Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: 2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 22.07.2012, 19:02   #1
Knobelhannes
 
2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner - Standard

2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner



Hallo Community.

Erstmal ein Hallo, da ich neu hier bin. (2.Thema da ich das 1 wohl falsch gepostet hatte, daher auch das möglicherweise irritierende Datum)

Nach Datensicherung eines alten Laptops von einem Comp-Spezi und dessen Hinweis auf evtl. Viren bzw. deren Namen bin ich über Google zu Euch gestoßen. Nach Durchlesen mehrere Threads habe ich Sicherheitshalber Malwarebyte installiert und einen Fund.

Das Logfile liest sich so:

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.14.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Wir Zuhause :: KNOBELBECHER [Administrator]

14.07.2012 09:49:32
mbam-log-2012-07-14 (09-49-32).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 231739
Laufzeit: 1 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Wir Zuhause\Downloads\SoftonicDownloader_fuer_hp-usb-disk-storage-format-tool.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wir Zuhause\Downloads\SoftonicDownloader_fuer_winsetupfromusb.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Problem hab ich m.E. nach nur eins, manchmal habe ich beim Kaltstart einen Grafikbug, der aber mit meiner GraKa und deren Treiber + Win7 zusammenhängen kann. Habe ich zumindest gelesen. Jedenfalls muß sich Win7 dann neu starten und scheint einwandfrei zu funktionieren.

Ich mach auch noch einen vollständigen Scan. und poste diesen hier in diesem Thema. Vielen Dank für Hiilfen und Beistand im voraus.

Internet Explorer nutze ich nicht, mir zu unsicher.
Ich nutze Firefox 13.0.1 mit folgenden Addons:
Adblockplus 2.1.1
Browserprotect 1.1.3
Cookie-Killer 1.0.12
Dr. Web Anti -Virus Link Checker 2.7.0


Avira Vollscan und Malwarebyte Fullscan haben nach Einstellen der Quarantäne keine weiteren Befunde ergeben.


Der OTL-Scan ergab folgendes:
Zitat:
OTL.txt:OTL logfile created on: 22.07.2012 19:43:50 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Wir Zuhause\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 67,31% Memory free
8,00 Gb Paging File | 6,30 Gb Available in Paging File | 78,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 299,90 Gb Total Space | 239,06 Gb Free Space | 79,71% Space Free | Partition Type: NTFS
Drive D: | 631,51 Gb Total Space | 613,78 Gb Free Space | 97,19% Space Free | Partition Type: NTFS
Drive F: | 236,01 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: KNOBELBECHER | User Name: Wir Zuhause | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.07.22 19:13:18 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Wir Zuhause\Downloads\OTL.exe
PRC - [2012.06.27 17:11:10 | 001,090,440 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2012.06.27 17:01:34 | 000,791,488 | ---- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
PRC - [2012.06.17 10:14:46 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.01.20 12:04:47 | 001,412,096 | ---- | M] (Mirko Böer Softwareentwicklungen) -- C:\Program Files (x86)\MT\MT.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2010.10.27 19:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
PRC - [2010.08.25 11:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.10.13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe


========== Modules (No Company Name) ==========

MOD - [2012.06.17 10:14:46 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.05.15 02:21:26 | 000,368,448 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll


========== Win32 Services (SafeList) ==========

SRV - [2012.07.12 00:24:33 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.27 17:01:34 | 000,791,488 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.06.17 10:14:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.10.13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.06.23 11:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.04.27 10:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.04.27 10:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{ABDADF06-9C5F-4467-ADBD-A50FFE434085}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: browserprotect@browserprotect.com:1.1.3
FF - prefs.js..extensions.enabledItems: cookiekiller@joseph.moran:1.0.11
FF - prefs.js..extensions.enabledItems: externalip@erik.morlin:0.9.9.6
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.5
FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.23
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 10:14:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.13 10:20:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.20 11:35:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 10:14:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.13 10:20:44 | 000,000,000 | ---D | M]

[2011.01.13 00:20:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wir Zuhause\AppData\Roaming\mozilla\Extensions
[2012.07.09 20:34:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wir Zuhause\AppData\Roaming\mozilla\Firefox\Profiles\g1ps9c6x.default\extensions
[2012.07.09 20:34:35 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Wir Zuhause\AppData\Roaming\mozilla\Firefox\Profiles\g1ps9c6x.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.05.11 11:35:54 | 000,000,000 | ---D | M] (BrowserProtect) -- C:\Users\Wir Zuhause\AppData\Roaming\mozilla\Firefox\Profiles\g1ps9c6x.default\extensions\browserprotect@browserprotect.com
[2011.01.15 10:21:24 | 000,000,000 | ---D | M] (external IP) -- C:\Users\Wir Zuhause\AppData\Roaming\mozilla\Firefox\Profiles\g1ps9c6x.default\extensions\externalip@erik.morlin
[2012.04.23 12:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.07.26 23:33:26 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.03 09:11:29 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM
[2012.07.03 09:11:29 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF
[2012.07.08 21:39:29 | 000,164,885 | ---- | M] () (No name found) -- C:\USERS\WIR ZUHAUSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G1PS9C6X.DEFAULT\EXTENSIONS\{6614D11D-D21D-B211-AE23-815234E1EBB5}.XPI
[2011.09.16 22:46:13 | 000,057,127 | ---- | M] () (No name found) -- C:\USERS\WIR ZUHAUSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G1PS9C6X.DEFAULT\EXTENSIONS\COOKIEKILLER@JOSEPH.MORAN.XPI
[2012.06.17 10:14:46 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.19 18:21:31 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.04.23 12:02:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.23 12:02:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.23 12:02:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.23 12:02:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.23 12:02:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.23 12:02:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKCU..\Run: [Meine Traffic] C:\PROGRA~2\MT\MT.EXE (Mirko Böer Softwareentwicklungen)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{013C6BA5-3355-4F15-BB34-6AAF6CD4B685}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.02.27 08:01:20 | 000,000,041 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{628eb08d-8ce6-11e0-a7d7-6c626d99f886}\Shell - "" = AutoRun
O33 - MountPoints2\{628eb08d-8ce6-11e0-a7d7-6c626d99f886}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{95549dd1-2402-11e0-afd2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{95549dd1-2402-11e0-afd2-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Menu.exe -- [2009.02.27 08:01:20 | 000,367,104 | R--- | M] ()
O33 - MountPoints2\{9a13ca6d-c6d4-11e1-a93d-6c626d99f886}\Shell - "" = AutoRun
O33 - MountPoints2\{9a13ca6d-c6d4-11e1-a93d-6c626d99f886}\Shell\AutoRun\command - "" = G:\EasySuite.exe bootup
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.17 21:40:28 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\Desktop\kerstin
[2012.07.14 09:48:42 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\AppData\Roaming\Malwarebytes
[2012.07.14 09:48:22 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.14 09:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.14 09:48:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.14 09:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.13 10:55:07 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\Desktop\Hearts of Iron 2
[2012.07.05 14:03:33 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\AppData\Roaming\Avira
[2012.07.05 13:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.05 13:58:12 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.07.05 13:58:12 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.07.05 13:58:12 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.07.05 13:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.07.05 13:58:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.07.03 19:30:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.07.03 19:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.07.03 19:29:00 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.07.03 19:29:00 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.07.03 19:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.07.03 09:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot
[2012.07.03 09:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar
[2012.07.03 09:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater
[2012.06.27 14:44:29 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\AppData\Local\Programs
[2012.06.27 14:43:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
[2012.06.27 14:43:57 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\AppData\Local\ArcSoft
[2012.06.27 14:43:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2012.06.27 14:43:03 | 000,022,784 | ---- | C] (Arcsoft, Inc.) -- C:\Windows\SysWow64\drivers\afc.sys
[2012.06.27 14:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft MediaImpression
[2012.06.27 14:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft
[2012.06.27 14:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft
[2012.06.27 14:42:12 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\AppData\Roaming\ArcSoft

========== Files - Modified Within 30 Days ==========

[2012.07.22 19:24:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.22 19:16:02 | 000,000,000 | ---- | M] () -- C:\Users\Wir Zuhause\defogger_reenable
[2012.07.22 19:06:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.22 17:06:45 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 17:06:45 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 17:04:17 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.22 17:04:17 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.22 17:04:17 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.22 17:04:17 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.22 17:04:17 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.22 16:59:35 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.22 16:59:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.22 16:59:17 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.20 16:04:07 | 248,897,299 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2012.07.18 11:12:33 | 010,836,596 | ---- | M] () -- C:\Users\Wir Zuhause\Desktop\KerstinHoch2.odt
[2012.07.18 11:11:56 | 008,126,925 | ---- | M] () -- C:\Users\Wir Zuhause\Desktop\KerstinHoch3.odt
[2012.07.18 10:33:07 | 010,512,919 | ---- | M] () -- C:\Users\Wir Zuhause\Desktop\KerstinHoch1.odt
[2012.07.17 22:02:59 | 029,431,903 | ---- | M] () -- C:\Users\Wir Zuhause\Desktop\Kerstin2.odt
[2012.07.14 09:48:22 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.13 11:29:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.07.11 21:50:50 | 000,290,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.10 14:17:31 | 000,015,322 | ---- | M] () -- C:\Users\Public\Documents\Interview mit KErstinseltern.odt
[2012.07.05 13:58:18 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.27 14:42:59 | 000,002,139 | ---- | M] () -- C:\Users\Public\Desktop\Media Impression.lnk

========== Files Created - No Company Name ==========

[2012.07.22 19:16:02 | 000,000,000 | ---- | C] () -- C:\Users\Wir Zuhause\defogger_reenable
[2012.07.20 16:04:07 | 248,897,299 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2012.07.18 11:11:51 | 008,126,925 | ---- | C] () -- C:\Users\Wir Zuhause\Desktop\KerstinHoch3.odt
[2012.07.18 10:33:00 | 010,512,919 | ---- | C] () -- C:\Users\Wir Zuhause\Desktop\KerstinHoch1.odt
[2012.07.18 10:32:43 | 010,836,596 | ---- | C] () -- C:\Users\Wir Zuhause\Desktop\KerstinHoch2.odt
[2012.07.17 21:59:40 | 029,431,903 | ---- | C] () -- C:\Users\Wir Zuhause\Desktop\Kerstin2.odt
[2012.07.14 09:48:22 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.13 11:29:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.07.10 14:17:30 | 000,015,322 | ---- | C] () -- C:\Users\Public\Documents\Interview mit KErstinseltern.odt
[2012.07.05 13:58:18 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.03 19:29:15 | 002,621,723 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.07.03 19:28:10 | 000,014,324 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012.06.27 14:42:59 | 000,002,139 | ---- | C] () -- C:\Users\Public\Desktop\Media Impression.lnk
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.02.21 13:38:51 | 000,100,159 | ---- | C] () -- C:\ProgramData\1329824262.bdinstall.bin
[2012.01.21 13:55:01 | 000,314,077 | ---- | C] () -- C:\ProgramData\1327146115.bdinstall.bin
[2012.01.21 13:39:35 | 000,102,491 | ---- | C] () -- C:\ProgramData\1327145953.bdinstall.bin
[2012.01.11 11:26:26 | 000,000,000 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\{770631B1-B43D-456E-8BAD-2F0B02957066}
[2011.11.08 08:51:28 | 000,000,000 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\{9A89FF69-F7B9-4CD0-9B02-6728492FFC6D}
[2011.10.27 16:37:27 | 000,000,000 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\{4C9748DF-FB2F-4E70-8833-66719F23A638}
[2011.10.24 10:52:09 | 000,000,000 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\{A6413DDB-12ED-4DD5-95B7-AF51B2D42B56}
[2011.07.12 06:20:58 | 000,000,000 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\{B4D045BD-854D-48C9-8D3E-E4A940095CA7}
[2011.06.28 21:23:07 | 000,007,611 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\Resmon.ResmonCfg
[2011.04.28 09:49:18 | 000,012,288 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.17 21:03:36 | 000,000,053 | ---- | C] () -- C:\Windows\COLONIZ.INI
[2011.03.15 22:03:53 | 000,590,145 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011.01.30 15:39:09 | 000,000,161 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Roaming\default.rss

========== LOP Check ==========

[2011.08.27 12:15:13 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Canon
[2011.07.14 18:26:48 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\DS-Timer
[2011.01.15 23:04:38 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\JLC's Software
[2011.09.25 21:40:31 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\LolClient
[2012.05.24 10:27:32 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\LolClient2
[2012.01.20 12:05:27 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Meine Traffic
[2011.01.17 20:05:59 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\OpenOffice.org
[2011.11.29 11:59:22 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\pdfforge
[2011.03.15 22:04:25 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\QuickScan
[2011.05.23 19:05:24 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\temp
[2011.09.07 00:28:44 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Thunderbird
[2012.07.20 00:54:52 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\TS3Client
[2011.09.29 10:30:05 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\ts3overlay
[2012.07.12 19:32:07 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
und die extras.txt:
Zitat:
TL Extras logfile created on: 22.07.2012 19:43:50 - Run 1
OTL by OldTimer - Version 3.2.54.0 Folder = C:\Users\Wir Zuhause\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,69 Gb Available Physical Memory | 67,31% Memory free
8,00 Gb Paging File | 6,30 Gb Available in Paging File | 78,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 299,90 Gb Total Space | 239,06 Gb Free Space | 79,71% Space Free | Partition Type: NTFS
Drive D: | 631,51 Gb Total Space | 613,78 Gb Free Space | 97,19% Space Free | Partition Type: NTFS
Drive F: | 236,01 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: KNOBELBECHER | User Name: Wir Zuhause | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C0E6AA1-8D90-46B5-8DAE-B9CC7C22A523}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{17B7A50B-398B-4B76-8FB4-0DC46B322875}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1D283BB9-2DF8-415E-94A6-28562D91B487}" = rport=138 | protocol=17 | dir=out | app=system |
"{251A092F-E1ED-4532-ADF6-82505242F1DA}" = rport=139 | protocol=6 | dir=out | app=system |
"{2BE25BA8-8680-41FF-8164-EB5691348C57}" = lport=10243 | protocol=6 | dir=in | app=system |
"{34D245F1-947B-4445-B960-0421D00AD27C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{3F4347D7-AE9C-4642-9534-56468D503B13}" = lport=138 | protocol=17 | dir=in | app=system |
"{4B3AFCEC-2003-4243-8063-7746B1914648}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{5BC9E324-75F1-4949-B51A-5BCBBCCE74D2}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5DF0D0A1-E8BE-4644-A56B-5CA42FBA636F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5E3A874F-FE16-4811-993E-7A88437C739B}" = rport=137 | protocol=17 | dir=out | app=system |
"{65D788B4-A4BD-4BF0-AF2B-45A8B8F88177}" = lport=137 | protocol=17 | dir=in | app=system |
"{69C21503-B436-439F-AEFA-AA02F918EEF8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{77E508E3-C4E9-4890-804C-0681B3014DA4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{87CE8D16-E5F9-4A1B-985B-D5DF4F0D25B8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9812A523-D55A-4F3F-9F69-83B4A313518A}" = lport=445 | protocol=6 | dir=in | app=system |
"{A8AD91C0-C3C5-4316-B247-D55FCB3F9F11}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BA01E426-5546-4558-9129-9F3B86D94C3D}" = lport=139 | protocol=6 | dir=in | app=system |
"{C103AE74-BFBE-493F-AADF-BCDA5FBE8FC0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{C4A82D98-10B6-401C-84FE-BA807F0171FE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CA80D39E-8132-4A6B-B991-1189E6F09E26}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CED0C482-CACB-4C21-8EB1-6F4520F341A8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FD87FC0E-A401-4AED-8D83-2F75BCC75644}" = rport=445 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01C4FCD1-FEDB-4AB2-9B5E-8FC80A0704D8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{108CA03A-E610-4872-B3BA-73E9DE5481DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{10B76AAC-7177-4C70-84C1-7291806BE2C4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1D8F2028-7C4E-422C-9FF1-0B1DCCB76420}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{250F7A46-C776-4C2A-98F7-D0A2A9D96A8C}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2DE9B185-C313-4951-AE60-1E2758BF88F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4353C613-0F7E-41DF-A96A-42711E9A7FD1}" = protocol=6 | dir=out | app=system |
"{4EEE3A99-85BA-4BF6-B775-F116A9FD9900}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5CE51CCC-B3FD-48E3-AABB-649C64612E3F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5DF82CC2-DBE9-4ED9-B257-BE51AF7FF30E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5F428BA3-45F7-4695-81CC-010D1DCADDC5}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6A358A35-732D-4540-9B69-225F772EBF01}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7BEB8E42-B0B7-4CE5-B0B5-EEB503235035}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{8348E6E4-B2C9-4EC5-8BB9-5EDEB63C00E4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{8645839B-0D7A-4397-8DC8-B3EB7CA1CD54}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9B091303-1387-49D0-82B5-C4525924AA6D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{9D72761E-72B0-4EB9-93B7-2377C29D9425}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AE651608-F8F1-41E7-9A2B-60687B30B6F4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B7FC6A66-13B0-4677-ACFF-AC8A053BDBCF}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D7554388-9A2C-4F69-87DF-9A78590EF08F}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E2AB731B-E109-4F0D-89E4-A3736A65CB39}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E8078649-4590-4E88-85DD-45021AA716F7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{EA9B5202-9054-480F-A531-0C9E835B4392}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F00AB2F0-2738-46BA-8560-7FA637823F41}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F931B3E3-E92F-43C9-80D8-04E71DE59469}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"TCP Query User{26141450-73CC-4A17-B6FD-72AC0E34F5F8}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"TCP Query User{2A3707E7-BE7B-4BFF-B544-040CA6D1DF9D}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |
"TCP Query User{5C2A092C-2FBE-4E3C-951D-71F494E8847F}D:\spiele\patgoldii\patrizier 2.exe" = protocol=6 | dir=in | app=d:\spiele\patgoldii\patrizier 2.exe |
"TCP Query User{8B4138BD-2897-4348-97A8-76B6E733192D}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{8D118FBB-98C0-4D47-A480-E85E079087A9}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{D6BA94A0-8049-4AA0-90E9-9AE7A5696358}D:\spiele\patgoldii\patrizier 2.exe" = protocol=6 | dir=in | app=d:\spiele\patgoldii\patrizier 2.exe |
"TCP Query User{EE34ED6C-2BE1-4D03-BAC9-0BE3E1B12A63}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"TCP Query User{F6411B29-8128-43CF-90C1-E04558F06251}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{1EA21E7B-0174-4C5C-B777-84E20C47A07F}D:\spiele\patgoldii\patrizier 2.exe" = protocol=17 | dir=in | app=d:\spiele\patgoldii\patrizier 2.exe |
"UDP Query User{A5B64128-9EDA-4F9A-9036-3655FC3B88EC}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{B49DD184-2FAB-447A-AD4B-3D095541F8C0}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{C4B2C8B0-9791-43A4-A1C1-DE14BC9E3FBC}D:\spiele\patgoldii\patrizier 2.exe" = protocol=17 | dir=in | app=d:\spiele\patgoldii\patrizier 2.exe |
"UDP Query User{D3608C81-CF3D-42C7-8ADB-334E5859B3F6}C:\program files (x86)\google\google earth\client\googleearth.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\client\googleearth.exe |
"UDP Query User{DA65D40A-91C8-4A3A-AF9F-1B2675754A16}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"UDP Query User{E4DD8DEF-6974-4961-BDA4-11012F5BA81E}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"UDP Query User{E657FA62-6FD9-490C-AF5B-C7F7919B2663}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{850C7AF6-7376-464D-A69C-E8419EC7ACA7}" = Microsoft IntelliType Pro 7.0
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"CCleaner" = CCleaner
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"TeamSpeak 3 Client" = TeamSpeak 3 Client

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 1.1.2 (DX11)
"{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help
"{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7BF1DD4A-8DBF-48C9-8B74-E6DAE4C57B31}" = Cleanse Uninstaller Pro
"{7cf1e8aa-b0db-4a85-8359-ba9b67df120c}" = Nero 9 Essentials
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{96B3C2A3-ADD6-4E63-89D3-1E3AC115D3FA}" = pdfforge Toolbar v6.0
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A10F7877-4276-416C-9F22-CB56C0CB2700}" = Medieval - Total War - Gold Edition
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C1384098-6838-4FE9-9035-B0F348A03402}_is1" = Disciples III Version 1.06.3
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{C9F0B814-4CBE-4DE2-83B2-C0D770CF9CA6}" = ArcSoft MediaImpression
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Afterburner" = MSI Afterburner 2.0.0 Beta 4
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonMyPrinter" = Canon My Printer
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"FormatFactory" = FormatFactory 2.90
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Liveupdate4_is1" = Liveupdate4
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MeineTraffic" = Meine Traffic 2.20
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Patrizier II Gold_is1" = Patrizier II Gold
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Winamp" = Winamp
"WinUHA_is1" = WinUHA 2.0 RC1 (2005.02.27)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Detector Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 06.04.2012 03:22:14 | Computer Name = Knobelbecher | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest-
oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 06.04.2012 13:30:58 | Computer Name = Knobelbecher | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 06.04.2012 13:30:58 | Computer Name = Knobelbecher | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 06.04.2012 19:16:01 | Computer Name = Knobelbecher | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
(x86)\Nero\Nero 9\Nero PhotoSnap\PhotoSnapViewer.exe.Manifest". Fehler in Manifest-
oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion
steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt
stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Error - 07.04.2012 03:28:26 | Computer Name = Knobelbecher | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 07.04.2012 03:28:26 | Computer Name = Knobelbecher | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 07.04.2012 16:09:54 | Computer Name = Knobelbecher | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 07.04.2012 16:09:54 | Computer Name = Knobelbecher | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 07.04.2012 16:26:09 | Computer Name = Knobelbecher | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

Error - 07.04.2012 16:26:09 | Computer Name = Knobelbecher | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.

[ System Events ]
Error - 17.07.2012 15:34:39 | Computer Name = Knobelbecher | Source = bowser | ID = 8003
Description =

Error - 17.07.2012 15:36:09 | Computer Name = Knobelbecher | Source = bowser | ID = 8003
Description =

Error - 17.07.2012 15:39:06 | Computer Name = Knobelbecher | Source = bowser | ID = 8003
Description =

Error - 18.07.2012 07:10:37 | Computer Name = Knobelbecher | Source = bowser | ID = 8003
Description =

Error - 18.07.2012 08:33:15 | Computer Name = Knobelbecher | Source = bowser | ID = 8003
Description =

Error - 19.07.2012 08:37:23 | Computer Name = Knobelbecher | Source = bowser | ID = 8003
Description =

Error - 19.07.2012 12:38:39 | Computer Name = Knobelbecher | Source = NetBT | ID = 4321
Description = Der Name "WORKGROUP :1d" konnte nicht auf der Schnittstelle mit
IP-Adresse 192.168.2.102 registriert werden. Der Computer mit IP-Adresse 192.168.2.1
hat nicht zugelassen, dass dieser Computer diesen Namen verwendet.

Error - 19.07.2012 16:26:56 | Computer Name = Knobelbecher | Source = BugCheck | ID = 1001
Description =

Error - 20.07.2012 10:04:20 | Computer Name = Knobelbecher | Source = BugCheck | ID = 1001
Description =

Error - 21.07.2012 05:30:37 | Computer Name = Knobelbecher | Source = bowser | ID = 8003
Description =


< End of report >

eine Riesen report k.A.
Bin da überfordert


Vielen Vielen Dank für Hilfe


Grüße

Alt 25.07.2012, 13:36   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner - Standard

2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner



Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 25.07.2012, 22:00   #3
Knobelhannes
 
2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner - Standard

2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner



Gruß, Vielen Dank.

Die "älteren" Scans-Logs
Der erste mit Fund:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.14.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Wir Zuhause :: KNOBELBECHER [Administrator]

14.07.2012 09:49:32
mbam-log-2012-07-14 (09-49-32).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 231739
Laufzeit: 1 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Wir Zuhause\Downloads\SoftonicDownloader_fuer_hp-usb-disk-storage-format-tool.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wir Zuhause\Downloads\SoftonicDownloader_fuer_winsetupfromusb.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
andere nachfolgende ohne Fund

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.14.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Wir Zuhause :: KNOBELBECHER [Administrator]

15.07.2012 10:41:17
mbam-log-2012-07-15 (10-41-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 450351
Laufzeit: 44 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.14.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Wir Zuhause :: KNOBELBECHER [Administrator]

14.07.2012 11:10:56
mbam-log-2012-07-14 (11-10-56).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 450239
Laufzeit: 45 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Hatte zwischenzeitlich mehrfach vollständige Scans mit Malwarebytes durchgeführt..waren Kein Funde....
Und Heute? 2 Stück, So eine Sch.....

Alles in Quarantäne (sind jetzt insgesamt nun mehr 4 Dateien)

Anbei alle vollständigen Malwarebytes-logs:
Der 1. von heute:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.25.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Wir Zuhause :: KNOBELBECHER [Administrator]

25.07.2012 19:52:24
mbam-log-2012-07-25 (19-52-24).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 426336
Laufzeit: 49 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Program Files\canon\treiber\iP3000\setup.exe (Spyware.Zbot.OUT) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Wir Zuhause\Pictures\Treiber\treiber\iP3000\setup.exe (Spyware.Zbot.OUT) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
Der 2. von heute:
Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.25.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Wir Zuhause :: KNOBELBECHER [Administrator]

25.07.2012 21:31:17
mbam-log-2012-07-25 (21-31-17).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 426536
Laufzeit: 53 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
Eset wird durchgeführt und folgt:

Der Eset Log

G ist eine externe Festplatte, welche eine alte Sicherung meines alten IBM Laptop darstellt.

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=975091bfd61df34ca9b06fae1c4dca0f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-26 12:33:24
# local_time=2012-07-26 02:33:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 1759973 1759973 0 0
# compatibility_mode=5893 16776574 100 94 13432453 94879315 0 0
# compatibility_mode=8192 67108863 100 0 534 534 0 0
# scanned=370822
# found=20
# cleaned=0
# scan_time=13352
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.15	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Program Files (x86)\pdfforge Toolbar\IE\6.1\pdfforgeToolbarIE.dll	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wir Zuhause\Downloads\Notebook_Starter_Kit.zip	Win32/Adware.Linkular application (unable to clean)	00000000000000000000000000000000	I
C:\Users\Wir Zuhause\Downloads\PDFCreator-1_2_3_setup.exe	Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
C:\Windows\Installer\57712.msi	a variant of Win32/Toolbar.Widgi application (unable to clean)	00000000000000000000000000000000	I
G:\Frank IBM\Dokumente und Einstellungen\Administrator 2\Eigene Dateien\Internetprogramme\vidalia-bundle-0.2.0.31-0.1.9.exe	probably a variant of Win32/TrojanDownloader.Agent.BXGACSC trojan (unable to clean)	00000000000000000000000000000000	I
${Memory}	a variant of Win32/Toolbar.Widgi application	00000000000000000000000000000000	I
         
Ich hab keine Ahnung wie die ganzen Toolbars auf meinen Rechner kommen, da ich bevorzugt nur benutzerdefiniertes Setup mache, da ich eine Veränderung von meinem Firefox nicht leiden kann.


Zu den Malwares von heute...meine Freundin hatte freegmx nicht beendet (logout) und den Rechner die ganze Zeit on gehabt....kann da sowas passieren oder is dies nur von einer E-Mail mit Trojaner-Anhang möglich?

Vielen Dank für Eure Hilfe. Der Eset Scan hat fast 4 h gedauert...wenn ich das vorher gewußt hätte...
__________________

Alt 26.07.2012, 14:42   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner - Standard

2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner



Code:
ATTFilter
C:\Users\Wir Zuhause\Downloads\SoftonicDownloader_fuer_hp-usb-disk-storage-format-tool.exe (
         
Das kommt wenn Software von dieser sch. Seite Softonic lädt!

Vermüllte Software von Softonic scheint gerade stark in Mode zu sein!

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen


adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 26.07.2012, 18:15   #5
Knobelhannes
 
2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner - Standard

2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner



Jetzt bin ja auch schlauer *Schnüff*.
Mache es garantiert nicht wieder, aber manchmal ist es schwierig die richtigen Suchvariablen einzugeben um eben nich auf so einer vermüllten Seite zu landen....Sry


Die Log-Datei liest sich so
Code:
ATTFilter
Found : Application Updater

***** [Files / Folders] *****

Folder Found : C:\Users\Wir Zuhause\AppData\LocalLow\pdfforge
Folder Found : C:\Users\Wir Zuhause\AppData\LocalLow\Search Settings
Folder Found : C:\Users\Wir Zuhause\AppData\Roaming\pdfforge
Folder Found : C:\Program Files (x86)\Application Updater
Folder Found : C:\Program Files (x86)\pdfforge Toolbar
Folder Found : C:\Program Files (x86)\Common Files\spigot

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\pdfforge
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\pdfforge
Key Found : HKCU\Software\Search Settings
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Application Updater
Key Found : HKLM\SOFTWARE\pdfforge
Key Found : HKLM\SOFTWARE\Search Settings
Key Found : HKLM\SOFTWARE\Wise Solutions
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
[x64] Key Found : HKCU\Software\AppDataLow\Software\pdfforge
[x64] Key Found : HKCU\Software\AppDataLow\Software\Search Settings
[x64] Key Found : HKCU\Software\pdfforge
[x64] Key Found : HKCU\Software\Search Settings
[x64] Key Found : HKCU\Software\Softonic

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\Wir Zuhause\AppData\Roaming\Mozilla\Firefox\Profiles\g1ps9c6x.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2434 octets] - [26/07/2012 19:12:10]

########## EOF - C:\AdwCleaner[R1].txt - [2562 octets] ##########
         


Alt 26.07.2012, 22:37   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner - Standard

2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner



adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

Hätte dann mal drei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
3.) Die Toolbar bzw. Weiterleitung nun weg?
__________________
--> 2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner

Alt 26.07.2012, 23:12   #7
Knobelhannes
 
2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner - Standard

2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner



Gemacht:
Code:
ATTFilter
# AdwCleaner v1.703 - Logfile created 07/26/2012 at 23:54:55
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Wir Zuhause - KNOBELBECHER
# Running from : C:\Users\Wir Zuhause\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Application Updater

***** [Files / Folders] *****

Folder Deleted : C:\Users\Wir Zuhause\AppData\LocalLow\pdfforge
Folder Deleted : C:\Users\Wir Zuhause\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Wir Zuhause\AppData\Roaming\pdfforge
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\pdfforge Toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\spigot

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\pdfforge
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\pdfforge
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Application Updater
Key Deleted : HKLM\SOFTWARE\pdfforge
Key Deleted : HKLM\SOFTWARE\Search Settings
Key Deleted : HKLM\SOFTWARE\Wise Solutions
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default 
File : C:\Users\Wir Zuhause\AppData\Roaming\Mozilla\Firefox\Profiles\g1ps9c6x.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2551 octets] - [26/07/2012 19:12:10]
AdwCleaner[R2].txt - [2611 octets] - [26/07/2012 19:20:23]
AdwCleaner[R3].txt - [2671 octets] - [26/07/2012 23:54:46]
AdwCleaner[S1].txt - [2271 octets] - [26/07/2012 23:54:55]

########## EOF - C:\AdwCleaner[S1].txt - [2399 octets] ##########
         

1. Das Herunterfahren des Rechners geht gefühlt 30 mal schneller.
Das sofortige Herunterfahren des Rechners nach Schließen des Browser geht sofort ohne Warten auf Hintergrundprogramme, abgesehen von jetzt: adware.exe.
Edit1: Das Browseröffnen+Seite laden geht schneller mind. 3 mal so schnell

2. Kann sein, kann ich nicht so nachvollziehen. Tendiere zu Nein.

3. K.A. Hatte keine Toolbar, bzw. wenn hatte ich diese über andere Wege (manuelle Einstellung von Firefox) zumindest im Browser deaktiviert.
Aber entfernt wahrscheinlich genau jetzt über Adware.



4.!!!!!!!!! DANKE !!!!!!!!!!!!!!!!!!!!


Gruß Frank

Geändert von Knobelhannes (26.07.2012 um 23:32 Uhr)

Alt 27.07.2012, 08:15   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner - Standard

2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner



Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet
Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.07.2012, 10:24   #9
Knobelhannes
 
2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner - Standard

2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner



Moin Moin,

Das OTL-Log von heute mit der heutig geladenen Version
Code:
ATTFilter
OTL logfile created on: 27.07.2012 11:07:21 - Run 2
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\Wir Zuhause\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 74,98% Memory free
8,00 Gb Paging File | 6,73 Gb Available in Paging File | 84,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 299,90 Gb Total Space | 236,26 Gb Free Space | 78,78% Space Free | Partition Type: NTFS
Drive D: | 631,51 Gb Total Space | 613,84 Gb Free Space | 97,20% Space Free | Partition Type: NTFS
 
Computer Name: KNOBELBECHER | User Name: Wir Zuhause | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.27 11:04:06 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Wir Zuhause\Desktop\OTL(1).exe
PRC - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.09.25 19:07:58 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.10.13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.25 19:07:58 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.06.17 10:14:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.10.13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.06.23 11:10:56 | 000,344,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.04.27 10:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.04.27 10:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3180283940-2608338086-1196643646-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3180283940-2608338086-1196643646-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3180283940-2608338086-1196643646-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3180283940-2608338086-1196643646-1000\..\SearchScopes\{ABDADF06-9C5F-4467-ADBD-A50FFE434085}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-3180283940-2608338086-1196643646-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: browserprotect@browserprotect.com:1.1.3
FF - prefs.js..extensions.enabledItems: cookiekiller@joseph.moran:1.0.11
FF - prefs.js..extensions.enabledItems: externalip@erik.morlin:0.9.9.6
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.5
FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.23
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 10:14:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.13 10:20:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.20 11:35:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 10:14:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.13 10:20:44 | 000,000,000 | ---D | M]
 
[2011.01.13 00:20:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wir Zuhause\AppData\Roaming\mozilla\Extensions
[2012.07.26 23:57:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wir Zuhause\AppData\Roaming\mozilla\Firefox\Profiles\g1ps9c6x.default\extensions
[2012.07.09 20:34:35 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Wir Zuhause\AppData\Roaming\mozilla\Firefox\Profiles\g1ps9c6x.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.05.11 11:35:54 | 000,000,000 | ---D | M] (BrowserProtect) -- C:\Users\Wir Zuhause\AppData\Roaming\mozilla\Firefox\Profiles\g1ps9c6x.default\extensions\browserprotect@browserprotect.com
[2011.01.15 10:21:24 | 000,000,000 | ---D | M] (external IP) -- C:\Users\Wir Zuhause\AppData\Roaming\mozilla\Firefox\Profiles\g1ps9c6x.default\extensions\externalip@erik.morlin
[2012.04.23 12:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.07.26 23:33:26 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.08 21:39:29 | 000,164,885 | ---- | M] () (No name found) -- C:\USERS\WIR ZUHAUSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G1PS9C6X.DEFAULT\EXTENSIONS\{6614D11D-D21D-B211-AE23-815234E1EBB5}.XPI
[2011.09.16 22:46:13 | 000,057,127 | ---- | M] () (No name found) -- C:\USERS\WIR ZUHAUSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G1PS9C6X.DEFAULT\EXTENSIONS\COOKIEKILLER@JOSEPH.MORAN.XPI
[2012.06.17 10:14:46 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.19 18:21:31 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.04.23 12:02:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.23 12:02:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.23 12:02:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.23 12:02:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.23 12:02:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.23 12:02:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3180283940-2608338086-1196643646-1000..\Run: [Meine Traffic] C:\PROGRA~2\MT\MT.EXE (Mirko Böer Softwareentwicklungen)
O4 - HKU\S-1-5-21-3180283940-2608338086-1196643646-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-3180283940-2608338086-1196643646-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3180283940-2608338086-1196643646-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{013C6BA5-3355-4F15-BB34-6AAF6CD4B685}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{628eb08d-8ce6-11e0-a7d7-6c626d99f886}\Shell - "" = AutoRun
O33 - MountPoints2\{628eb08d-8ce6-11e0-a7d7-6c626d99f886}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9a13ca6d-c6d4-11e1-a93d-6c626d99f886}\Shell - "" = AutoRun
O33 - MountPoints2\{9a13ca6d-c6d4-11e1-a93d-6c626d99f886}\Shell\AutoRun\command - "" = G:\EasySuite.exe bootup
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.27 11:04:05 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Wir Zuhause\Desktop\OTL(1).exe
[2012.07.25 22:42:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.24 22:59:19 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\Documents\Hochszeitung
[2012.07.17 21:40:28 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\Desktop\kerstin
[2012.07.14 09:48:42 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\AppData\Roaming\Malwarebytes
[2012.07.14 09:48:22 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.14 09:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.14 09:48:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.14 09:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.13 10:55:07 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\Desktop\Hearts of Iron 2
[2012.07.05 14:03:33 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\AppData\Roaming\Avira
[2012.07.05 13:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.05 13:58:12 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.07.05 13:58:12 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.07.05 13:58:12 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.07.05 13:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.07.05 13:58:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.07.03 19:30:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.07.03 19:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.07.03 19:29:00 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.07.03 19:29:00 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.07.03 19:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.06.27 14:44:29 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\AppData\Local\Programs
[2012.06.27 14:43:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
[2012.06.27 14:43:57 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\AppData\Local\ArcSoft
[2012.06.27 14:43:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2012.06.27 14:43:03 | 000,022,784 | ---- | C] (Arcsoft, Inc.) -- C:\Windows\SysWow64\drivers\afc.sys
[2012.06.27 14:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft MediaImpression
[2012.06.27 14:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft
[2012.06.27 14:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft
[2012.06.27 14:42:12 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\AppData\Roaming\ArcSoft
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.27 11:06:10 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.27 11:04:06 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Wir Zuhause\Desktop\OTL(1).exe
[2012.07.27 11:02:07 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.27 11:02:07 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.27 10:59:15 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.27 10:59:15 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.27 10:59:15 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.27 10:59:15 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.27 10:59:15 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.27 10:55:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.27 10:54:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.27 10:54:42 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.26 19:11:33 | 000,632,049 | ---- | M] () -- C:\Users\Wir Zuhause\Desktop\adwcleaner.exe
[2012.07.24 22:19:54 | 030,046,296 | ---- | M] () -- C:\Users\Wir Zuhause\Documents\Die Braut stellt sich 2.odt
[2012.07.22 19:16:02 | 000,000,000 | ---- | M] () -- C:\Users\Wir Zuhause\defogger_reenable
[2012.07.18 11:12:33 | 010,836,596 | ---- | M] () -- C:\Users\Wir Zuhause\Desktop\KerstinHoch2.odt
[2012.07.18 11:11:56 | 008,126,925 | ---- | M] () -- C:\Users\Wir Zuhause\Desktop\KerstinHoch3.odt
[2012.07.18 10:33:07 | 010,512,919 | ---- | M] () -- C:\Users\Wir Zuhause\Desktop\KerstinHoch1.odt
[2012.07.17 22:02:59 | 029,431,903 | ---- | M] () -- C:\Users\Wir Zuhause\Desktop\Kerstin2.odt
[2012.07.14 09:48:22 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.13 11:29:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.07.11 21:50:50 | 000,290,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.10 14:17:31 | 000,015,322 | ---- | M] () -- C:\Users\Public\Documents\Interview mit KErstinseltern.odt
[2012.07.05 13:58:18 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.27 14:42:59 | 000,002,139 | ---- | M] () -- C:\Users\Public\Desktop\Media Impression.lnk
 
========== Files Created - No Company Name ==========
 
[2012.07.26 19:11:31 | 000,632,049 | ---- | C] () -- C:\Users\Wir Zuhause\Desktop\adwcleaner.exe
[2012.07.22 22:45:58 | 030,046,296 | ---- | C] () -- C:\Users\Wir Zuhause\Documents\Die Braut stellt sich 2.odt
[2012.07.22 19:16:02 | 000,000,000 | ---- | C] () -- C:\Users\Wir Zuhause\defogger_reenable
[2012.07.18 11:11:51 | 008,126,925 | ---- | C] () -- C:\Users\Wir Zuhause\Desktop\KerstinHoch3.odt
[2012.07.18 10:33:00 | 010,512,919 | ---- | C] () -- C:\Users\Wir Zuhause\Desktop\KerstinHoch1.odt
[2012.07.18 10:32:43 | 010,836,596 | ---- | C] () -- C:\Users\Wir Zuhause\Desktop\KerstinHoch2.odt
[2012.07.17 21:59:40 | 029,431,903 | ---- | C] () -- C:\Users\Wir Zuhause\Desktop\Kerstin2.odt
[2012.07.14 09:48:22 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.13 11:29:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.07.10 14:17:30 | 000,015,322 | ---- | C] () -- C:\Users\Public\Documents\Interview mit KErstinseltern.odt
[2012.07.05 13:58:18 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.03 19:29:15 | 002,621,723 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.07.03 19:28:10 | 000,014,324 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012.06.27 14:42:59 | 000,002,139 | ---- | C] () -- C:\Users\Public\Desktop\Media Impression.lnk
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.02.21 13:38:51 | 000,100,159 | ---- | C] () -- C:\ProgramData\1329824262.bdinstall.bin
[2012.01.21 13:55:01 | 000,314,077 | ---- | C] () -- C:\ProgramData\1327146115.bdinstall.bin
[2012.01.21 13:39:35 | 000,102,491 | ---- | C] () -- C:\ProgramData\1327145953.bdinstall.bin
[2012.01.11 11:26:26 | 000,000,000 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\{770631B1-B43D-456E-8BAD-2F0B02957066}
[2011.11.08 08:51:28 | 000,000,000 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\{9A89FF69-F7B9-4CD0-9B02-6728492FFC6D}
[2011.10.27 16:37:27 | 000,000,000 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\{4C9748DF-FB2F-4E70-8833-66719F23A638}
[2011.10.24 10:52:09 | 000,000,000 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\{A6413DDB-12ED-4DD5-95B7-AF51B2D42B56}
[2011.07.12 06:20:58 | 000,000,000 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\{B4D045BD-854D-48C9-8D3E-E4A940095CA7}
[2011.06.28 21:23:07 | 000,007,611 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\Resmon.ResmonCfg
[2011.04.28 09:49:18 | 000,012,288 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.17 21:03:36 | 000,000,053 | ---- | C] () -- C:\Windows\COLONIZ.INI
[2011.03.15 22:03:53 | 000,590,145 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011.01.30 15:39:09 | 000,000,161 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Roaming\default.rss
 
========== LOP Check ==========
 
[2011.08.27 12:15:13 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Canon
[2011.07.14 18:26:48 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\DS-Timer
[2011.01.15 23:04:38 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\JLC's Software
[2011.09.25 21:40:31 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\LolClient
[2012.05.24 10:27:32 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\LolClient2
[2012.01.20 12:05:27 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Meine Traffic
[2011.01.17 20:05:59 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\OpenOffice.org
[2011.03.15 22:04:25 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\QuickScan
[2011.05.23 19:05:24 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\temp
[2011.09.07 00:28:44 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Thunderbird
[2012.07.23 19:29:02 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\TS3Client
[2011.09.29 10:30:05 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\ts3overlay
[2012.07.12 19:32:07 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.02.02 12:22:32 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Adobe
[2012.06.27 14:47:45 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\ArcSoft
[2012.07.05 14:03:33 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Avira
[2011.08.27 12:15:13 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Canon
[2011.07.14 18:26:48 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\DS-Timer
[2011.01.12 23:07:57 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Identities
[2011.01.19 18:26:12 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\InstallShield
[2011.01.15 23:04:38 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\JLC's Software
[2011.09.25 21:40:31 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\LolClient
[2012.05.24 10:27:32 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\LolClient2
[2011.01.13 00:38:21 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Macromedia
[2012.07.14 09:48:42 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Media Center Programs
[2012.01.20 12:05:27 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Meine Traffic
[2011.11.21 21:29:56 | 000,000,000 | --SD | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Microsoft
[2011.01.13 00:20:57 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Mozilla
[2011.01.26 01:32:20 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Nero
[2011.01.17 20:05:59 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\OpenOffice.org
[2011.03.15 22:04:25 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\QuickScan
[2011.05.04 23:16:49 | 000,000,000 | RH-D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\SecuROM
[2012.06.15 11:49:08 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Skype
[2011.07.13 10:35:15 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\teamspeak2
[2011.05.23 19:05:24 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\temp
[2011.09.07 00:28:44 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Thunderbird
[2012.07.23 19:29:02 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\TS3Client
[2011.09.29 10:30:05 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\ts3overlay
[2012.07.19 22:51:57 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Winamp
[2011.01.31 23:39:05 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >
         

Alt 27.07.2012, 13:29   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner - Standard

2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner



Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
FF - user.js - File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3180283940-2608338086-1196643646-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O4 - HKU\S-1-5-21-3180283940-2608338086-1196643646-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{628eb08d-8ce6-11e0-a7d7-6c626d99f886}\Shell - "" = AutoRun
O33 - MountPoints2\{628eb08d-8ce6-11e0-a7d7-6c626d99f886}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9a13ca6d-c6d4-11e1-a93d-6c626d99f886}\Shell - "" = AutoRun
O33 - MountPoints2\{9a13ca6d-c6d4-11e1-a93d-6c626d99f886}\Shell\AutoRun\command - "" = G:\EasySuite.exe bootup
:Files
C:\Program Files (x86)\Common Files\Spigot
C:\Program Files (x86)\PDFCreator\Toolbar
C:\Program Files (x86)\pdfforge Toolbar
G:\Frank IBM\Dokumente und Einstellungen\Administrator 2\Eigene Dateien\Internetprogramme\vidalia-bundle-0.2.0.31-0.1.9.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 27.07.2012, 22:14   #11
Knobelhannes
 
2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner - Standard

2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner



Guten Abend,

Als Hinweis die externe Festplatte, wo die alte Daten drauf sind hatte ich nicht angeschlossen da Antivir da Viren gefunden hatte und ich meinen Rechner nicht neu infizieren wollte. Muß Dich da eh fragen: Wie kann ich ein paar alte Daten auf eine DVD brennen ohne das ich in dem Augenblick, wo die Festplatte per USB verbunden ist Viren auf meine Rechner hole?

Die geforderte FIX-Log-File liest sich so:


Code:
ATTFilter
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3180283940-2608338086-1196643646-1005\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3180283940-2608338086-1196643646-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Pando Media Booster deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{628eb08d-8ce6-11e0-a7d7-6c626d99f886}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{628eb08d-8ce6-11e0-a7d7-6c626d99f886}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{628eb08d-8ce6-11e0-a7d7-6c626d99f886}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{628eb08d-8ce6-11e0-a7d7-6c626d99f886}\ not found.
File H:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a13ca6d-c6d4-11e1-a93d-6c626d99f886}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a13ca6d-c6d4-11e1-a93d-6c626d99f886}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a13ca6d-c6d4-11e1-a93d-6c626d99f886}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a13ca6d-c6d4-11e1-a93d-6c626d99f886}\ not found.
File G:\EasySuite.exe bootup not found.
========== FILES ==========
File\Folder C:\Program Files (x86)\Common Files\Spigot not found.
C:\Program Files (x86)\PDFCreator\Toolbar folder moved successfully.
File\Folder C:\Program Files (x86)\pdfforge Toolbar not found.
File\Folder G:\Frank IBM\Dokumente und Einstellungen\Administrator 2\Eigene Dateien\Internetprogramme\vidalia-bundle-0.2.0.31-0.1.9.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Wir Zuhause
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3052280 bytes
->Java cache emptied: 806206 bytes
->FireFox cache emptied: 55243520 bytes
->Flash cache emptied: 563 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5022424 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 192516 bytes
RecycleBin emptied: 15208930 bytes
 
Total Files Cleaned = 76,00 mb
 
 
[EMPTYFLASH]
 
User: Administrator
 
User: All Users
 
User: Default
 
User: Default User
 
User: Public
 
User: UpdatusUser
 
User: Wir Zuhause
->Flash cache emptied: 0 bytes
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.55.0 log created on 07272012_230227

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 27.07.2012, 22:43   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner - Standard

2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner



Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

__________________
Logfiles bitte immer in CODE-Tags posten

Alt 30.07.2012, 17:58   #13
Knobelhannes
 
2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner - Standard

2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner



Hallo Cosinus, bin erst heute wieder da, habe 2mal sicherheitshalber Deine Anweisung gemacht. Beide Logs ergaben keine Funde. Das aktuelleree poste ich. Viele Grüße Frank

Code:
ATTFilter
18:46:25.0048 4064	TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:46:27.0061 4064	============================================================
18:46:27.0061 4064	Current date / time: 2012/07/30 18:46:27.0061
18:46:27.0061 4064	SystemInfo:
18:46:27.0061 4064	
18:46:27.0061 4064	OS Version: 6.1.7601 ServicePack: 1.0
18:46:27.0061 4064	Product type: Workstation
18:46:27.0061 4064	ComputerName: KNOBELBECHER
18:46:27.0061 4064	UserName: Wir Zuhause
18:46:27.0061 4064	Windows directory: C:\Windows
18:46:27.0061 4064	System windows directory: C:\Windows
18:46:27.0061 4064	Running under WOW64
18:46:27.0061 4064	Processor architecture: Intel x64
18:46:27.0061 4064	Number of processors: 2
18:46:27.0061 4064	Page size: 0x1000
18:46:27.0061 4064	Boot type: Normal boot
18:46:27.0061 4064	============================================================
18:46:28.0746 4064	Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:46:28.0746 4064	============================================================
18:46:28.0746 4064	\Device\Harddisk0\DR0:
18:46:28.0746 4064	MBR partitions:
18:46:28.0746 4064	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:46:28.0746 4064	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x257CE000
18:46:28.0746 4064	\Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x25800800, BlocksNum 0x4EF05800
18:46:28.0746 4064	============================================================
18:46:28.0761 4064	C: <-> \Device\Harddisk0\DR0\Partition1
18:46:28.0824 4064	D: <-> \Device\Harddisk0\DR0\Partition2
18:46:28.0824 4064	============================================================
18:46:28.0824 4064	Initialize success
18:46:28.0824 4064	============================================================
18:48:41.0954 2836	============================================================
18:48:41.0954 2836	Scan started
18:48:41.0954 2836	Mode: Manual; 
18:48:41.0954 2836	============================================================
18:48:43.0218 2836	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:48:43.0234 2836	1394ohci - ok
18:48:43.0327 2836	ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
18:48:43.0358 2836	ACDaemon - ok
18:48:43.0390 2836	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:48:43.0390 2836	ACPI - ok
18:48:43.0405 2836	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:48:43.0405 2836	AcpiPmi - ok
18:48:43.0452 2836	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:48:43.0468 2836	AdobeARMservice - ok
18:48:43.0530 2836	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:48:43.0546 2836	adp94xx - ok
18:48:43.0577 2836	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:48:43.0608 2836	adpahci - ok
18:48:43.0624 2836	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:48:43.0624 2836	adpu320 - ok
18:48:43.0639 2836	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:48:43.0655 2836	AeLookupSvc - ok
18:48:43.0717 2836	Afc             (6ccd1135320109d6b219f1a6e04ad9f6) C:\Windows\syswow64\drivers\Afc.sys
18:48:43.0733 2836	Afc - ok
18:48:43.0780 2836	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:48:43.0811 2836	AFD - ok
18:48:43.0842 2836	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:48:43.0842 2836	agp440 - ok
18:48:43.0858 2836	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:48:43.0858 2836	ALG - ok
18:48:43.0873 2836	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:48:43.0873 2836	aliide - ok
18:48:43.0889 2836	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:48:43.0889 2836	amdide - ok
18:48:43.0904 2836	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:48:43.0904 2836	AmdK8 - ok
18:48:43.0936 2836	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:48:43.0936 2836	AmdPPM - ok
18:48:43.0967 2836	amdsata         (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
18:48:43.0967 2836	amdsata - ok
18:48:43.0982 2836	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:48:43.0998 2836	amdsbs - ok
18:48:43.0998 2836	amdxata         (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
18:48:43.0998 2836	amdxata - ok
18:48:44.0076 2836	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:48:44.0092 2836	AntiVirSchedulerService - ok
18:48:44.0107 2836	Scan interrupted by user!
18:48:44.0107 2836	Scan interrupted by user!
18:48:44.0107 2836	Scan interrupted by user!
18:48:44.0107 2836	============================================================
18:48:44.0107 2836	Scan finished
18:48:44.0107 2836	============================================================
18:48:44.0107 2840	Detected object count: 0
18:48:44.0107 2840	Actual detected object count: 0
18:48:51.0673 2512	============================================================
18:48:51.0673 2512	Scan started
18:48:51.0673 2512	Mode: Manual; SigCheck; TDLFS; 
18:48:51.0673 2512	============================================================
18:48:51.0767 2512	1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:48:51.0954 2512	1394ohci - ok
18:48:52.0016 2512	ACDaemon        (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
18:48:52.0094 2512	ACDaemon - ok
18:48:52.0110 2512	ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:48:52.0126 2512	ACPI - ok
18:48:52.0126 2512	AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:48:52.0204 2512	AcpiPmi - ok
18:48:52.0250 2512	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:48:52.0266 2512	AdobeARMservice - ok
18:48:52.0282 2512	adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:48:52.0313 2512	adp94xx - ok
18:48:52.0328 2512	adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:48:52.0344 2512	adpahci - ok
18:48:52.0360 2512	adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:48:52.0375 2512	adpu320 - ok
18:48:52.0391 2512	AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:48:52.0531 2512	AeLookupSvc - ok
18:48:52.0578 2512	Afc             (6ccd1135320109d6b219f1a6e04ad9f6) C:\Windows\syswow64\drivers\Afc.sys
18:48:52.0609 2512	Afc - ok
18:48:52.0640 2512	AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:48:52.0703 2512	AFD - ok
18:48:52.0718 2512	agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:48:52.0734 2512	agp440 - ok
18:48:52.0750 2512	ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:48:52.0812 2512	ALG - ok
18:48:52.0828 2512	aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:48:52.0859 2512	aliide - ok
18:48:52.0874 2512	amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:48:52.0874 2512	amdide - ok
18:48:52.0890 2512	AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:48:52.0921 2512	AmdK8 - ok
18:48:52.0937 2512	AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:48:52.0968 2512	AmdPPM - ok
18:48:52.0999 2512	amdsata         (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
18:48:53.0015 2512	amdsata - ok
18:48:53.0015 2512	amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:48:53.0030 2512	amdsbs - ok
18:48:53.0046 2512	amdxata         (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
18:48:53.0046 2512	amdxata - ok
18:48:53.0108 2512	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:48:53.0140 2512	AntiVirSchedulerService - ok
18:48:53.0155 2512	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:48:53.0186 2512	AntiVirService - ok
18:48:53.0218 2512	AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:48:53.0264 2512	AppID - ok
18:48:53.0280 2512	AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:48:53.0342 2512	AppIDSvc - ok
18:48:53.0374 2512	Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:48:53.0389 2512	Appinfo - ok
18:48:53.0405 2512	arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:48:53.0420 2512	arc - ok
18:48:53.0436 2512	arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:48:53.0452 2512	arcsas - ok
18:48:53.0467 2512	AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:48:53.0561 2512	AsyncMac - ok
18:48:53.0576 2512	atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:48:53.0592 2512	atapi - ok
18:48:53.0623 2512	AtiPcie         (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
18:48:53.0639 2512	AtiPcie - ok
18:48:53.0686 2512	AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:48:53.0732 2512	AudioEndpointBuilder - ok
18:48:53.0732 2512	AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:48:53.0764 2512	AudioSrv - ok
18:48:53.0795 2512	avgntflt        (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
18:48:53.0810 2512	avgntflt - ok
18:48:53.0826 2512	avipbb          (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
18:48:53.0842 2512	avipbb - ok
18:48:53.0842 2512	avkmgr          (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
18:48:53.0857 2512	avkmgr - ok
18:48:53.0888 2512	AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:48:53.0982 2512	AxInstSV - ok
18:48:54.0013 2512	b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:48:54.0076 2512	b06bdrv - ok
18:48:54.0107 2512	b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:48:54.0138 2512	b57nd60a - ok
18:48:54.0185 2512	BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:48:54.0263 2512	BDESVC - ok
18:48:54.0278 2512	Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:48:54.0356 2512	Beep - ok
18:48:54.0419 2512	BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:48:54.0466 2512	BFE - ok
18:48:54.0512 2512	BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
18:48:54.0559 2512	BITS - ok
18:48:54.0590 2512	blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:48:54.0622 2512	blbdrive - ok
18:48:54.0637 2512	bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:48:54.0684 2512	bowser - ok
18:48:54.0700 2512	BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:48:54.0778 2512	BrFiltLo - ok
18:48:54.0793 2512	BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:48:54.0809 2512	BrFiltUp - ok
18:48:54.0840 2512	Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:48:54.0918 2512	Browser - ok
18:48:54.0949 2512	Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:48:55.0027 2512	Brserid - ok
18:48:55.0043 2512	BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:48:55.0074 2512	BrSerWdm - ok
18:48:55.0090 2512	BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:48:55.0121 2512	BrUsbMdm - ok
18:48:55.0121 2512	BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:48:55.0136 2512	BrUsbSer - ok
18:48:55.0152 2512	BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:48:55.0183 2512	BTHMODEM - ok
18:48:55.0214 2512	bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:48:55.0277 2512	bthserv - ok
18:48:55.0292 2512	cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:48:55.0370 2512	cdfs - ok
18:48:55.0402 2512	cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:48:55.0448 2512	cdrom - ok
18:48:55.0464 2512	CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:48:55.0526 2512	CertPropSvc - ok
18:48:55.0526 2512	circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:48:55.0542 2512	circlass - ok
18:48:55.0558 2512	CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:48:55.0573 2512	CLFS - ok
18:48:55.0620 2512	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:48:55.0636 2512	clr_optimization_v2.0.50727_32 - ok
18:48:55.0667 2512	clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:48:55.0682 2512	clr_optimization_v2.0.50727_64 - ok
18:48:55.0698 2512	CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:48:55.0729 2512	CmBatt - ok
18:48:55.0745 2512	cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:48:55.0745 2512	cmdide - ok
18:48:55.0776 2512	CNG             (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
18:48:55.0807 2512	CNG - ok
18:48:55.0807 2512	Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:48:55.0823 2512	Compbatt - ok
18:48:55.0838 2512	CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:48:55.0870 2512	CompositeBus - ok
18:48:55.0870 2512	COMSysApp - ok
18:48:55.0885 2512	crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:48:55.0885 2512	crcdisk - ok
18:48:55.0916 2512	CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
18:48:55.0963 2512	CryptSvc - ok
18:48:55.0994 2512	DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:48:56.0026 2512	DcomLaunch - ok
18:48:56.0057 2512	defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:48:56.0104 2512	defragsvc - ok
18:48:56.0135 2512	DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:48:56.0182 2512	DfsC - ok
18:48:56.0197 2512	Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:48:56.0244 2512	Dhcp - ok
18:48:56.0244 2512	discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:48:56.0291 2512	discache - ok
18:48:56.0322 2512	Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:48:56.0322 2512	Disk - ok
18:48:56.0353 2512	Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:48:56.0416 2512	Dnscache - ok
18:48:56.0447 2512	dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:48:56.0494 2512	dot3svc - ok
18:48:56.0525 2512	DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:48:56.0556 2512	DPS - ok
18:48:56.0603 2512	drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:48:56.0634 2512	drmkaud - ok
18:48:56.0681 2512	DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:48:56.0712 2512	DXGKrnl - ok
18:48:56.0743 2512	EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:48:56.0759 2512	EapHost - ok
18:48:56.0852 2512	ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:48:56.0915 2512	ebdrv - ok
18:48:56.0977 2512	EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:48:57.0024 2512	EFS - ok
18:48:57.0086 2512	ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:48:57.0133 2512	ehRecvr - ok
18:48:57.0149 2512	ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:48:57.0196 2512	ehSched - ok
18:48:57.0242 2512	elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:48:57.0289 2512	elxstor - ok
18:48:57.0305 2512	ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:48:57.0336 2512	ErrDev - ok
18:48:57.0352 2512	EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:48:57.0398 2512	EventSystem - ok
18:48:57.0414 2512	exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:48:57.0445 2512	exfat - ok
18:48:57.0461 2512	fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:48:57.0492 2512	fastfat - ok
18:48:57.0554 2512	Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:48:57.0586 2512	Fax - ok
18:48:57.0586 2512	fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:48:57.0601 2512	fdc - ok
18:48:57.0617 2512	fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:48:57.0679 2512	fdPHost - ok
18:48:57.0695 2512	FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:48:57.0726 2512	FDResPub - ok
18:48:57.0742 2512	FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:48:57.0757 2512	FileInfo - ok
18:48:57.0773 2512	Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:48:57.0820 2512	Filetrace - ok
18:48:57.0820 2512	flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:48:57.0820 2512	flpydisk - ok
18:48:57.0851 2512	FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:48:57.0851 2512	FltMgr - ok
18:48:57.0898 2512	FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:48:57.0944 2512	FontCache - ok
18:48:58.0022 2512	FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:48:58.0038 2512	FontCache3.0.0.0 - ok
18:48:58.0054 2512	FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:48:58.0069 2512	FsDepends - ok
18:48:58.0100 2512	Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:48:58.0116 2512	Fs_Rec - ok
18:48:58.0147 2512	fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:48:58.0163 2512	fvevol - ok
18:48:58.0178 2512	gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:48:58.0194 2512	gagp30kx - ok
18:48:58.0210 2512	GMSIPCI - ok
18:48:58.0241 2512	gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:48:58.0303 2512	gpsvc - ok
18:48:58.0397 2512	gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:48:58.0412 2512	gupdate - ok
18:48:58.0428 2512	gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:48:58.0444 2512	gupdatem - ok
18:48:58.0444 2512	hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:48:58.0475 2512	hcw85cir - ok
18:48:58.0506 2512	HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:48:58.0537 2512	HdAudAddService - ok
18:48:58.0553 2512	HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:48:58.0584 2512	HDAudBus - ok
18:48:58.0600 2512	HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:48:58.0631 2512	HidBatt - ok
18:48:58.0646 2512	HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:48:58.0662 2512	HidBth - ok
18:48:58.0662 2512	HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:48:58.0693 2512	HidIr - ok
18:48:58.0724 2512	hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
18:48:58.0756 2512	hidserv - ok
18:48:58.0771 2512	HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:48:58.0787 2512	HidUsb - ok
18:48:58.0818 2512	hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:48:58.0880 2512	hkmsvc - ok
18:48:58.0896 2512	HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:48:58.0943 2512	HomeGroupListener - ok
18:48:58.0958 2512	HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:48:58.0990 2512	HomeGroupProvider - ok
18:48:59.0005 2512	HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:48:59.0021 2512	HpSAMD - ok
18:48:59.0068 2512	HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:48:59.0114 2512	HTTP - ok
18:48:59.0130 2512	hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:48:59.0130 2512	hwpolicy - ok
18:48:59.0161 2512	i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:48:59.0177 2512	i8042prt - ok
18:48:59.0208 2512	iaStorV         (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
18:48:59.0224 2512	iaStorV - ok
18:48:59.0333 2512	idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:48:59.0380 2512	idsvc - ok
18:48:59.0395 2512	iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:48:59.0411 2512	iirsp - ok
18:48:59.0426 2512	IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:48:59.0489 2512	IKEEXT - ok
18:48:59.0567 2512	IntcAzAudAddService (f5872a11eb4f6db170d636cd4e53ca9f) C:\Windows\system32\drivers\RTKVHD64.sys
18:48:59.0598 2512	IntcAzAudAddService - ok
18:48:59.0676 2512	intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:48:59.0707 2512	intelide - ok
18:48:59.0723 2512	intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:48:59.0738 2512	intelppm - ok
18:48:59.0754 2512	IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:48:59.0801 2512	IPBusEnum - ok
18:48:59.0832 2512	IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:48:59.0879 2512	IpFilterDriver - ok
18:48:59.0926 2512	iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:48:59.0957 2512	iphlpsvc - ok
18:48:59.0972 2512	IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:48:59.0988 2512	IPMIDRV - ok
18:49:00.0004 2512	IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:49:00.0050 2512	IPNAT - ok
18:49:00.0082 2512	IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:49:00.0175 2512	IRENUM - ok
18:49:00.0191 2512	isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:49:00.0206 2512	isapnp - ok
18:49:00.0222 2512	iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:49:00.0253 2512	iScsiPrt - ok
18:49:00.0269 2512	kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:49:00.0269 2512	kbdclass - ok
18:49:00.0300 2512	kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:49:00.0331 2512	kbdhid - ok
18:49:00.0362 2512	KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:49:00.0394 2512	KeyIso - ok
18:49:00.0409 2512	KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
18:49:00.0425 2512	KSecDD - ok
18:49:00.0440 2512	KSecPkg         (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
18:49:00.0456 2512	KSecPkg - ok
18:49:00.0456 2512	ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:49:00.0503 2512	ksthunk - ok
18:49:00.0518 2512	KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:49:00.0565 2512	KtmRm - ok
18:49:00.0612 2512	LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
18:49:00.0706 2512	LanmanServer - ok
18:49:00.0721 2512	LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:49:00.0784 2512	LanmanWorkstation - ok
18:49:00.0815 2512	lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:49:00.0862 2512	lltdio - ok
18:49:00.0893 2512	lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:49:00.0924 2512	lltdsvc - ok
18:49:00.0924 2512	lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:49:00.0955 2512	lmhosts - ok
18:49:00.0971 2512	LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:49:00.0986 2512	LSI_FC - ok
18:49:01.0002 2512	LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:49:01.0018 2512	LSI_SAS - ok
18:49:01.0018 2512	LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:49:01.0033 2512	LSI_SAS2 - ok
18:49:01.0049 2512	LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:49:01.0049 2512	LSI_SCSI - ok
18:49:01.0064 2512	luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:49:01.0111 2512	luafv - ok
18:49:01.0127 2512	Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:49:01.0189 2512	Mcx2Svc - ok
18:49:01.0205 2512	megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:49:01.0220 2512	megasas - ok
18:49:01.0236 2512	MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:49:01.0267 2512	MegaSR - ok
18:49:01.0283 2512	MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:49:01.0314 2512	MMCSS - ok
18:49:01.0345 2512	Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:49:01.0376 2512	Modem - ok
18:49:01.0408 2512	monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:49:01.0439 2512	monitor - ok
18:49:01.0470 2512	mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:49:01.0517 2512	mouclass - ok
18:49:01.0517 2512	mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:49:01.0548 2512	mouhid - ok
18:49:01.0564 2512	mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:49:01.0579 2512	mountmgr - ok
18:49:01.0673 2512	MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:49:01.0720 2512	MozillaMaintenance - ok
18:49:01.0735 2512	mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:49:01.0766 2512	mpio - ok
18:49:01.0782 2512	mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:49:01.0813 2512	mpsdrv - ok
18:49:01.0860 2512	MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:49:01.0907 2512	MpsSvc - ok
18:49:01.0922 2512	MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:49:01.0954 2512	MRxDAV - ok
18:49:01.0985 2512	mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:49:02.0032 2512	mrxsmb - ok
18:49:02.0063 2512	mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:49:02.0078 2512	mrxsmb10 - ok
18:49:02.0110 2512	mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:49:02.0125 2512	mrxsmb20 - ok
18:49:02.0141 2512	msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:49:02.0156 2512	msahci - ok
18:49:02.0172 2512	msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:49:02.0188 2512	msdsm - ok
18:49:02.0219 2512	MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:49:02.0234 2512	MSDTC - ok
18:49:02.0250 2512	Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:49:02.0281 2512	Msfs - ok
18:49:02.0297 2512	mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:49:02.0328 2512	mshidkmdf - ok
18:49:02.0344 2512	MSICDSetup - ok
18:49:02.0375 2512	msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:49:02.0390 2512	msisadrv - ok
18:49:02.0406 2512	MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:49:02.0437 2512	MSiSCSI - ok
18:49:02.0453 2512	msiserver - ok
18:49:02.0468 2512	MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:49:02.0546 2512	MSKSSRV - ok
18:49:02.0562 2512	MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:49:02.0609 2512	MSPCLOCK - ok
18:49:02.0609 2512	MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:49:02.0671 2512	MSPQM - ok
18:49:02.0702 2512	MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:49:02.0734 2512	MsRPC - ok
18:49:02.0749 2512	mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:49:02.0765 2512	mssmbios - ok
18:49:02.0765 2512	MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:49:02.0812 2512	MSTEE - ok
18:49:02.0827 2512	MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:49:02.0843 2512	MTConfig - ok
18:49:02.0858 2512	Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:49:02.0858 2512	Mup - ok
18:49:02.0890 2512	napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:49:02.0936 2512	napagent - ok
18:49:02.0968 2512	NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:49:02.0999 2512	NativeWifiP - ok
18:49:03.0061 2512	NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:49:03.0092 2512	NDIS - ok
18:49:03.0092 2512	NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:49:03.0124 2512	NdisCap - ok
18:49:03.0155 2512	NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:49:03.0186 2512	NdisTapi - ok
18:49:03.0217 2512	Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:49:03.0248 2512	Ndisuio - ok
18:49:03.0264 2512	NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:49:03.0311 2512	NdisWan - ok
18:49:03.0311 2512	NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:49:03.0342 2512	NDProxy - ok
18:49:03.0482 2512	Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
18:49:03.0498 2512	Nero BackItUp Scheduler 4.0 - ok
18:49:03.0514 2512	NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:49:03.0545 2512	NetBIOS - ok
18:49:03.0560 2512	NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:49:03.0592 2512	NetBT - ok
18:49:03.0607 2512	Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:49:03.0623 2512	Netlogon - ok
18:49:03.0654 2512	Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:49:03.0685 2512	Netman - ok
18:49:03.0716 2512	netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:49:03.0748 2512	netprofm - ok
18:49:03.0826 2512	NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:49:03.0857 2512	NetTcpPortSharing - ok
18:49:03.0872 2512	nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:49:03.0872 2512	nfrd960 - ok
18:49:03.0904 2512	NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:49:03.0950 2512	NlaSvc - ok
18:49:03.0950 2512	Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:49:03.0982 2512	Npfs - ok
18:49:03.0997 2512	nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:49:04.0044 2512	nsi - ok
18:49:04.0044 2512	nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:49:04.0091 2512	nsiproxy - ok
18:49:04.0153 2512	Ntfs            (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
18:49:04.0184 2512	Ntfs - ok
18:49:04.0247 2512	Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:49:04.0278 2512	Null - ok
18:49:04.0309 2512	nusb3hub        (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
18:49:04.0325 2512	nusb3hub - ok
18:49:04.0340 2512	nusb3xhc        (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:49:04.0356 2512	nusb3xhc - ok
18:49:04.0387 2512	NVHDA           (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
18:49:04.0418 2512	NVHDA - ok
18:49:04.0746 2512	nvlddmkm        (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:49:04.0902 2512	nvlddmkm - ok
18:49:04.0996 2512	nvraid          (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
18:49:05.0027 2512	nvraid - ok
18:49:05.0042 2512	nvstor          (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
18:49:05.0074 2512	nvstor - ok
18:49:05.0136 2512	nvsvc           (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
18:49:05.0152 2512	nvsvc - ok
18:49:05.0276 2512	nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:49:05.0308 2512	nvUpdatusService - ok
18:49:05.0339 2512	nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:49:05.0354 2512	nv_agp - ok
18:49:05.0370 2512	ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:49:05.0401 2512	ohci1394 - ok
18:49:05.0432 2512	p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:49:05.0464 2512	p2pimsvc - ok
18:49:05.0479 2512	p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:49:05.0495 2512	p2psvc - ok
18:49:05.0526 2512	Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:49:05.0526 2512	Parport - ok
18:49:05.0557 2512	partmgr         (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:49:05.0573 2512	partmgr - ok
18:49:05.0588 2512	PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:49:05.0604 2512	PcaSvc - ok
18:49:05.0620 2512	pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:49:05.0635 2512	pci - ok
18:49:05.0651 2512	pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:49:05.0651 2512	pciide - ok
18:49:05.0666 2512	pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:49:05.0682 2512	pcmcia - ok
18:49:05.0698 2512	pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:49:05.0713 2512	pcw - ok
18:49:05.0729 2512	PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:49:05.0791 2512	PEAUTH - ok
18:49:05.0838 2512	PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:49:05.0932 2512	PerfHost - ok
18:49:06.0010 2512	pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:49:06.0072 2512	pla - ok
18:49:06.0103 2512	PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:49:06.0119 2512	PlugPlay - ok
18:49:06.0134 2512	PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:49:06.0150 2512	PNRPAutoReg - ok
18:49:06.0166 2512	PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:49:06.0181 2512	PNRPsvc - ok
18:49:06.0197 2512	PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:49:06.0244 2512	PolicyAgent - ok
18:49:06.0275 2512	Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:49:06.0306 2512	Power - ok
18:49:06.0368 2512	PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:49:06.0446 2512	PptpMiniport - ok
18:49:06.0462 2512	Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:49:06.0478 2512	Processor - ok
18:49:06.0509 2512	ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
18:49:06.0540 2512	ProfSvc - ok
18:49:06.0571 2512	ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:49:06.0571 2512	ProtectedStorage - ok
18:49:06.0602 2512	Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:49:06.0634 2512	Psched - ok
18:49:06.0680 2512	ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:49:06.0712 2512	ql2300 - ok
18:49:06.0758 2512	ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:49:06.0774 2512	ql40xx - ok
18:49:06.0805 2512	QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:49:06.0821 2512	QWAVE - ok
18:49:06.0836 2512	QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:49:06.0852 2512	QWAVEdrv - ok
18:49:06.0868 2512	RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:49:06.0914 2512	RasAcd - ok
18:49:06.0930 2512	RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:49:06.0961 2512	RasAgileVpn - ok
18:49:06.0977 2512	RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:49:06.0992 2512	RasAuto - ok
18:49:07.0024 2512	Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:49:07.0070 2512	Rasl2tp - ok
18:49:07.0102 2512	RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:49:07.0148 2512	RasMan - ok
18:49:07.0164 2512	RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:49:07.0195 2512	RasPppoe - ok
18:49:07.0226 2512	RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:49:07.0289 2512	RasSstp - ok
18:49:07.0320 2512	rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:49:07.0351 2512	rdbss - ok
18:49:07.0367 2512	rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:49:07.0414 2512	rdpbus - ok
18:49:07.0414 2512	RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:49:07.0460 2512	RDPCDD - ok
18:49:07.0476 2512	RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:49:07.0523 2512	RDPENCDD - ok
18:49:07.0523 2512	RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:49:07.0538 2512	RDPREFMP - ok
18:49:07.0570 2512	RDPWD           (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
18:49:07.0601 2512	RDPWD - ok
18:49:07.0632 2512	rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:49:07.0648 2512	rdyboost - ok
18:49:07.0679 2512	RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:49:07.0726 2512	RemoteAccess - ok
18:49:07.0741 2512	RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:49:07.0788 2512	RemoteRegistry - ok
18:49:07.0788 2512	RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:49:07.0835 2512	RpcEptMapper - ok
18:49:07.0850 2512	RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:49:07.0882 2512	RpcLocator - ok
18:49:07.0913 2512	RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:49:07.0944 2512	RpcSs - ok
18:49:07.0975 2512	rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:49:08.0038 2512	rspndr - ok
18:49:08.0084 2512	RTL8167         (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:49:08.0131 2512	RTL8167 - ok
18:49:08.0162 2512	SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:49:08.0178 2512	SamSs - ok
18:49:08.0194 2512	sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:49:08.0209 2512	sbp2port - ok
18:49:08.0209 2512	SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:49:08.0256 2512	SCardSvr - ok
18:49:08.0272 2512	scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:49:08.0303 2512	scfilter - ok
18:49:08.0350 2512	Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:49:08.0396 2512	Schedule - ok
18:49:08.0412 2512	SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:49:08.0443 2512	SCPolicySvc - ok
18:49:08.0459 2512	SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:49:08.0506 2512	SDRSVC - ok
18:49:08.0537 2512	secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:49:08.0552 2512	secdrv - ok
18:49:08.0584 2512	seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:49:08.0615 2512	seclogon - ok
18:49:08.0630 2512	SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:49:08.0662 2512	SENS - ok
18:49:08.0677 2512	SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:49:08.0708 2512	SensrSvc - ok
18:49:08.0724 2512	Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:49:08.0724 2512	Serenum - ok
18:49:08.0740 2512	Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:49:08.0755 2512	Serial - ok
18:49:08.0786 2512	sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:49:08.0786 2512	sermouse - ok
18:49:08.0818 2512	SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:49:08.0864 2512	SessionEnv - ok
18:49:08.0880 2512	sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:49:08.0927 2512	sffdisk - ok
18:49:08.0942 2512	sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:49:08.0958 2512	sffp_mmc - ok
18:49:08.0958 2512	sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:49:08.0974 2512	sffp_sd - ok
18:49:08.0989 2512	sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:49:09.0005 2512	sfloppy - ok
18:49:09.0036 2512	SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:49:09.0067 2512	SharedAccess - ok
18:49:09.0098 2512	ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:49:09.0130 2512	ShellHWDetection - ok
18:49:09.0145 2512	SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:49:09.0145 2512	SiSRaid2 - ok
18:49:09.0161 2512	SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:49:09.0176 2512	SiSRaid4 - ok
18:49:09.0192 2512	Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:49:09.0270 2512	Smb - ok
18:49:09.0301 2512	SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:49:09.0317 2512	SNMPTRAP - ok
18:49:09.0348 2512	spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:49:09.0348 2512	spldr - ok
18:49:09.0379 2512	Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:49:09.0426 2512	Spooler - ok
18:49:09.0520 2512	sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:49:09.0582 2512	sppsvc - ok
18:49:09.0644 2512	sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:49:09.0722 2512	sppuinotify - ok
18:49:09.0769 2512	srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:49:09.0816 2512	srv - ok
18:49:09.0832 2512	srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:49:09.0863 2512	srv2 - ok
18:49:09.0878 2512	srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:49:09.0910 2512	srvnet - ok
18:49:09.0941 2512	SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:49:09.0972 2512	SSDPSRV - ok
18:49:09.0988 2512	SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:49:10.0019 2512	SstpSvc - ok
18:49:10.0097 2512	Stereo Service  (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:49:10.0128 2512	Stereo Service - ok
18:49:10.0144 2512	stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:49:10.0159 2512	stexstor - ok
18:49:10.0190 2512	stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:49:10.0237 2512	stisvc - ok
18:49:10.0268 2512	swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:49:10.0268 2512	swenum - ok
18:49:10.0315 2512	swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:49:10.0362 2512	swprv - ok
18:49:10.0424 2512	SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:49:10.0471 2512	SysMain - ok
18:49:10.0549 2512	TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:49:10.0612 2512	TabletInputService - ok
18:49:10.0643 2512	TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:49:10.0690 2512	TapiSrv - ok
18:49:10.0705 2512	TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:49:10.0768 2512	TBS - ok
18:49:10.0877 2512	Tcpip           (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:49:10.0924 2512	Tcpip - ok
18:49:10.0986 2512	TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:49:11.0017 2512	TCPIP6 - ok
18:49:11.0064 2512	tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:49:11.0095 2512	tcpipreg - ok
18:49:11.0111 2512	TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:49:11.0126 2512	TDPIPE - ok
18:49:11.0158 2512	TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:49:11.0189 2512	TDTCP - ok
18:49:11.0220 2512	tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:49:11.0251 2512	tdx - ok
18:49:11.0267 2512	TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:49:11.0282 2512	TermDD - ok
18:49:11.0314 2512	TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:49:11.0360 2512	TermService - ok
18:49:11.0360 2512	Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:49:11.0392 2512	Themes - ok
18:49:11.0423 2512	THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:49:11.0438 2512	THREADORDER - ok
18:49:11.0470 2512	TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:49:11.0501 2512	TrkWks - ok
18:49:11.0548 2512	TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:49:11.0610 2512	TrustedInstaller - ok
18:49:11.0626 2512	tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:49:11.0657 2512	tssecsrv - ok
18:49:11.0704 2512	TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:49:11.0766 2512	TsUsbFlt - ok
18:49:11.0813 2512	tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:49:11.0891 2512	tunnel - ok
18:49:11.0922 2512	uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:49:11.0938 2512	uagp35 - ok
18:49:11.0969 2512	udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:49:12.0016 2512	udfs - ok
18:49:12.0031 2512	UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:49:12.0062 2512	UI0Detect - ok
18:49:12.0078 2512	uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:49:12.0094 2512	uliagpkx - ok
18:49:12.0125 2512	umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:49:12.0156 2512	umbus - ok
18:49:12.0172 2512	UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:49:12.0187 2512	UmPass - ok
18:49:12.0218 2512	upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:49:12.0265 2512	upnphost - ok
18:49:12.0296 2512	usbccgp         (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
18:49:12.0328 2512	usbccgp - ok
18:49:12.0359 2512	usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:49:12.0374 2512	usbcir - ok
18:49:12.0390 2512	usbehci         (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
18:49:12.0406 2512	usbehci - ok
18:49:12.0437 2512	usbhub          (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
18:49:12.0468 2512	usbhub - ok
18:49:12.0484 2512	usbohci         (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
18:49:12.0499 2512	usbohci - ok
18:49:12.0499 2512	usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:49:12.0530 2512	usbprint - ok
18:49:12.0562 2512	usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:49:12.0562 2512	usbscan - ok
18:49:12.0577 2512	USBSTOR         (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:49:12.0608 2512	USBSTOR - ok
18:49:12.0624 2512	usbuhci         (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:49:12.0640 2512	usbuhci - ok
18:49:12.0671 2512	usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
18:49:12.0702 2512	usbvideo - ok
18:49:12.0733 2512	UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:49:12.0764 2512	UxSms - ok
18:49:12.0780 2512	VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:49:12.0796 2512	VaultSvc - ok
18:49:12.0811 2512	vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:49:12.0811 2512	vdrvroot - ok
18:49:12.0858 2512	vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:49:12.0920 2512	vds - ok
18:49:12.0952 2512	vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:49:12.0967 2512	vga - ok
18:49:12.0967 2512	VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:49:13.0014 2512	VgaSave - ok
18:49:13.0030 2512	vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:49:13.0045 2512	vhdmp - ok
18:49:13.0061 2512	viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:49:13.0061 2512	viaide - ok
18:49:13.0076 2512	volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:49:13.0092 2512	volmgr - ok
18:49:13.0123 2512	volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:49:13.0154 2512	volmgrx - ok
18:49:13.0170 2512	volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:49:13.0186 2512	volsnap - ok
18:49:13.0201 2512	vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:49:13.0201 2512	vsmraid - ok
18:49:13.0264 2512	VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:49:13.0326 2512	VSS - ok
18:49:13.0404 2512	vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:49:13.0435 2512	vwifibus - ok
18:49:13.0466 2512	W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:49:13.0513 2512	W32Time - ok
18:49:13.0529 2512	WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:49:13.0544 2512	WacomPen - ok
18:49:13.0576 2512	WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:49:13.0622 2512	WANARP - ok
18:49:13.0622 2512	Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:49:13.0638 2512	Wanarpv6 - ok
18:49:13.0685 2512	wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:49:13.0747 2512	wbengine - ok
18:49:13.0778 2512	WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:49:13.0794 2512	WbioSrvc - ok
18:49:13.0825 2512	wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:49:13.0841 2512	wcncsvc - ok
18:49:13.0856 2512	WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:49:13.0888 2512	WcsPlugInService - ok
18:49:13.0888 2512	Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:49:13.0903 2512	Wd - ok
18:49:13.0934 2512	Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:49:13.0950 2512	Wdf01000 - ok
18:49:13.0966 2512	WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:49:14.0059 2512	WdiServiceHost - ok
18:49:14.0059 2512	WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:49:14.0090 2512	WdiSystemHost - ok
18:49:14.0106 2512	WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:49:14.0122 2512	WebClient - ok
18:49:14.0137 2512	Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:49:14.0184 2512	Wecsvc - ok
18:49:14.0200 2512	wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:49:14.0246 2512	wercplsupport - ok
18:49:14.0278 2512	WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:49:14.0309 2512	WerSvc - ok
18:49:14.0340 2512	WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:49:14.0356 2512	WfpLwf - ok
18:49:14.0371 2512	WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:49:14.0387 2512	WIMMount - ok
18:49:14.0402 2512	WinDefend - ok
18:49:14.0418 2512	WinHttpAutoProxySvc - ok
18:49:14.0449 2512	Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:49:14.0480 2512	Winmgmt - ok
18:49:14.0543 2512	WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:49:14.0590 2512	WinRM - ok
18:49:14.0699 2512	WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:49:14.0746 2512	WinUsb - ok
18:49:14.0792 2512	Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:49:14.0839 2512	Wlansvc - ok
18:49:14.0855 2512	WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:49:14.0870 2512	WmiAcpi - ok
18:49:14.0886 2512	wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:49:14.0917 2512	wmiApSrv - ok
18:49:14.0933 2512	WMPNetworkSvc - ok
18:49:14.0933 2512	WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:49:14.0964 2512	WPCSvc - ok
18:49:14.0980 2512	WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:49:14.0995 2512	WPDBusEnum - ok
18:49:15.0026 2512	ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:49:15.0089 2512	ws2ifsl - ok
18:49:15.0104 2512	wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
18:49:15.0167 2512	wscsvc - ok
18:49:15.0167 2512	WSearch - ok
18:49:15.0260 2512	wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
18:49:15.0292 2512	wuauserv - ok
18:49:15.0338 2512	WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:49:15.0370 2512	WudfPf - ok
18:49:15.0416 2512	WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:49:15.0448 2512	WUDFRd - ok
18:49:15.0463 2512	wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:49:15.0494 2512	wudfsvc - ok
18:49:15.0526 2512	WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:49:15.0541 2512	WwanSvc - ok
18:49:15.0557 2512	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:49:15.0728 2512	\Device\Harddisk0\DR0 - ok
18:49:15.0728 2512	Boot (0x1200)   (7aa8e1c6bc6b3e0f0397fbfa196808af) \Device\Harddisk0\DR0\Partition0
18:49:15.0728 2512	\Device\Harddisk0\DR0\Partition0 - ok
18:49:15.0760 2512	Boot (0x1200)   (f87845f54633b2e8d57eaed552a30701) \Device\Harddisk0\DR0\Partition1
18:49:15.0760 2512	\Device\Harddisk0\DR0\Partition1 - ok
18:49:15.0791 2512	Boot (0x1200)   (ac7a0ee493a0d40f2a01650f1471751e) \Device\Harddisk0\DR0\Partition2
18:49:15.0791 2512	\Device\Harddisk0\DR0\Partition2 - ok
18:49:15.0791 2512	============================================================
18:49:15.0791 2512	Scan finished
18:49:15.0791 2512	============================================================
18:49:15.0806 2508	Detected object count: 0
18:49:15.0806 2508	Actual detected object count: 0
18:52:18.0925 4056	Deinitialize success
         

Alt 30.07.2012, 20:31   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner - Standard

2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 05.08.2012, 17:10   #15
Knobelhannes
 
2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner - Standard

2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner



Hatte die letzten Tage recht vile zu tun, hatte zwischendurch Drobbox installiert, da ich recht große pdf.Dateien verschiken mußte...

Combofix ausgeführt.
Folgendes Log:

Code:
ATTFilter
ComboFix 12-08-05.02 - Wir Zuhause 05.08.2012  17:49:05.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4095.3073 [GMT 2:00]
ausgeführt von:: c:\users\Wir Zuhause\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1327145953.bdinstall.bin
c:\programdata\1327146115.bdinstall.bin
c:\programdata\1329824262.bdinstall.bin
c:\windows\IsUn0407.exe
D:\INSTALL.EXE
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-07-05 bis 2012-08-05  ))))))))))))))))))))))))))))))
.
.
2012-08-01 15:27 . 2012-08-02 07:51	--------	d-----r-	c:\users\Wir Zuhause\Dropbox
2012-08-01 14:35 . 2012-08-05 12:34	--------	d-----w-	c:\users\Wir Zuhause\AppData\Roaming\Dropbox
2012-07-30 08:50 . 2012-07-30 08:50	--------	d-----w-	c:\users\Wir Zuhause\AppData\Roaming\UDC Profiles
2012-07-30 08:49 . 2011-07-25 10:15	30656	----a-w-	c:\windows\system32\udcpm.dll
2012-07-30 08:49 . 2012-07-30 08:49	--------	d-----w-	c:\program files (x86)\Universal Document Converter
2012-07-27 21:02 . 2012-07-27 21:02	--------	d-----w-	C:\_OTL
2012-07-25 20:42 . 2012-07-25 20:42	--------	d-----w-	c:\program files (x86)\ESET
2012-07-14 07:48 . 2012-07-14 07:48	--------	d-----w-	c:\users\Wir Zuhause\AppData\Roaming\Malwarebytes
2012-07-14 07:48 . 2012-07-14 07:48	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-14 07:48 . 2012-07-14 07:48	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-14 07:48 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-11 19:48 . 2012-06-12 03:08	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-11 08:34 . 2012-06-06 06:06	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-07-08 23:09 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-07-08 23:09 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-07-08 23:09 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-07-08 23:09 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-07-08 23:09 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-07-08 23:09 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-07-08 23:09 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-07-08 23:09 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-07-08 23:09 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-24 17:12 . 2012-04-05 09:27	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-24 17:12 . 2011-08-26 06:44	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 19:46 . 2011-01-23 10:40	59701280	----a-w-	c:\windows\system32\MRT.exe
2012-05-15 10:48 . 2012-07-03 17:29	68928	----a-w-	c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-07-03 17:29	61248	----a-w-	c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-07-03 17:28	949056	----a-w-	c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-07-03 17:28	818496	----a-w-	c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2012-07-03 17:28	8105280	----a-w-	c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-07-03 17:28	25743168	----a-w-	c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-07-03 17:28	19607872	----a-w-	c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-07-03 17:28	10194752	----a-w-	c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2012-07-03 17:28	8139072	----a-w-	c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-07-03 17:28	5982528	----a-w-	c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-07-03 17:28	364352	----a-w-	c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-07-03 17:28	301376	----a-w-	c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-07-03 17:28	2881856	----a-w-	c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-07-03 17:28	2741568	----a-w-	c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2012-07-03 17:28	2681664	----a-w-	c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-07-03 17:28	2524992	----a-w-	c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-07-03 17:28	25248064	----a-w-	c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-07-03 17:28	246592	----a-w-	c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2012-07-03 17:28	2445120	----a-w-	c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-07-03 17:28	2368832	----a-w-	c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-07-03 17:28	202048	----a-w-	c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2012-07-03 17:28	18044224	----a-w-	c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-07-03 17:28	17551680	----a-w-	c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-07-03 17:28	1738048	----a-w-	c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-07-03 17:28	15322432	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2012-07-03 17:28	1468224	----a-w-	c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-07-03 17:28	14298944	----a-w-	c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 09:29 . 2012-07-03 17:29	889664	----a-w-	c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2012-07-03 17:29	63296	----a-w-	c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2012-07-03 17:29	2561856	----a-w-	c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2012-07-03 17:29	118080	----a-w-	c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-07-03 17:29	2621723	----a-w-	c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2012-07-03 17:29	3149632	----a-w-	c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2012-07-03 17:29	6151488	----a-w-	c:\windows\system32\nvcpl.dll
2012-05-15 00:21 . 2012-05-15 00:21	423744	----a-w-	c:\windows\SysWow64\nvStreaming.exe
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Meine Traffic"="c:\progra~2\MT\MT.EXE" [2012-01-20 1412096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-30 113120]
R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08 21:52]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08 21:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 2342800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Wir Zuhause\AppData\Roaming\Mozilla\Firefox\Profiles\g1ps9c6x.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3180283940-2608338086-1196643646-1000\Software\SecuROM\License information*]
"datasecu"=hex:ae,61,5c,c9,66,0b,d7,32,c9,fb,48,1c,0b,65,cf,e5,4e,28,a4,40,87,
   d2,dd,94,12,91,65,f0,57,dc,0f,06,39,54,1b,6b,e8,c1,81,0a,b4,e3,f9,ce,37,bd,\
"rkeysecu"=hex:bb,9f,76,9b,9d,f0,dd,96,60,d3,f0,6b,fb,f4,fb,41
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-05  17:55:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-08-05 15:55
.
Vor Suchlauf: 10 Verzeichnis(se), 242.467.049.472 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 243.344.855.040 Bytes frei
.
- - End Of File - - FCF65C088BD950F7AF710ED1C39F37AC
         
Hatte anschließend Win7 manuell selber 1x neugestartet (nach combofix-Neustart und log-Anzeige) da antivir sich nicht sofort starten ließ.

Danke Dir Arne

Hätte da noch ein paar Fragen:

1. Ist jetzt derzeit mein System sauber?

2. Ich möchte 2 Bootpartitionen haben, sozusagen einen Bootmanager am Anfang...einmal Win7 als system und einemal linux (ubuntu o.ä.) Muß ich den Rechner neuaufsetzen? Lohnt sich das? Bin ein ONU (otto-Normal-User), mit ein paar erweiteren Kenntnissen.

3. Lohnt sich die Installation eines Sandkasten für den Browser für mich?

Gruß Frank

Antwort

Themen zu 2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner
adobe, antivir, autorun, battle.net, bho, desktop, error, fehler, firefox, flash player, google, google earth, helper, heuristiks/extra, heuristiks/shuriken, home, hängen, iexplore.exe, install.exe, ip-adresse, logfile, mozilla, nvidia update, pando media booster, pdfforge toolbar, plug-in, realtek, registry, richtlinie, rundll, searchscopes, security, starten, svchost.exe, teamspeak, udp, usb 3.0, version., viren




Ähnliche Themen: 2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner


  1. Rechner/Internet langsam; u.a. Fund: JAVA/CVE-2013-0422.E
    Plagegeister aller Art und deren Bekämpfung - 09.11.2014 (11)
  2. Opera im Taskmanager 10 FACH GEÖFFNET
    Alles rund um Windows - 05.02.2014 (3)
  3. Aktive Malware in meinem System gefunden? Objekt: svchost.exe Fund: ADWARE/Eprotektor.E --> In Quarantäne --->Bluescreen
    Log-Analyse und Auswertung - 07.12.2013 (12)
  4. Malwarebytes meldet Fund und Rechner ist lahm
    Log-Analyse und Auswertung - 03.01.2013 (17)
  5. (2x) 2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner
    Mülltonne - 25.07.2012 (6)
  6. PUP.OfferBundler.ST - Fund und verlorene Admin-Rechte
    Plagegeister aller Art und deren Bekämpfung - 05.07.2012 (1)
  7. Malwarebytes Fund - PUP.OfferBundler.ST
    Log-Analyse und Auswertung - 02.06.2012 (1)
  8. Audio Player öffnet sich 'zig fach von selbst Trojaner !
    Plagegeister aller Art und deren Bekämpfung - 23.11.2011 (138)
  9. Verschiedene Probleme: Searchqu.com - CD-Fach öffnet sich selbstständig -
    Plagegeister aller Art und deren Bekämpfung - 02.11.2011 (5)
  10. ANtivir meldet Fund - Rechner langsam
    Plagegeister aller Art und deren Bekämpfung - 17.10.2011 (0)
  11. XP REchner: kann nicht erkennen, ob ich immer noch Trojaner auf meinem Rechner habe
    Plagegeister aller Art und deren Bekämpfung - 13.09.2011 (43)
  12. [FUND] TR/Kazy.mekml.1 auf meinem Laptop
    Log-Analyse und Auswertung - 29.04.2011 (29)
  13. Gozi-Fund, Rechner neu aufgesetzt, Schädling beseitigt?
    Plagegeister aller Art und deren Bekämpfung - 08.01.2011 (4)
  14. Rechner sehr langsam, Malwarebyte hat infizierte Dateien gefunden
    Log-Analyse und Auswertung - 08.06.2010 (2)
  15. Was hab ich auf meinem Rechner?
    Plagegeister aller Art und deren Bekämpfung - 15.10.2008 (2)
  16. Da ich nicht vom Fach,helft mir bittttteee
    Log-Analyse und Auswertung - 26.09.2005 (5)
  17. Was ist nur los mit meinem Rechner???
    Log-Analyse und Auswertung - 16.01.2005 (3)

Zum Thema 2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner - Hallo Community. Erstmal ein Hallo, da ich neu hier bin. (2.Thema da ich das 1 wohl falsch gepostet hatte, daher auch das möglicherweise irritierende Datum) Nach Datensicherung eines alten Laptops - 2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner...
Archiv
Du betrachtest: 2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.