 5216	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
23:51:49.0470 5216	bthserv - ok
23:51:49.0493 5216	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
23:51:49.0517 5216	cdfs - ok
23:51:49.0535 5216	cdrom           (83d2d75e1efb81b3450c18131443f7db) C:\Windows\system32\DRIVERS\cdrom.sys
23:51:49.0553 5216	cdrom - ok
23:51:49.0581 5216	CertPropSvc     (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
23:51:49.0628 5216	CertPropSvc - ok
23:51:49.0644 5216	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
23:51:49.0655 5216	circlass - ok
23:51:49.0695 5216	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
23:51:49.0708 5216	CLFS - ok
23:51:49.0765 5216	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:51:49.0794 5216	clr_optimization_v2.0.50727_32 - ok
23:51:49.0833 5216	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:51:49.0857 5216	clr_optimization_v2.0.50727_64 - ok
23:51:49.0938 5216	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:51:50.0001 5216	clr_optimization_v4.0.30319_32 - ok
23:51:50.0038 5216	clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:51:50.0065 5216	clr_optimization_v4.0.30319_64 - ok
23:51:50.0098 5216	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
23:51:50.0125 5216	CmBatt - ok
23:51:50.0139 5216	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\DRIVERS\cmdide.sys
23:51:50.0149 5216	cmdide - ok
23:51:50.0211 5216	CNG             (937beb186a735aca91d717044a49d17e) C:\Windows\system32\Drivers\cng.sys
23:51:50.0261 5216	CNG - ok
23:51:50.0264 5216	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
23:51:50.0271 5216	Compbatt - ok
23:51:50.0290 5216	CompositeBus    (f26b3a86f6fa87ca360b879581ab4123) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:51:50.0333 5216	CompositeBus - ok
23:51:50.0340 5216	COMSysApp - ok
23:51:50.0360 5216	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
23:51:50.0370 5216	crcdisk - ok
23:51:50.0393 5216	CryptSvc        (8c57411b66282c01533cb776f98ad384) C:\Windows\system32\cryptsvc.dll
23:51:50.0448 5216	CryptSvc - ok
23:51:50.0557 5216	DcomLaunch      (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
23:51:50.0612 5216	DcomLaunch - ok
23:51:50.0643 5216	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
23:51:50.0685 5216	defragsvc - ok
23:51:50.0710 5216	DfsC            (9c253ce7311ca60fc11c774692a13208) C:\Windows\system32\Drivers\dfsc.sys
23:51:50.0743 5216	DfsC - ok
23:51:50.0950 5216	Dhcp            (ce3b9562d997f69b330d181a8875960f) C:\Windows\system32\dhcpcore.dll
23:51:51.0268 5216	Dhcp - ok
23:51:51.0289 5216	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
23:51:51.0332 5216	discache - ok
23:51:51.0369 5216	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
23:51:51.0377 5216	Disk - ok
23:51:51.0407 5216	Dnscache        (85cf424c74a1d5ec33533e1dbff9920a) C:\Windows\System32\dnsrslvr.dll
23:51:51.0443 5216	Dnscache - ok
23:51:51.0472 5216	dot3svc         (14452acdb09b70964c8c21bf80a13acb) C:\Windows\System32\dot3svc.dll
23:51:51.0537 5216	dot3svc - ok
23:51:51.0561 5216	DPS             (8c2ba6bea949ee6e68385f5692bafb94) C:\Windows\system32\dps.dll
23:51:51.0584 5216	DPS - ok
23:51:51.0620 5216	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
23:51:51.0628 5216	drmkaud - ok
23:51:51.0691 5216	DvmMDES         (e5b95c75557120881076c45cd146d72c) C:\ASUS.SYS\config\DVMExportService.exe
23:51:51.0716 5216	DvmMDES ( UnsignedFile.Multi.Generic ) - warning
23:51:51.0716 5216	DvmMDES - detected UnsignedFile.Multi.Generic (1)
23:51:51.0753 5216	DXGKrnl         (1633b9abf52784a1331476397a48cbef) C:\Windows\System32\drivers\dxgkrnl.sys
23:51:51.0778 5216	DXGKrnl - ok
23:51:51.0803 5216	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
23:51:51.0835 5216	EapHost - ok
23:51:51.0945 5216	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
23:51:52.0001 5216	ebdrv - ok
23:51:52.0072 5216	EFS             (156f6159457d0aa7e59b62681b56eb90) C:\Windows\System32\lsass.exe
23:51:52.0131 5216	EFS - ok
23:51:52.0201 5216	ehRecvr         (47c071994c3f649f23d9cd075ac9304a) C:\Windows\ehome\ehRecvr.exe
23:51:52.0250 5216	ehRecvr - ok
23:51:52.0280 5216	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
23:51:52.0350 5216	ehSched - ok
23:51:52.0424 5216	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
23:51:52.0455 5216	elxstor - ok
23:51:52.0465 5216	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\DRIVERS\errdev.sys
23:51:52.0494 5216	ErrDev - ok
23:51:52.0525 5216	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
23:51:52.0552 5216	EventSystem - ok
23:51:52.0578 5216	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
23:51:52.0602 5216	exfat - ok
23:51:52.0618 5216	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
23:51:52.0658 5216	fastfat - ok
23:51:52.0690 5216	Fax             (d607b2f1bee3992aa6c2c92c0a2f0855) C:\Windows\system32\fxssvc.exe
23:51:52.0717 5216	Fax - ok
23:51:52.0725 5216	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
23:51:52.0747 5216	fdc - ok
23:51:52.0768 5216	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
23:51:52.0805 5216	fdPHost - ok
23:51:52.0816 5216	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
23:51:52.0844 5216	FDResPub - ok
23:51:52.0853 5216	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
23:51:52.0861 5216	FileInfo - ok
23:51:52.0876 5216	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
23:51:52.0899 5216	Filetrace - ok
23:51:52.0915 5216	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
23:51:52.0922 5216	flpydisk - ok
23:51:52.0941 5216	FltMgr          (f7866af72abbaf84b1fa5aa195378c59) C:\Windows\system32\drivers\fltmgr.sys
23:51:52.0952 5216	FltMgr - ok
23:51:52.0995 5216	FontCache       (cb5e4b9c319e3c6bb363eb7e58a4a051) C:\Windows\system32\FntCache.dll
23:51:53.0032 5216	FontCache - ok
23:51:53.0107 5216	FontCache3.0.0.0 (8d89e3131c27fdd6932189cb785e1b7a) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:51:53.0127 5216	FontCache3.0.0.0 - ok
23:51:53.0179 5216	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
23:51:53.0196 5216	FsDepends - ok
23:51:53.0218 5216	Fs_Rec          (d3e3f93d67821a2db2b3d9fac2dc2064) C:\Windows\system32\drivers\Fs_Rec.sys
23:51:53.0232 5216	Fs_Rec - ok
23:51:53.0280 5216	fvevol          (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\Windows\system32\DRIVERS\fvevol.sys
23:51:53.0311 5216	fvevol - ok
23:51:53.0343 5216	FWLANUSB        (444534cba693dd23c1cc589681e01656) C:\Windows\system32\DRIVERS\fwlanusb.sys
23:51:53.0370 5216	FWLANUSB - ok
23:51:53.0399 5216	fwlanusbn       (630cb27253ea63bb0990c40c72bfcfe1) C:\Windows\system32\DRIVERS\fwlanusbn.sys
23:51:53.0427 5216	fwlanusbn - ok
23:51:53.0465 5216	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
23:51:53.0489 5216	gagp30kx - ok
23:51:53.0512 5216	GEARAspiWDM     (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:51:53.0523 5216	GEARAspiWDM - ok
23:51:53.0563 5216	gpsvc           (fe5ab4525bc2ec68b9119a6e5d40128b) C:\Windows\System32\gpsvc.dll
23:51:53.0604 5216	gpsvc - ok
23:51:53.0619 5216	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
23:51:53.0704 5216	hcw85cir - ok
23:51:53.0748 5216	HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\Windows\system32\drivers\HdAudio.sys
23:51:53.0791 5216	HdAudAddService - ok
23:51:53.0827 5216	HDAudBus        (0a49913402747a0b67de940fb42cbdbb) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:51:53.0854 5216	HDAudBus - ok
23:51:53.0873 5216	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
23:51:53.0900 5216	HidBatt - ok
23:51:53.0906 5216	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
23:51:53.0955 5216	HidBth - ok
23:51:53.0972 5216	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
23:51:53.0990 5216	HidIr - ok
23:51:54.0006 5216	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
23:51:54.0039 5216	hidserv - ok
23:51:54.0063 5216	HidUsb          (b3bf6b5b50006def50b66306d99fcf6f) C:\Windows\system32\DRIVERS\hidusb.sys
23:51:54.0104 5216	HidUsb - ok
23:51:54.0138 5216	hkmsvc          (efa58ede58dd74388ffd04cb32681518) C:\Windows\system32\kmsvc.dll
23:51:54.0182 5216	hkmsvc - ok
23:51:54.0195 5216	HomeGroupListener (046b2673767ca626e2cfb7fdf735e9e8) C:\Windows\system32\ListSvc.dll
23:51:54.0267 5216	HomeGroupListener - ok
23:51:54.0309 5216	HomeGroupProvider (06a7422224d9865a5613710a089987df) C:\Windows\system32\provsvc.dll
23:51:54.0332 5216	HomeGroupProvider - ok
23:51:54.0348 5216	HpSAMD          (0886d440058f203eba0e1825e4355914) C:\Windows\system32\DRIVERS\HpSAMD.sys
23:51:54.0364 5216	HpSAMD - ok
23:51:54.0394 5216	HTTP            (cee049cac4efa7f4e1e4ad014414a5d4) C:\Windows\system32\drivers\HTTP.sys
23:51:54.0438 5216	HTTP - ok
23:51:54.0454 5216	hwpolicy        (f17766a19145f111856378df337a5d79) C:\Windows\system32\drivers\hwpolicy.sys
23:51:54.0461 5216	hwpolicy - ok
23:51:54.0477 5216	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
23:51:54.0496 5216	i8042prt - ok
23:51:54.0539 5216	iaStorV         (b75e45c564e944a2657167d197ab29da) C:\Windows\system32\drivers\iaStorV.sys
23:51:54.0569 5216	iaStorV - ok
23:51:54.0677 5216	ICQ Service     (b1a28fa1afde10b95ff9354b15701d70) C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
23:51:54.0695 5216	ICQ Service - ok
23:51:54.0799 5216	idsvc           (2f2be70d3e02b6fa877921ab9516d43c) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:51:54.0832 5216	idsvc - ok
23:51:54.0891 5216	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
23:51:54.0920 5216	iirsp - ok
23:51:54.0962 5216	IKEEXT          (c5b4683680df085b57bc53e5ef34861f) C:\Windows\System32\ikeext.dll
23:51:55.0015 5216	IKEEXT - ok
23:51:55.0116 5216	IntcAzAudAddService (a3bcbd0f710580a07d1b929d787d36ce) C:\Windows\system32\drivers\RTKVHD64.sys
23:51:55.0182 5216	IntcAzAudAddService - ok
23:51:55.0225 5216	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\DRIVERS\intelide.sys
23:51:55.0253 5216	intelide - ok
23:51:55.0280 5216	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
23:51:55.0311 5216	intelppm - ok
23:51:55.0331 5216	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
23:51:55.0378 5216	IPBusEnum - ok
23:51:55.0389 5216	IpFilterDriver  (722dd294df62483cecaae6e094b4d695) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:51:55.0413 5216	IpFilterDriver - ok
23:51:55.0454 5216	iphlpsvc        (f8e058d17363ec580e4b7232778b6cb5) C:\Windows\System32\iphlpsvc.dll
23:51:55.0487 5216	iphlpsvc - ok
23:51:55.0491 5216	IPMIDRV         (e2b4a4494db7cb9b89b55ca268c337c5) C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:51:55.0506 5216	IPMIDRV - ok
23:51:55.0522 5216	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
23:51:55.0551 5216	IPNAT - ok
23:51:55.0628 5216	iPod Service    (3d62fe4fefe9c67dafec52b534dfa1fb) C:\Program Files\iPod\bin\iPodService.exe
23:51:55.0656 5216	iPod Service - ok
23:51:55.0681 5216	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
23:51:55.0695 5216	IRENUM - ok
23:51:55.0710 5216	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\DRIVERS\isapnp.sys
23:51:55.0720 5216	isapnp - ok
23:51:55.0742 5216	iScsiPrt        (fa4d2557de56d45b0a346f93564be6e1) C:\Windows\system32\DRIVERS\msiscsi.sys
23:51:55.0756 5216	iScsiPrt - ok
23:51:55.0773 5216	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
23:51:55.0784 5216	kbdclass - ok
23:51:55.0806 5216	kbdhid          (6def98f8541e1b5dceb2c822a11f7323) C:\Windows\system32\DRIVERS\kbdhid.sys
23:51:55.0821 5216	kbdhid - ok
23:51:55.0847 5216	KeyIso          (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:51:55.0856 5216	KeyIso - ok
23:51:55.0874 5216	KSecDD          (16c1b906fc5ead84769f90b736b6bf0e) C:\Windows\system32\Drivers\ksecdd.sys
23:51:55.0886 5216	KSecDD - ok
23:51:55.0910 5216	KSecPkg         (0b711550c56444879d71c7daabda6c83) C:\Windows\system32\Drivers\ksecpkg.sys
23:51:55.0922 5216	KSecPkg - ok
23:51:55.0937 5216	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
23:51:55.0978 5216	ksthunk - ok
23:51:56.0001 5216	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
23:51:56.0038 5216	KtmRm - ok
23:51:56.0063 5216	LanmanServer    (81f1d04d4d0e433099365127375fd501) C:\Windows\system32\srvsvc.dll
23:51:56.0089 5216	LanmanServer - ok
23:51:56.0123 5216	LanmanWorkstation (27026eac8818e8a6c00a1cad2f11d29a) C:\Windows\System32\wkssvc.dll
23:51:56.0186 5216	LanmanWorkstation - ok
23:51:56.0222 5216	LGBusEnum       (db164eb571fd118d277d939510b0f562) C:\Windows\system32\drivers\LGBusEnum.sys
23:51:56.0229 5216	LGBusEnum - ok
23:51:56.0271 5216	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
23:51:56.0321 5216	lltdio - ok
23:51:56.0351 5216	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
23:51:56.0385 5216	lltdsvc - ok
23:51:56.0409 5216	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
23:51:56.0432 5216	lmhosts - ok
23:51:56.0458 5216	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
23:51:56.0466 5216	LSI_FC - ok
23:51:56.0483 5216	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
23:51:56.0491 5216	LSI_SAS - ok
23:51:56.0508 5216	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:51:56.0516 5216	LSI_SAS2 - ok
23:51:56.0532 5216	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:51:56.0541 5216	LSI_SCSI - ok
23:51:56.0562 5216	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
23:51:56.0585 5216	luafv - ok
23:51:56.0600 5216	Mcx2Svc         (f84c8f1000bc11e3b7b23cbd3baff111) C:\Windows\system32\Mcx2Svc.dll
23:51:56.0610 5216	Mcx2Svc - ok
23:51:56.0622 5216	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
23:51:56.0630 5216	megasas - ok
23:51:56.0648 5216	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
23:51:56.0659 5216	MegaSR - ok
23:51:56.0685 5216	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:51:56.0709 5216	MMCSS - ok
23:51:56.0732 5216	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
23:51:56.0761 5216	Modem - ok
23:51:56.0799 5216	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
23:51:56.0819 5216	monitor - ok
23:51:56.0840 5216	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
23:51:56.0848 5216	mouclass - ok
23:51:56.0859 5216	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
23:51:56.0866 5216	mouhid - ok
23:51:56.0888 5216	mountmgr        (791af66c4d0e7c90a3646066386fb571) C:\Windows\system32\drivers\mountmgr.sys
23:51:56.0896 5216	mountmgr - ok
23:51:56.0915 5216	mpio            (609d1d87649ecc19796f4d76d4c15cea) C:\Windows\system32\DRIVERS\mpio.sys
23:51:56.0924 5216	mpio - ok
23:51:56.0935 5216	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
23:51:56.0957 5216	mpsdrv - ok
23:51:56.0990 5216	MpsSvc          (aecab449567d1846dad63ece49e893e3) C:\Windows\system32\mpssvc.dll
23:51:57.0032 5216	MpsSvc - ok
23:51:57.0049 5216	MRxDAV          (30524261bb51d96d6fcbac20c810183c) C:\Windows\system32\drivers\mrxdav.sys
23:51:57.0077 5216	MRxDAV - ok
23:51:57.0110 5216	mrxsmb          (040d62a9d8ad28922632137acdd984f2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:51:57.0145 5216	mrxsmb - ok
23:51:57.0165 5216	mrxsmb10        (f0067552f8f9b33d7c59403ab808a3cb) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:51:57.0189 5216	mrxsmb10 - ok
23:51:57.0210 5216	mrxsmb20        (3c142d31de9f2f193218a53fe2632051) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:51:57.0244 5216	mrxsmb20 - ok
23:51:57.0269 5216	msahci          (5c37497276e3b3a5488b23a326a754b7) C:\Windows\system32\DRIVERS\msahci.sys
23:51:57.0284 5216	msahci - ok
23:51:57.0301 5216	msdsm           (8d27b597229aed79430fb9db3bcbfbd0) C:\Windows\system32\DRIVERS\msdsm.sys
23:51:57.0319 5216	msdsm - ok
23:51:57.0344 5216	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
23:51:57.0357 5216	MSDTC - ok
23:51:57.0375 5216	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
23:51:57.0405 5216	Msfs - ok
23:51:57.0420 5216	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
23:51:57.0451 5216	mshidkmdf - ok
23:51:57.0468 5216	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\DRIVERS\msisadrv.sys
23:51:57.0475 5216	msisadrv - ok
23:51:57.0516 5216	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
23:51:57.0546 5216	MSiSCSI - ok
23:51:57.0548 5216	msiserver - ok
23:51:57.0579 5216	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
23:51:57.0609 5216	MSKSSRV - ok
23:51:57.0623 5216	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
23:51:57.0662 5216	MSPCLOCK - ok
23:51:57.0674 5216	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
23:51:57.0701 5216	MSPQM - ok
23:51:57.0722 5216	MsRPC           (89cb141aa8616d8c6a4610fa26c60964) C:\Windows\system32\drivers\MsRPC.sys
23:51:57.0734 5216	MsRPC - ok
23:51:57.0747 5216	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
23:51:57.0754 5216	mssmbios - ok
23:51:57.0756 5216	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
23:51:57.0787 5216	MSTEE - ok
23:51:57.0800 5216	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
23:51:57.0813 5216	MTConfig - ok
23:51:57.0848 5216	MTsensor        (19b006b181e3875fd254f7b67acf1e7c) C:\Windows\system32\DRIVERS\ASACPI.sys
23:51:57.0855 5216	MTsensor - ok
23:51:57.0869 5216	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
23:51:57.0877 5216	Mup - ok
23:51:57.0907 5216	napagent        (4987e079a4530fa737a128be54b63b12) C:\Windows\system32\qagentRT.dll
23:51:57.0949 5216	napagent - ok
23:51:57.0998 5216	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
23:51:58.0037 5216	NativeWifiP - ok
23:51:58.0064 5216	NDIS            (cad515dbd07d082bb317d9928ce8962c) C:\Windows\system32\drivers\ndis.sys
23:51:58.0085 5216	NDIS - ok
23:51:58.0094 5216	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
23:51:58.0117 5216	NdisCap - ok
23:51:58.0140 5216	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
23:51:58.0170 5216	NdisTapi - ok
23:51:58.0185 5216	Ndisuio         (f105ba1e22bf1f2ee8f005d4305e4bec) C:\Windows\system32\DRIVERS\ndisuio.sys
23:51:58.0220 5216	Ndisuio - ok
23:51:58.0233 5216	NdisWan         (557dfab9ca1fcb036ac77564c010dad3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:51:58.0258 5216	NdisWan - ok
23:51:58.0261 5216	NDProxy         (659b74fb74b86228d6338d643cd3e3cf) C:\Windows\system32\drivers\NDProxy.sys
23:51:58.0302 5216	NDProxy - ok
23:51:58.0320 5216	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
23:51:58.0343 5216	NetBIOS - ok
23:51:58.0362 5216	NetBT           (9162b273a44ab9dce5b44362731d062a) C:\Windows\system32\DRIVERS\netbt.sys
23:51:58.0403 5216	NetBT - ok
23:51:58.0442 5216	Netlogon        (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:51:58.0449 5216	Netlogon - ok
23:51:58.0492 5216	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
23:51:58.0551 5216	Netman - ok
23:51:58.0563 5216	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
23:51:58.0601 5216	netprofm - ok
23:51:58.0640 5216	netr28x         (d66596db0a0739a89c25b590ce36d628) C:\Windows\system32\DRIVERS\netr28x.sys
23:51:58.0682 5216	netr28x - ok
23:51:58.0761 5216	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:51:58.0776 5216	NetTcpPortSharing - ok
23:51:58.0808 5216	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
23:51:58.0823 5216	nfrd960 - ok
23:51:58.0847 5216	NlaSvc          (d9a0ce66046d6efa0c61baa885cba0a8) C:\Windows\System32\nlasvc.dll
23:51:58.0895 5216	NlaSvc - ok
23:51:58.0898 5216	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
23:51:58.0952 5216	Npfs - ok
23:51:58.0971 5216	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
23:51:59.0004 5216	nsi - ok
23:51:59.0007 5216	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
23:51:59.0036 5216	nsiproxy - ok
23:51:59.0094 5216	Ntfs            (378e0e0dfea67d98ae6ea53adbbd76bc) C:\Windows\system32\drivers\Ntfs.sys
23:51:59.0124 5216	Ntfs - ok
23:51:59.0202 5216	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
23:51:59.0248 5216	Null - ok
23:51:59.0280 5216	nusb3hub        (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
23:51:59.0305 5216	nusb3hub - ok
23:51:59.0329 5216	nusb3xhc        (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
23:51:59.0338 5216	nusb3xhc - ok
23:51:59.0376 5216	nvraid          (a4d9c9a608a97f59307c2f2600edc6a4) C:\Windows\system32\drivers\nvraid.sys
23:51:59.0386 5216	nvraid - ok
23:51:59.0419 5216	nvstor          (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\Windows\system32\drivers\nvstor.sys
23:51:59.0428 5216	nvstor - ok
23:51:59.0459 5216	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\DRIVERS\nv_agp.sys
23:51:59.0468 5216	nv_agp - ok
23:51:59.0487 5216	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\DRIVERS\ohci1394.sys
23:51:59.0509 5216	ohci1394 - ok
23:51:59.0596 5216	ose             (7a56cf3e3f12e8af599963b16f50fb6a) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:51:59.0636 5216	ose - ok
23:51:59.0660 5216	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:51:59.0714 5216	p2pimsvc - ok
23:51:59.0748 5216	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
23:51:59.0770 5216	p2psvc - ok
23:51:59.0790 5216	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
23:51:59.0806 5216	Parport - ok
23:51:59.0823 5216	partmgr         (7daa117143316c4a1537e074a5a9eaf0) C:\Windows\system32\drivers\partmgr.sys
23:51:59.0839 5216	partmgr - ok
23:51:59.0852 5216	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
23:51:59.0882 5216	PcaSvc - ok
23:51:59.0901 5216	pci             (f36f6504009f2fb0dfd1b17a116ad74b) C:\Windows\system32\DRIVERS\pci.sys
23:51:59.0913 5216	pci - ok
23:51:59.0925 5216	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\DRIVERS\pciide.sys
23:51:59.0935 5216	pciide - ok
23:51:59.0951 5216	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
23:51:59.0961 5216	pcmcia - ok
23:51:59.0988 5216	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
23:51:59.0996 5216	pcw - ok
23:52:00.0022 5216	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
23:52:00.0062 5216	PEAUTH - ok
23:52:00.0118 5216	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
23:52:00.0151 5216	PerfHost - ok
23:52:00.0253 5216	pla             (557e9a86f65f0de18c9b6751dfe9d3f1) C:\Windows\system32\pla.dll
23:52:00.0302 5216	pla - ok
23:52:00.0343 5216	PlugPlay        (98b1721b8718164293b9701b98c52d77) C:\Windows\system32\umpnpmgr.dll
23:52:00.0416 5216	PlugPlay - ok
23:52:00.0435 5216	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
23:52:00.0466 5216	PNRPAutoReg - ok
23:52:00.0488 5216	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
23:52:00.0506 5216	PNRPsvc - ok
23:52:00.0553 5216	PolicyAgent     (166eb40d1f5b47e615de3d0fffe5f243) C:\Windows\System32\ipsecsvc.dll
23:52:00.0615 5216	PolicyAgent - ok
23:52:00.0642 5216	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
23:52:00.0673 5216	Power - ok
23:52:00.0728 5216	PptpMiniport    (27cc19e81ba5e3403c48302127bda717) C:\Windows\system32\DRIVERS\raspptp.sys
23:52:00.0804 5216	PptpMiniport - ok
23:52:00.0819 5216	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
23:52:00.0855 5216	Processor - ok
23:52:00.0877 5216	ProfSvc         (f381975e1f4346de875cb07339ce8d3a) C:\Windows\system32\profsvc.dll
23:52:00.0933 5216	ProfSvc - ok
23:52:00.0958 5216	ProtectedStorage (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:52:00.0966 5216	ProtectedStorage - ok
23:52:00.0987 5216	Psched          (ee992183bd8eaefd9973f352e587a299) C:\Windows\system32\DRIVERS\pacer.sys
23:52:01.0021 5216	Psched - ok
23:52:01.0070 5216	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
23:52:01.0099 5216	ql2300 - ok
23:52:01.0165 5216	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
23:52:01.0182 5216	ql40xx - ok
23:52:01.0204 5216	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
23:52:01.0217 5216	QWAVE - ok
23:52:01.0238 5216	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
23:52:01.0249 5216	QWAVEdrv - ok
23:52:01.0263 5216	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
23:52:01.0296 5216	RasAcd - ok
23:52:01.0330 5216	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:52:01.0352 5216	RasAgileVpn - ok
23:52:01.0373 5216	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
23:52:01.0415 5216	RasAuto - ok
23:52:01.0420 5216	Rasl2tp         (87a6e852a22991580d6d39adc4790463) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:52:01.0444 5216	Rasl2tp - ok
23:52:01.0463 5216	RasMan          (47394ed3d16d053f5906efe5ab51cc83) C:\Windows\System32\rasmans.dll
23:52:01.0538 5216	RasMan - ok
23:52:01.0562 5216	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
23:52:01.0600 5216	RasPppoe - ok
23:52:01.0614 5216	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
23:52:01.0646 5216	RasSstp - ok
23:52:01.0661 5216	rdbss           (3bac8142102c15d59a87757c1d41dce5) C:\Windows\system32\DRIVERS\rdbss.sys
23:52:01.0697 5216	rdbss - ok
23:52:01.0704 5216	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
23:52:01.0714 5216	rdpbus - ok
23:52:01.0734 5216	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:52:01.0757 5216	RDPCDD - ok
23:52:01.0774 5216	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
23:52:01.0799 5216	RDPENCDD - ok
23:52:01.0809 5216	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
23:52:01.0831 5216	RDPREFMP - ok
23:52:01.0853 5216	RDPWD           (074ac702d8b8b660b0e1371555995386) C:\Windows\system32\drivers\RDPWD.sys
23:52:01.0872 5216	RDPWD - ok
23:52:01.0884 5216	rdyboost        (634b9a2181d98f15941236886164ec8b) C:\Windows\system32\drivers\rdyboost.sys
23:52:01.0893 5216	rdyboost - ok
23:52:01.0922 5216	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
23:52:01.0952 5216	RemoteAccess - ok
23:52:01.0982 5216	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
23:52:02.0016 5216	RemoteRegistry - ok
23:52:02.0029 5216	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
23:52:02.0052 5216	RpcEptMapper - ok
23:52:02.0058 5216	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
23:52:02.0078 5216	RpcLocator - ok
23:52:02.0103 5216	RpcSs           (7266972e86890e2b30c0c322e906b027) C:\Windows\system32\rpcss.dll
23:52:02.0129 5216	RpcSs - ok
23:52:02.0142 5216	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
23:52:02.0178 5216	rspndr - ok
23:52:02.0209 5216	RTL8167         (20a466b9ea2bd828c0ec723f99b8cfe7) C:\Windows\system32\DRIVERS\Rt64win7.sys
23:52:02.0220 5216	RTL8167 - ok
23:52:02.0261 5216	SamSs           (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:52:02.0268 5216	SamSs - ok
23:52:02.0278 5216	sbp2port        (e3bbb89983daf5622c1d50cf49f28227) C:\Windows\system32\DRIVERS\sbp2port.sys
23:52:02.0286 5216	sbp2port - ok
23:52:02.0302 5216	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
23:52:02.0337 5216	SCardSvr - ok
23:52:02.0357 5216	scfilter        (c94da20c7e3ba1dca269bc8460d98387) C:\Windows\system32\DRIVERS\scfilter.sys
23:52:02.0391 5216	scfilter - ok
23:52:02.0434 5216	Schedule        (624d0f5ff99428bb90a5b8a4123e918e) C:\Windows\system32\schedsvc.dll
23:52:02.0510 5216	Schedule - ok
23:52:02.0530 5216	SCPolicySvc     (312e2f82af11e79906898ac3e3d58a1f) C:\Windows\System32\certprop.dll
23:52:02.0560 5216	SCPolicySvc - ok
23:52:02.0584 5216	SDRSVC          (765a27c3279ce11d14cb9e4f5869fca5) C:\Windows\System32\SDRSVC.dll
23:52:02.0678 5216	SDRSVC - ok
23:52:02.0714 5216	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
23:52:02.0773 5216	secdrv - ok
23:52:02.0791 5216	seclogon        (463b386ebc70f98da5dff85f7e654346) C:\Windows\system32\seclogon.dll
23:52:02.0826 5216	seclogon - ok
23:52:02.0844 5216	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
23:52:02.0880 5216	SENS - ok
23:52:02.0892 5216	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
23:52:02.0916 5216	SensrSvc - ok
23:52:02.0927 5216	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
23:52:02.0943 5216	Serenum - ok
23:52:02.0964 5216	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
23:52:02.0972 5216	Serial - ok
23:52:02.0979 5216	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
23:52:03.0001 5216	sermouse - ok
23:52:03.0020 5216	SessionEnv      (c3bc61ce47ff6f4e88ab8a3b429a36af) C:\Windows\system32\sessenv.dll
23:52:03.0043 5216	SessionEnv - ok
23:52:03.0053 5216	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\DRIVERS\sffdisk.sys
23:52:03.0074 5216	sffdisk - ok
23:52:03.0077 5216	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:52:03.0094 5216	sffp_mmc - ok
23:52:03.0097 5216	sffp_sd         (5588b8c6193eb1522490c122eb94dffa) C:\Windows\system32\DRIVERS\sffp_sd.sys
23:52:03.0105 5216	sffp_sd - ok
23:52:03.0108 5216	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
23:52:03.0115 5216	sfloppy - ok
23:52:03.0141 5216	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
23:52:03.0169 5216	SharedAccess - ok
23:52:03.0190 5216	ShellHWDetection (0298ac45d0efffb2db4baa7dd186e7bf) C:\Windows\System32\shsvcs.dll
23:52:03.0215 5216	ShellHWDetection - ok
23:52:03.0232 5216	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:52:03.0240 5216	SiSRaid2 - ok
23:52:03.0252 5216	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
23:52:03.0260 5216	SiSRaid4 - ok
23:52:03.0278 5216	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
23:52:03.0311 5216	Smb - ok
23:52:03.0334 5216	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
23:52:03.0342 5216	SNMPTRAP - ok
23:52:03.0355 5216	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
23:52:03.0362 5216	spldr - ok
23:52:03.0398 5216	Spooler         (f8e1fa03cb70d54a9892ac88b91d1e7b) C:\Windows\System32\spoolsv.exe
23:52:03.0438 5216	Spooler - ok
23:52:03.0523 5216	sppsvc          (913d843498553a1bc8f8dbad6358e49f) C:\Windows\system32\sppsvc.exe
23:52:03.0580 5216	sppsvc - ok
23:52:03.0642 5216	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
23:52:03.0746 5216	sppuinotify - ok
23:52:03.0832 5216	sptd            (602884696850c86434530790b110e8eb) C:\Windows\System32\Drivers\sptd.sys
23:52:03.0864 5216	sptd - ok
23:52:03.0912 5216	srv             (2408c0366d96bcdf63e8f1c78e4a29c5) C:\Windows\system32\DRIVERS\srv.sys
23:52:03.0956 5216	srv - ok
23:52:03.0986 5216	srv2            (76548f7b818881b47d8d1ae1be9c11f8) C:\Windows\system32\DRIVERS\srv2.sys
23:52:04.0006 5216	srv2 - ok
23:52:04.0016 5216	srvnet          (0af6e19d39c70844c5caa8fb0183c36e) C:\Windows\system32\DRIVERS\srvnet.sys
23:52:04.0036 5216	srvnet - ok
23:52:04.0060 5216	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
23:52:04.0110 5216	SSDPSRV - ok
23:52:04.0132 5216	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
23:52:04.0164 5216	SstpSvc - ok
23:52:04.0225 5216	Steam Client Service - ok
23:52:04.0276 5216	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
23:52:04.0305 5216	stexstor - ok
23:52:04.0366 5216	stisvc          (52d0e33b681bd0f33fdc08812fee4f7d) C:\Windows\System32\wiaservc.dll
23:52:04.0414 5216	stisvc - ok
23:52:04.0424 5216	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
23:52:04.0437 5216	swenum - ok
23:52:04.0468 5216	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
23:52:04.0510 5216	swprv - ok
23:52:04.0552 5216	SysMain         (3c1284516a62078fb68f768de4f1a7be) C:\Windows\system32\sysmain.dll
23:52:04.0595 5216	SysMain - ok
23:52:04.0645 5216	TabletInputService (238935c3cf2854886dc7cbb2a0e2cc66) C:\Windows\System32\TabSvc.dll
23:52:04.0668 5216	TabletInputService - ok
23:52:04.0690 5216	TapiSrv         (884264ac597b690c5707c89723bb8e7b) C:\Windows\System32\tapisrv.dll
23:52:04.0725 5216	TapiSrv - ok
23:52:04.0737 5216	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
23:52:04.0760 5216	TBS - ok
23:52:04.0876 5216	Tcpip           (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\drivers\tcpip.sys
23:52:04.0949 5216	Tcpip - ok
23:52:05.0013 5216	TCPIP6          (f18f56efc0bfb9c87ba01c37b27f4da5) C:\Windows\system32\DRIVERS\tcpip.sys
23:52:05.0038 5216	TCPIP6 - ok
23:52:05.0059 5216	tcpipreg        (76d078af6f587b162d50210f761eb9ed) C:\Windows\system32\drivers\tcpipreg.sys
23:52:05.0091 5216	tcpipreg - ok
23:52:05.0120 5216	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
23:52:05.0136 5216	TDPIPE - ok
23:52:05.0152 5216	TDTCP           (7518f7bcfd4b308abc9192bacaf6c970) C:\Windows\system32\drivers\tdtcp.sys
23:52:05.0169 5216	TDTCP - ok
23:52:05.0180 5216	tdx             (079125c4b17b01fcaeebce0bcb290c0f) C:\Windows\system32\DRIVERS\tdx.sys
23:52:05.0212 5216	tdx - ok
23:52:05.0224 5216	TermDD          (c448651339196c0e869a355171875522) C:\Windows\system32\DRIVERS\termdd.sys
23:52:05.0232 5216	TermDD - ok
23:52:05.0253 5216	TermService     (0f05ec2887bfe197ad82a13287d2f404) C:\Windows\System32\termsrv.dll
23:52:05.0296 5216	TermService - ok
23:52:05.0313 5216	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
23:52:05.0331 5216	Themes - ok
23:52:05.0362 5216	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
23:52:05.0406 5216	THREADORDER - ok
23:52:05.0437 5216	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
23:52:05.0468 5216	TrkWks - ok
23:52:05.0517 5216	TrustedInstaller (840f7fb849f5887a49ba18c13b2da920) C:\Windows\servicing\TrustedInstaller.exe
23:52:05.0547 5216	TrustedInstaller - ok
23:52:05.0560 5216	tssecsrv        (61b96c26131e37b24e93327a0bd1fb95) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:52:05.0603 5216	tssecsrv - ok
23:52:05.0640 5216	tunnel          (3836171a2cdf3af8ef10856db9835a70) C:\Windows\system32\DRIVERS\tunnel.sys
23:52:05.0713 5216	tunnel - ok
23:52:05.0728 5216	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
23:52:05.0737 5216	uagp35 - ok
23:52:05.0758 5216	udfs            (d47baead86c65d4f4069d7ce0a4edceb) C:\Windows\system32\DRIVERS\udfs.sys
23:52:05.0793 5216	udfs - ok
23:52:05.0809 5216	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
23:52:05.0832 5216	UI0Detect - ok
23:52:05.0872 5216	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\DRIVERS\uliagpkx.sys
23:52:05.0896 5216	uliagpkx - ok
23:52:05.0928 5216	umbus           (eab6c35e62b1b0db0d1b48b671d3a117) C:\Windows\system32\DRIVERS\umbus.sys
23:52:05.0957 5216	umbus - ok
23:52:05.0971 5216	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
23:52:05.0985 5216	UmPass - ok
23:52:06.0003 5216	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
23:52:06.0039 5216	upnphost - ok
23:52:06.0062 5216	USBAAPL64       (f724b03c3dfaacf08d17d38bf3333583) C:\Windows\system32\Drivers\usbaapl64.sys
23:52:06.0123 5216	USBAAPL64 - ok
23:52:06.0163 5216	usbccgp         (7b6a127c93ee590e4d79a5f2a76fe46f) C:\Windows\system32\DRIVERS\usbccgp.sys
23:52:06.0213 5216	usbccgp - ok
23:52:06.0253 5216	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\DRIVERS\usbcir.sys
23:52:06.0289 5216	usbcir - ok
23:52:06.0311 5216	usbehci         (92969ba5ac44e229c55a332864f79677) C:\Windows\system32\DRIVERS\usbehci.sys
23:52:06.0320 5216	usbehci - ok
23:52:06.0348 5216	usbhub          (e7df1cfd28ca86b35ef5add0735ceef3) C:\Windows\system32\DRIVERS\usbhub.sys
23:52:06.0378 5216	usbhub - ok
23:52:06.0413 5216	usbohci         (f1bb1e55f1e7a65c5839ccc7b36d773e) C:\Windows\system32\DRIVERS\usbohci.sys
23:52:06.0451 5216	usbohci - ok
23:52:06.0466 5216	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
23:52:06.0491 5216	usbprint - ok
23:52:06.0517 5216	USBSTOR         (f39983647bc1f3e6100778ddfe9dce29) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:52:06.0537 5216	USBSTOR - ok
23:52:06.0542 5216	usbuhci         (bc3070350a491d84b518d7cca9abd36f) C:\Windows\system32\drivers\usbuhci.sys
23:52:06.0560 5216	usbuhci - ok
23:52:06.0585 5216	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
23:52:06.0608 5216	UxSms - ok
23:52:06.0632 5216	VaultSvc        (156f6159457d0aa7e59b62681b56eb90) C:\Windows\system32\lsass.exe
23:52:06.0639 5216	VaultSvc - ok
23:52:06.0665 5216	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\DRIVERS\vdrvroot.sys
23:52:06.0672 5216	vdrvroot - ok
23:52:06.0696 5216	vds             (44d73e0bbc1d3c8981304ba15135c2f2) C:\Windows\System32\vds.exe
23:52:06.0718 5216	vds - ok
23:52:06.0759 5216	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
23:52:06.0784 5216	vga - ok
23:52:06.0797 5216	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
23:52:06.0842 5216	VgaSave - ok
23:52:06.0864 5216	vhdmp           (c82e748660f62a242b2dfac1442f22a4) C:\Windows\system32\DRIVERS\vhdmp.sys
23:52:06.0874 5216	vhdmp - ok
23:52:06.0883 5216	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\DRIVERS\viaide.sys
23:52:06.0890 5216	viaide - ok
23:52:06.0905 5216	volmgr          (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\Windows\system32\DRIVERS\volmgr.sys
23:52:06.0913 5216	volmgr - ok
23:52:06.0928 5216	volmgrx         (99b0cbb569ca79acaed8c91461d765fb) C:\Windows\system32\drivers\volmgrx.sys
23:52:06.0940 5216	volmgrx - ok
23:52:06.0952 5216	volsnap         (58f82eed8ca24b461441f9c3e4f0bf5c) C:\Windows\system32\DRIVERS\volsnap.sys
23:52:06.0963 5216	volsnap - ok
23:52:06.0990 5216	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
23:52:07.0000 5216	vsmraid - ok
23:52:07.0044 5216	VSS             (787898bf9fb6d7bd87a36e2d95c899ba) C:\Windows\system32\vssvc.exe
23:52:07.0076 5216	VSS - ok
23:52:07.0156 5216	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
23:52:07.0178 5216	vwifibus - ok
23:52:07.0198 5216	VWiFiFlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
23:52:07.0236 5216	VWiFiFlt - ok
23:52:07.0255 5216	vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
23:52:07.0274 5216	vwifimp - ok
23:52:07.0300 5216	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
23:52:07.0327 5216	W32Time - ok
23:52:07.0344 5216	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
23:52:07.0358 5216	WacomPen - ok
23:52:07.0387 5216	WANARP          (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:52:07.0421 5216	WANARP - ok
23:52:07.0424 5216	Wanarpv6        (47ca49400643effd3f1c9a27e1d69324) C:\Windows\system32\DRIVERS\wanarp.sys
23:52:07.0446 5216	Wanarpv6 - ok
23:52:07.0495 5216	wbengine        (5ab1bb85bd8b5089cc5d64200dedae68) C:\Windows\system32\wbengine.exe
23:52:07.0576 5216	wbengine - ok
23:52:07.0615 5216	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
23:52:07.0639 5216	WbioSrvc - ok
23:52:07.0672 5216	wcncsvc         (dd1bae8ebfc653824d29ccf8c9054d68) C:\Windows\System32\wcncsvc.dll
23:52:07.0719 5216	wcncsvc - ok
23:52:07.0733 5216	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
23:52:07.0786 5216	WcsPlugInService - ok
23:52:07.0802 5216	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
23:52:07.0817 5216	Wd - ok
23:52:07.0846 5216	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
23:52:07.0876 5216	Wdf01000 - ok
23:52:07.0895 5216	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:52:07.0946 5216	WdiServiceHost - ok
23:52:07.0948 5216	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
23:52:07.0960 5216	WdiSystemHost - ok
23:52:07.0985 5216	WebClient       (733006127f235be7c35354ebee7b9a7b) C:\Windows\System32\webclnt.dll
23:52:08.0018 5216	WebClient - ok
23:52:08.0034 5216	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
23:52:08.0077 5216	Wecsvc - ok
23:52:08.0091 5216	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
23:52:08.0114 5216	wercplsupport - ok
23:52:08.0156 5216	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
23:52:08.0218 5216	WerSvc - ok
23:52:08.0245 5216	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
23:52:08.0294 5216	WfpLwf - ok
23:52:08.0312 5216	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
23:52:08.0319 5216	WIMMount - ok
23:52:08.0351 5216	WinDefend - ok
23:52:08.0355 5216	WinHttpAutoProxySvc - ok
23:52:08.0393 5216	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
23:52:08.0457 5216	Winmgmt - ok
23:52:08.0518 5216	WinRM           (41fbb751936b387f9179e7f03a74fe29) C:\Windows\system32\WsmSvc.dll
23:52:08.0581 5216	WinRM - ok
23:52:08.0921 5216	WinUsb          (817eaff5d38674edd7713b9dfb8e9791) C:\Windows\system32\DRIVERS\WinUsb.sys
23:52:08.0945 5216	WinUsb - ok
23:52:08.0979 5216	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
23:52:09.0017 5216	Wlansvc - ok
23:52:09.0167 5216	wlidsvc         (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:52:09.0212 5216	wlidsvc - ok
23:52:09.0245 5216	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:52:09.0259 5216	WmiAcpi - ok
23:52:09.0277 5216	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
23:52:09.0292 5216	wmiApSrv - ok
23:52:09.0323 5216	WMPNetworkSvc - ok
23:52:09.0335 5216	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
23:52:09.0377 5216	WPCSvc - ok
23:52:09.0397 5216	WPDBusEnum      (2e57ddf2880a7e52e76f41c7e96d327b) C:\Windows\system32\wpdbusenum.dll
23:52:09.0479 5216	WPDBusEnum - ok
23:52:09.0489 5216	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
23:52:09.0539 5216	ws2ifsl - ok
23:52:09.0558 5216	wscsvc          (8f9f3969933c02da96eb0f84576db43e) C:\Windows\System32\wscsvc.dll
23:52:09.0573 5216	wscsvc - ok
23:52:09.0575 5216	WSearch - ok
23:52:09.0637 5216	wuauserv        (38340204a2d0228f1e87740fc5e554a7) C:\Windows\system32\wuaueng.dll
23:52:09.0686 5216	wuauserv - ok
23:52:09.0707 5216	WudfPf          (7cadc74271dd6461c452c271b30bd378) C:\Windows\system32\drivers\WudfPf.sys
23:52:09.0736 5216	WudfPf - ok
23:52:09.0763 5216	WUDFRd          (3b197af0fff08aa66b6b2241ca538d64) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:52:09.0787 5216	WUDFRd - ok
23:52:09.0805 5216	wudfsvc         (b551d6637aa0e132c18ac6e504f7b79b) C:\Windows\System32\WUDFSvc.dll
23:52:09.0838 5216	wudfsvc - ok
23:52:09.0850 5216	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
23:52:09.0874 5216	WwanSvc - ok
23:52:09.0914 5216	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:52:10.0017 5216	\Device\Harddisk0\DR0 - ok
23:52:10.0023 5216	Boot (0x1200)   (34e343edbbba40f3b11197dc4284897f) \Device\Harddisk0\DR0\Partition0
23:52:10.0026 5216	\Device\Harddisk0\DR0\Partition0 - ok
23:52:10.0052 5216	Boot (0x1200)   (23a6a0a98ce9b348435ffd7b4be6655b) \Device\Harddisk0\DR0\Partition1
23:52:10.0053 5216	\Device\Harddisk0\DR0\Partition1 - ok
23:52:10.0071 5216	Boot (0x1200)   (b1e27aa018409de6bfd73f8afb883a65) \Device\Harddisk0\DR0\Partition2
23:52:10.0071 5216	\Device\Harddisk0\DR0\Partition2 - ok
23:52:10.0071 5216	============================================================
23:52:10.0071 5216	Scan finished
23:52:10.0071 5216	============================================================
23:52:10.0084 4548	Detected object count: 2
23:52:10.0084 4548	Actual detected object count: 2
23:52:25.0368 4548	AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:52:25.0368 4548	AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 
23:52:25.0372 4548	DvmMDES ( UnsignedFile.Multi.Generic ) - skipped by user
23:52:25.0372 4548	DvmMDES ( UnsignedFile.Multi.Generic ) - User select action: Skip

lg

cosinus · 04.05.2012, 23:27

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Bobby91 · 05.05.2012, 09:49

Hi Cosinus, ich komme seit gestern Nacht nicht mehr auf Websiten bis auf meine Start-Homepage, bei allen anderen Seiten kommt nach einer halben Minute , dass die Seite nicht geladen werden kann. Icq geht auch nicht , Verbindung zur Box wird aber angezeigt und das komische ist : Teamspeak funktioniert , ich kann mit Kollegen reden und die Startpage ( auch ein Forum) kann ich uneingeschraenkt nutzen . Ich schreibe gerade vom I Phone, den Log von Customfix werde ich posten , wenn die Seite wieder geht .

lg

[code]
Combofix Logfile:

Code:

ATTFilter

ComboFix 12-05-05.05 - Christoph 05.05.2012   8:23.1.6 - x64
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.4094.2605 [GMT 2:00]
ausgeführt von:: c:\users\Christoph\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\Christoph\AppData\Roaming\Local
c:\users\Christoph\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Christoph\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Christoph\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Christoph\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
c:\users\Christoph\AppData\Roaming\Local\Temp\DDM\Settings\4.ddi
c:\users\Christoph\AppData\Roaming\Local\Temp\DDM\Settings\5.ddi
c:\users\Christoph\AppData\Roaming\Local\Temp\DDM\Settings\6.ddi
c:\users\Christoph\AppData\Roaming\Local\Temp\DDM\Settings\Das_Reich_der_Quanten_und_Elementarteilchen.avi.ddr
c:\users\Christoph\AppData\Roaming\Local\Temp\DDM\Settings\Elementarteilchen_cd1.avi.ddr
c:\users\Christoph\AppData\Roaming\Local\Temp\DDM\Settings\empire_elemen_1.avi.ddr
c:\users\Christoph\AppData\Roaming\Local\Temp\DDM\Settings\Gamer.2009.DL.German.intro.divx.ddr
c:\users\Christoph\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\users\Christoph\AppData\Roaming\Local\Temp\DDM\Settings\Pit.Fighter.3.Dragon.Fire.1993.German.BDRiP..avi.ddr
c:\users\Christoph\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Christoph\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Das_Reich_der_Quanten_und_Elementarteilchen.avi.ddp
c:\users\Christoph\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Elementarteilchen_cd1.avi.ddp
c:\users\Christoph\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\empire_elemen_1.avi.ddp
c:\users\Christoph\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Gamer.2009.DL.German.intro.divx.ddp
c:\users\Christoph\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx.ddp
c:\users\Christoph\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Pit.Fighter.3.Dragon.Fire.1993.German.BDRiP..avi.ddp
c:\users\Christoph\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\The_Quiet_Earth.ger.avi.ddp
c:\users\Christoph\AppData\Roaming\Local\Temp\DDM\Settings\The_Quiet_Earth.ger.avi.ddr
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-04-05 bis 2012-05-05  ))))))))))))))))))))))))))))))
.
.
2012-05-05 06:28 . 2012-05-05 06:28	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-05-04 18:28 . 2012-05-04 20:57	--------	d-----w-	C:\_OTL
2012-05-04 14:17 . 2012-04-13 08:46	8917360	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{59F7C305-84C4-41FB-9B23-BA4D885865D4}\mpengine.dll
2012-05-02 20:29 . 2012-05-02 20:29	--------	d-----w-	c:\program files (x86)\ESET
2012-05-01 20:42 . 2012-05-01 20:42	--------	d-----w-	c:\users\Christoph\AppData\Roaming\Malwarebytes
2012-05-01 20:41 . 2012-05-01 20:41	--------	d-----w-	c:\programdata\Malwarebytes
2012-05-01 20:41 . 2012-05-01 20:44	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-05-01 20:41 . 2012-04-04 13:56	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-04-22 12:22 . 2012-04-22 12:22	--------	d-----w-	c:\users\Christoph\AppData\Roaming\Avira
2012-04-22 12:16 . 2012-04-22 12:16	--------	d-----w-	c:\programdata\Avira
2012-04-22 12:16 . 2012-04-22 12:16	--------	d-----w-	c:\program files (x86)\Avira
2012-04-22 12:16 . 2012-01-31 06:56	97312	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-04-22 12:16 . 2012-01-31 06:56	132320	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-04-22 12:16 . 2011-09-16 14:08	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-04-11 15:46 . 2012-03-01 06:54	22896	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2012-04-11 15:46 . 2012-03-01 06:40	80896	----a-w-	c:\windows\system32\imagehlp.dll
2012-04-11 15:46 . 2012-03-01 05:45	158720	----a-w-	c:\windows\SysWow64\imagehlp.dll
2012-04-11 15:46 . 2012-03-01 06:45	220672	----a-w-	c:\windows\system32\wintrust.dll
2012-04-11 15:46 . 2012-03-01 06:35	5120	----a-w-	c:\windows\system32\wmi.dll
2012-04-11 15:46 . 2012-03-01 05:49	172544	----a-w-	c:\windows\SysWow64\wintrust.dll
2012-04-11 15:46 . 2012-03-01 05:40	5120	----a-w-	c:\windows\SysWow64\wmi.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-07 17:34 . 2012-03-07 17:34	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-03-07 17:34 . 2012-03-07 17:34	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-03-07 17:34 . 2012-03-07 17:34	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2012-03-07 17:34 . 2012-03-07 17:34	85504	----a-w-	c:\windows\system32\iesetup.dll
2012-03-07 17:34 . 2012-03-07 17:34	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2012-03-07 17:34 . 2012-03-07 17:34	76800	----a-w-	c:\windows\system32\tdc.ocx
2012-03-07 17:34 . 2012-03-07 17:34	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-03-07 17:34 . 2012-03-07 17:34	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2012-03-07 17:34 . 2012-03-07 17:34	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2012-03-07 17:34 . 2012-03-07 17:34	603648	----a-w-	c:\windows\system32\vbscript.dll
2012-03-07 17:34 . 2012-03-07 17:34	49664	----a-w-	c:\windows\system32\imgutil.dll
2012-03-07 17:34 . 2012-03-07 17:34	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2012-03-07 17:34 . 2012-03-07 17:34	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-03-07 17:34 . 2012-03-07 17:34	448512	----a-w-	c:\windows\system32\html.iec
2012-03-07 17:34 . 2012-03-07 17:34	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2012-03-07 17:34 . 2012-03-07 17:34	367104	----a-w-	c:\windows\SysWow64\html.iec
2012-03-07 17:34 . 2012-03-07 17:34	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2012-03-07 17:34 . 2012-03-07 17:34	30720	----a-w-	c:\windows\system32\licmgr10.dll
2012-03-07 17:34 . 2012-03-07 17:34	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2012-03-07 17:34 . 2012-03-07 17:34	222208	----a-w-	c:\windows\system32\msls31.dll
2012-03-07 17:34 . 2012-03-07 17:34	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2012-03-07 17:34 . 2012-03-07 17:34	165888	----a-w-	c:\windows\system32\iexpress.exe
2012-03-07 17:34 . 2012-03-07 17:34	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2012-03-07 17:34 . 2012-03-07 17:34	160256	----a-w-	c:\windows\system32\wextract.exe
2012-03-07 17:34 . 2012-03-07 17:34	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2012-03-07 17:34 . 2012-03-07 17:34	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2012-03-07 17:34 . 2012-03-07 17:34	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2012-03-07 17:34 . 2012-03-07 17:34	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-03-07 17:34 . 2012-03-07 17:34	12288	----a-w-	c:\windows\system32\mshta.exe
2012-03-07 17:34 . 2012-03-07 17:34	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2012-03-07 17:34 . 2012-03-07 17:34	114176	----a-w-	c:\windows\system32\admparse.dll
2012-03-07 17:34 . 2012-03-07 17:34	111616	----a-w-	c:\windows\system32\iesysprep.dll
2012-03-07 17:34 . 2012-03-07 17:34	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2012-03-07 17:34 . 2012-03-07 17:34	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2012-02-25 20:33 . 2012-02-25 20:33	18328	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-23 08:18 . 2010-11-27 08:59	279656	------w-	c:\windows\system32\MpSigStub.exe
2012-02-15 16:26 . 2012-02-15 16:27	1179547	----a-w-	c:\users\KaloMa\unins000.exe
2012-02-15 06:27 . 2012-03-13 19:11	1031680	----a-w-	c:\windows\system32\rdpcore.dll
2012-02-15 05:44 . 2012-03-13 19:11	826368	----a-w-	c:\windows\SysWow64\rdpcore.dll
2012-02-15 04:47 . 2012-03-13 19:11	204800	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-02-15 04:46 . 2012-03-13 19:11	23552	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2012-02-10 06:18 . 2012-03-13 20:48	1541120	----a-w-	c:\windows\system32\DWrite.dll
2012-02-10 06:17 . 2012-03-13 20:48	1837568	----a-w-	c:\windows\system32\d3d10warp.dll
2012-02-10 06:17 . 2012-03-13 20:48	902656	----a-w-	c:\windows\system32\d2d1.dll
2012-02-10 06:17 . 2012-03-13 20:48	320512	----a-w-	c:\windows\system32\d3d10_1core.dll
2012-02-10 06:17 . 2012-03-13 20:48	197120	----a-w-	c:\windows\system32\d3d10_1.dll
2012-02-10 05:41 . 2012-03-13 20:48	1074176	----a-w-	c:\windows\SysWow64\DWrite.dll
2012-02-10 05:41 . 2012-03-13 20:48	218624	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2012-02-10 05:41 . 2012-03-13 20:48	161792	----a-w-	c:\windows\SysWow64\d3d10_1.dll
2012-02-10 05:41 . 2012-03-13 20:48	1170944	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2012-02-10 05:41 . 2012-03-13 20:48	739840	----a-w-	c:\windows\SysWow64\d2d1.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2011-12-23 1242448]
"ICQ"="c:\program files (x86)\ICQ7.4\ICQ.exe" [2011-03-01 119608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"Six Engine"="c:\program files (x86)\ASUS\EPU\EPU.exe" [2010-03-16 5309056]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2009-03-20 1904640]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-01-25 421160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-01-31 258512]
.
c:\users\Christoph\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages	REG_MULTI_SZ   	kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 VWiFiFlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-01-31 86224]
S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-10-16 319488]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2010-09-06 247096]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1074455031-1119761506-3827550617-1000Core.job
- c:\users\Christoph\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-27 22:45]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1074455031-1119761506-3827550617-1000UA.job
- c:\users\Christoph\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-27 22:45]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-01-29 10038304]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2009-08-13 415752]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2009-08-13 2093064]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2009-08-13 4195848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = 
mLocal Page = 
uInternet Settings,ProxyOverride = fritz.box;*.local
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
TCP: Interfaces\{4B5DBC2F-B0CA-45D3-A0D3-5167F5C40D7B}: NameServer = 192.168.178.1
TCP: Interfaces\{DA30CE20-75F2-4C0D-8C1C-39626E24A26D}: NameServer = 192.168.178.1
FF - ProfilePath - c:\users\Christoph\AppData\Roaming\Mozilla\Firefox\Profiles\ht840s7s.default\
FF - prefs.js: browser.search.defaulturl - 
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - www.team-andro.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files (x86)\DivX\DivX Plus Web Player\firefox\wpa
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-{87BDD281-9585-407A-8C9B-AE45B122396C}_is1 - c:\total war shogun 2\unins000.exe
AddRemove-{E63E34A7-E552-412B-9E40-FD6FC5227ABA}_is1 - c:\program files (x86)\Uniblue\RegistryBooster\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1074455031-1119761506-3827550617-1000\Software\SecuROM\License information*]
"datasecu"=hex:97,f4,40,88,41,ab,c1,75,1f,49,cf,7f,80,a8,b8,87,b9,27,c1,34,c3,
   6f,a6,eb,03,51,54,95,fd,ae,e3,9d,6c,ca,db,37,91,00,3e,86,31,a9,c6,29,de,fe,\
"rkeysecu"=hex:3c,fa,22,74,4d,c3,10,13,79,66,f1,48,8f,43,3e,fa
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\DAODx.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\ROCCAT\Kone[+] Mouse\Kone[+]Monitor.exe
c:\program files (x86)\Windows Media Player\wmplayer.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-05-05  08:40:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-05-05 06:40
.
Vor Suchlauf: 12 Verzeichnis(se), 194.577.375.232 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 194.138.214.400 Bytes frei
.
- - End Of File - - 6907B43551C87F8F7E221C86BDCDDF5E

--- --- ---

LOG-Analys von DDS und Anti-Malware / Internet immer langsamer bis zum kompletten abbruch

Log-Analyse und Auswertung: LOG-Analys von DDS und Anti-Malware / Internet immer langsamer bis zum kompletten abbruch