| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: 2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem RechnerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.07.2012, 19:02
| #1 | ||
 |  2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner Hallo Community. Erstmal ein Hallo, da ich neu hier bin. (2.Thema da ich das 1 wohl falsch gepostet hatte, daher auch das möglicherweise irritierende Datum) Nach Datensicherung eines alten Laptops von einem Comp-Spezi und dessen Hinweis auf evtl. Viren bzw. deren Namen bin ich über Google zu Euch gestoßen. Nach Durchlesen mehrere Threads habe ich Sicherheitshalber Malwarebyte installiert und einen Fund. Das Logfile liest sich so: Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.14.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Wir Zuhause :: KNOBELBECHER [Administrator] 14.07.2012 09:49:32 mbam-log-2012-07-14 (09-49-32).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 231739 Laufzeit: 1 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Wir Zuhause\Downloads\SoftonicDownloader_fuer_hp-usb-disk-storage-format-tool.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Wir Zuhause\Downloads\SoftonicDownloader_fuer_winsetupfromusb.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Problem hab ich m.E. nach nur eins, manchmal habe ich beim Kaltstart einen Grafikbug, der aber mit meiner GraKa und deren Treiber + Win7 zusammenhängen kann. Habe ich zumindest gelesen. Jedenfalls muß sich Win7 dann neu starten und scheint einwandfrei zu funktionieren. Ich mach auch noch einen vollständigen Scan. und poste diesen hier in diesem Thema. Vielen Dank für Hiilfen und Beistand im voraus. Internet Explorer nutze ich nicht, mir zu unsicher. Ich nutze Firefox 13.0.1 mit folgenden Addons: Adblockplus 2.1.1 Browserprotect 1.1.3 Cookie-Killer 1.0.12 Dr. Web Anti -Virus Link Checker 2.7.0 Avira Vollscan und Malwarebyte Fullscan haben nach Einstellen der Quarantäne keine weiteren Befunde ergeben. Der OTL-Scan ergab folgendes: Zitat:
Zitat:
 Bin da überfordert  Vielen Vielen Dank für Hilfe Grüße |
|
25.07.2012, 13:36
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | 2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
25.07.2012, 22:00
| #3 |
| | 2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner Gruß, Vielen Dank.
__________________Die "älteren" Scans-Logs Der erste mit Fund: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.14.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Wir Zuhause :: KNOBELBECHER [Administrator] 14.07.2012 09:49:32 mbam-log-2012-07-14 (09-49-32).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 231739 Laufzeit: 1 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Wir Zuhause\Downloads\SoftonicDownloader_fuer_hp-usb-disk-storage-format-tool.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Wir Zuhause\Downloads\SoftonicDownloader_fuer_winsetupfromusb.exe (PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.14.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Wir Zuhause :: KNOBELBECHER [Administrator] 15.07.2012 10:41:17 mbam-log-2012-07-15 (10-41-17).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 450351 Laufzeit: 44 Minute(n), 24 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.14.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Wir Zuhause :: KNOBELBECHER [Administrator] 14.07.2012 11:10:56 mbam-log-2012-07-14 (11-10-56).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 450239 Laufzeit: 45 Minute(n), 28 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Und Heute? 2 Stück, So eine Sch..... Alles in Quarantäne (sind jetzt insgesamt nun mehr 4 Dateien) Anbei alle vollständigen Malwarebytes-logs: Der 1. von heute: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.25.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Wir Zuhause :: KNOBELBECHER [Administrator] 25.07.2012 19:52:24 mbam-log-2012-07-25 (19-52-24).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 426336 Laufzeit: 49 Minute(n), 5 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Program Files\canon\treiber\iP3000\setup.exe (Spyware.Zbot.OUT) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Wir Zuhause\Pictures\Treiber\treiber\iP3000\setup.exe (Spyware.Zbot.OUT) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.25.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Wir Zuhause :: KNOBELBECHER [Administrator] 25.07.2012 21:31:17 mbam-log-2012-07-25 (21-31-17).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 426536 Laufzeit: 53 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Der Eset Log G ist eine externe Festplatte, welche eine alte Sicherung meines alten IBM Laptop darstellt. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=975091bfd61df34ca9b06fae1c4dca0f
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-26 12:33:24
# local_time=2012-07-26 02:33:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 1759973 1759973 0 0
# compatibility_mode=5893 16776574 100 94 13432453 94879315 0 0
# compatibility_mode=8192 67108863 100 0 534 534 0 0
# scanned=370822
# found=20
# cleaned=0
# scan_time=13352
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.15 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9 a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Program Files (x86)\pdfforge Toolbar\IE\6.1\pdfforgeToolbarIE.dll a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Wir Zuhause\Downloads\Notebook_Starter_Kit.zip Win32/Adware.Linkular application (unable to clean) 00000000000000000000000000000000 I
C:\Users\Wir Zuhause\Downloads\PDFCreator-1_2_3_setup.exe Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
C:\Windows\Installer\57712.msi a variant of Win32/Toolbar.Widgi application (unable to clean) 00000000000000000000000000000000 I
G:\Frank IBM\Dokumente und Einstellungen\Administrator 2\Eigene Dateien\Internetprogramme\vidalia-bundle-0.2.0.31-0.1.9.exe probably a variant of Win32/TrojanDownloader.Agent.BXGACSC trojan (unable to clean) 00000000000000000000000000000000 I
${Memory} a variant of Win32/Toolbar.Widgi application 00000000000000000000000000000000 I
Zu den Malwares von heute...meine Freundin hatte freegmx nicht beendet (logout) und den Rechner die ganze Zeit on gehabt....kann da sowas passieren oder is dies nur von einer E-Mail mit Trojaner-Anhang möglich? Vielen Dank für Eure Hilfe. Der Eset Scan hat fast 4 h gedauert...wenn ich das vorher gewußt hätte... |
|
26.07.2012, 14:42
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem RechnerCode:
ATTFilter C:\Users\Wir Zuhause\Downloads\SoftonicDownloader_fuer_hp-usb-disk-storage-format-tool.exe (
Vermüllte Software von Softonic scheint gerade stark in Mode zu sein!  Finger weg von Softonic!!  Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
26.07.2012, 18:15
| #5 |
| | 2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner Jetzt bin ja auch schlauer *Schnüff*. Mache es garantiert nicht wieder, aber manchmal ist es schwierig die richtigen Suchvariablen einzugeben um eben nich auf so einer vermüllten Seite zu landen....Sry Die Log-Datei liest sich so Code:
ATTFilter Found : Application Updater
***** [Files / Folders] *****
Folder Found : C:\Users\Wir Zuhause\AppData\LocalLow\pdfforge
Folder Found : C:\Users\Wir Zuhause\AppData\LocalLow\Search Settings
Folder Found : C:\Users\Wir Zuhause\AppData\Roaming\pdfforge
Folder Found : C:\Program Files (x86)\Application Updater
Folder Found : C:\Program Files (x86)\pdfforge Toolbar
Folder Found : C:\Program Files (x86)\Common Files\spigot
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\pdfforge
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\pdfforge
Key Found : HKCU\Software\Search Settings
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Application Updater
Key Found : HKLM\SOFTWARE\pdfforge
Key Found : HKLM\SOFTWARE\Search Settings
Key Found : HKLM\SOFTWARE\Wise Solutions
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
[x64] Key Found : HKCU\Software\AppDataLow\Software\pdfforge
[x64] Key Found : HKCU\Software\AppDataLow\Software\Search Settings
[x64] Key Found : HKCU\Software\pdfforge
[x64] Key Found : HKCU\Software\Search Settings
[x64] Key Found : HKCU\Software\Softonic
***** [Registre - GUID] *****
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
[x64] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v13.0.1 (de)
Profile name : default
File : C:\Users\Wir Zuhause\AppData\Roaming\Mozilla\Firefox\Profiles\g1ps9c6x.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [2434 octets] - [26/07/2012 19:12:10]
########## EOF - C:\AdwCleaner[R1].txt - [2562 octets] ##########
|
|
26.07.2012, 22:37
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Hätte dann mal drei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? 3.) Die Toolbar bzw. Weiterleitung nun weg?
__________________ --> 2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner |
|
26.07.2012, 23:12
| #7 |
| | 2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner Gemacht: Code:
ATTFilter # AdwCleaner v1.703 - Logfile created 07/26/2012 at 23:54:55
# Updated 20/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Wir Zuhause - KNOBELBECHER
# Running from : C:\Users\Wir Zuhause\Desktop\adwcleaner.exe
# Option [Delete]
***** [Services] *****
Stopped & Deleted : Application Updater
***** [Files / Folders] *****
Folder Deleted : C:\Users\Wir Zuhause\AppData\LocalLow\pdfforge
Folder Deleted : C:\Users\Wir Zuhause\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Wir Zuhause\AppData\Roaming\pdfforge
Folder Deleted : C:\Program Files (x86)\Application Updater
Folder Deleted : C:\Program Files (x86)\pdfforge Toolbar
Folder Deleted : C:\Program Files (x86)\Common Files\spigot
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\pdfforge
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\pdfforge
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Application Updater
Key Deleted : HKLM\SOFTWARE\pdfforge
Key Deleted : HKLM\SOFTWARE\Search Settings
Key Deleted : HKLM\SOFTWARE\Wise Solutions
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
***** [Registre - GUID] *****
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
***** [Internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Registry is clean.
-\\ Mozilla Firefox v13.0.1 (de)
Profile name : default
File : C:\Users\Wir Zuhause\AppData\Roaming\Mozilla\Firefox\Profiles\g1ps9c6x.default\prefs.js
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [2551 octets] - [26/07/2012 19:12:10]
AdwCleaner[R2].txt - [2611 octets] - [26/07/2012 19:20:23]
AdwCleaner[R3].txt - [2671 octets] - [26/07/2012 23:54:46]
AdwCleaner[S1].txt - [2271 octets] - [26/07/2012 23:54:55]
########## EOF - C:\AdwCleaner[S1].txt - [2399 octets] ##########
1. Das Herunterfahren des Rechners geht gefühlt 30 mal schneller. Das sofortige Herunterfahren des Rechners nach Schließen des Browser geht sofort ohne Warten auf Hintergrundprogramme, abgesehen von jetzt: adware.exe. Edit1: Das Browseröffnen+Seite laden geht schneller mind. 3 mal so schnell 2. Kann sein, kann ich nicht so nachvollziehen. Tendiere zu Nein. 3. K.A. Hatte keine Toolbar, bzw. wenn hatte ich diese über andere Wege (manuelle Einstellung von Firefox) zumindest im Browser deaktiviert. Aber entfernt wahrscheinlich genau jetzt über Adware. 4.!!!!!!!!! DANKE !!!!!!!!!!!!!!!!!!!! Gruß Frank Geändert von Knobelhannes (26.07.2012 um 23:32 Uhr) |
|
27.07.2012, 08:15
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.07.2012, 10:24
| #9 |
| | 2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner Moin Moin, Das OTL-Log von heute mit der heutig geladenen Version Code:
ATTFilter OTL logfile created on: 27.07.2012 11:07:21 - Run 2
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Wir Zuhause\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 74,98% Memory free
8,00 Gb Paging File | 6,73 Gb Available in Paging File | 84,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 299,90 Gb Total Space | 236,26 Gb Free Space | 78,78% Space Free | Partition Type: NTFS
Drive D: | 631,51 Gb Total Space | 613,84 Gb Free Space | 97,20% Space Free | Partition Type: NTFS
Computer Name: KNOBELBECHER | User Name: Wir Zuhause | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.07.27 11:04:06 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Wir Zuhause\Desktop\OTL(1).exe
PRC - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.09.25 19:07:58 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2009.10.13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
========== Modules (No Company Name) ==========
MOD - [2011.09.25 19:07:58 | 003,077,528 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
========== Win32 Services (SafeList) ==========
SRV - [2012.06.17 10:14:46 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.10.13 09:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.06.23 11:10:56 | 000,344,680 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.04.27 10:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.04.27 10:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 03:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3180283940-2608338086-1196643646-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-3180283940-2608338086-1196643646-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3180283940-2608338086-1196643646-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3180283940-2608338086-1196643646-1000\..\SearchScopes\{ABDADF06-9C5F-4467-ADBD-A50FFE434085}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-3180283940-2608338086-1196643646-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: browserprotect@browserprotect.com:1.1.3
FF - prefs.js..extensions.enabledItems: cookiekiller@joseph.moran:1.0.11
FF - prefs.js..extensions.enabledItems: externalip@erik.morlin:0.9.9.6
FF - prefs.js..extensions.enabledItems: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.5
FF - prefs.js..extensions.enabledItems: {6614d11d-d21d-b211-ae23-815234e1ebb5}:1.0.23
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.9
FF - prefs.js..extensions.enabledItems: FFToolbar@bitdefender.com:2.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 10:14:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.13 10:20:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.20 11:35:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.17 10:14:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.13 10:20:44 | 000,000,000 | ---D | M]
[2011.01.13 00:20:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wir Zuhause\AppData\Roaming\mozilla\Extensions
[2012.07.26 23:57:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wir Zuhause\AppData\Roaming\mozilla\Firefox\Profiles\g1ps9c6x.default\extensions
[2012.07.09 20:34:35 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Wir Zuhause\AppData\Roaming\mozilla\Firefox\Profiles\g1ps9c6x.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011.05.11 11:35:54 | 000,000,000 | ---D | M] (BrowserProtect) -- C:\Users\Wir Zuhause\AppData\Roaming\mozilla\Firefox\Profiles\g1ps9c6x.default\extensions\browserprotect@browserprotect.com
[2011.01.15 10:21:24 | 000,000,000 | ---D | M] (external IP) -- C:\Users\Wir Zuhause\AppData\Roaming\mozilla\Firefox\Profiles\g1ps9c6x.default\extensions\externalip@erik.morlin
[2012.04.23 12:02:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.07.26 23:33:26 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.08 21:39:29 | 000,164,885 | ---- | M] () (No name found) -- C:\USERS\WIR ZUHAUSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G1PS9C6X.DEFAULT\EXTENSIONS\{6614D11D-D21D-B211-AE23-815234E1EBB5}.XPI
[2011.09.16 22:46:13 | 000,057,127 | ---- | M] () (No name found) -- C:\USERS\WIR ZUHAUSE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\G1PS9C6X.DEFAULT\EXTENSIONS\COOKIEKILLER@JOSEPH.MORAN.XPI
[2012.06.17 10:14:46 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.19 18:21:31 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2010.12.09 12:47:06 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.04.23 12:02:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.23 12:02:32 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.23 12:02:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.23 12:02:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.23 12:02:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.23 12:02:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [itype] C:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3180283940-2608338086-1196643646-1000..\Run: [Meine Traffic] C:\PROGRA~2\MT\MT.EXE (Mirko Böer Softwareentwicklungen)
O4 - HKU\S-1-5-21-3180283940-2608338086-1196643646-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-3180283940-2608338086-1196643646-1005..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3180283940-2608338086-1196643646-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{013C6BA5-3355-4F15-BB34-6AAF6CD4B685}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{628eb08d-8ce6-11e0-a7d7-6c626d99f886}\Shell - "" = AutoRun
O33 - MountPoints2\{628eb08d-8ce6-11e0-a7d7-6c626d99f886}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9a13ca6d-c6d4-11e1-a93d-6c626d99f886}\Shell - "" = AutoRun
O33 - MountPoints2\{9a13ca6d-c6d4-11e1-a93d-6c626d99f886}\Shell\AutoRun\command - "" = G:\EasySuite.exe bootup
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lhacm - C:\Windows\SysWow64\lhacm.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012.07.27 11:04:05 | 000,597,504 | ---- | C] (OldTimer Tools) -- C:\Users\Wir Zuhause\Desktop\OTL(1).exe
[2012.07.25 22:42:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.24 22:59:19 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\Documents\Hochszeitung
[2012.07.17 21:40:28 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\Desktop\kerstin
[2012.07.14 09:48:42 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\AppData\Roaming\Malwarebytes
[2012.07.14 09:48:22 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.14 09:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.14 09:48:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.14 09:48:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.13 10:55:07 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\Desktop\Hearts of Iron 2
[2012.07.05 14:03:33 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\AppData\Roaming\Avira
[2012.07.05 13:58:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.05 13:58:12 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.07.05 13:58:12 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.07.05 13:58:12 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.07.05 13:58:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.07.05 13:58:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.07.03 19:30:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.07.03 19:29:20 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2012.07.03 19:29:00 | 000,068,928 | ---- | C] (Khronos Group) -- C:\Windows\SysNative\OpenCL.dll
[2012.07.03 19:29:00 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\SysWow64\OpenCL.dll
[2012.07.03 19:28:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.06.27 14:44:29 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\AppData\Local\Programs
[2012.06.27 14:43:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
[2012.06.27 14:43:57 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\AppData\Local\ArcSoft
[2012.06.27 14:43:57 | 000,000,000 | ---D | C] -- C:\ProgramData\ArcSoft
[2012.06.27 14:43:03 | 000,022,784 | ---- | C] (Arcsoft, Inc.) -- C:\Windows\SysWow64\drivers\afc.sys
[2012.06.27 14:42:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft MediaImpression
[2012.06.27 14:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ArcSoft
[2012.06.27 14:42:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ArcSoft
[2012.06.27 14:42:12 | 000,000,000 | ---D | C] -- C:\Users\Wir Zuhause\AppData\Roaming\ArcSoft
========== Files - Modified Within 30 Days ==========
[2012.07.27 11:06:10 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.27 11:04:06 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Wir Zuhause\Desktop\OTL(1).exe
[2012.07.27 11:02:07 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.27 11:02:07 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.27 10:59:15 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.27 10:59:15 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.27 10:59:15 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.27 10:59:15 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.27 10:59:15 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.27 10:55:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.27 10:54:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.27 10:54:42 | 3220,578,304 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.26 19:11:33 | 000,632,049 | ---- | M] () -- C:\Users\Wir Zuhause\Desktop\adwcleaner.exe
[2012.07.24 22:19:54 | 030,046,296 | ---- | M] () -- C:\Users\Wir Zuhause\Documents\Die Braut stellt sich 2.odt
[2012.07.22 19:16:02 | 000,000,000 | ---- | M] () -- C:\Users\Wir Zuhause\defogger_reenable
[2012.07.18 11:12:33 | 010,836,596 | ---- | M] () -- C:\Users\Wir Zuhause\Desktop\KerstinHoch2.odt
[2012.07.18 11:11:56 | 008,126,925 | ---- | M] () -- C:\Users\Wir Zuhause\Desktop\KerstinHoch3.odt
[2012.07.18 10:33:07 | 010,512,919 | ---- | M] () -- C:\Users\Wir Zuhause\Desktop\KerstinHoch1.odt
[2012.07.17 22:02:59 | 029,431,903 | ---- | M] () -- C:\Users\Wir Zuhause\Desktop\Kerstin2.odt
[2012.07.14 09:48:22 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.13 11:29:28 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.07.11 21:50:50 | 000,290,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.10 14:17:31 | 000,015,322 | ---- | M] () -- C:\Users\Public\Documents\Interview mit KErstinseltern.odt
[2012.07.05 13:58:18 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.27 14:42:59 | 000,002,139 | ---- | M] () -- C:\Users\Public\Desktop\Media Impression.lnk
========== Files Created - No Company Name ==========
[2012.07.26 19:11:31 | 000,632,049 | ---- | C] () -- C:\Users\Wir Zuhause\Desktop\adwcleaner.exe
[2012.07.22 22:45:58 | 030,046,296 | ---- | C] () -- C:\Users\Wir Zuhause\Documents\Die Braut stellt sich 2.odt
[2012.07.22 19:16:02 | 000,000,000 | ---- | C] () -- C:\Users\Wir Zuhause\defogger_reenable
[2012.07.18 11:11:51 | 008,126,925 | ---- | C] () -- C:\Users\Wir Zuhause\Desktop\KerstinHoch3.odt
[2012.07.18 10:33:00 | 010,512,919 | ---- | C] () -- C:\Users\Wir Zuhause\Desktop\KerstinHoch1.odt
[2012.07.18 10:32:43 | 010,836,596 | ---- | C] () -- C:\Users\Wir Zuhause\Desktop\KerstinHoch2.odt
[2012.07.17 21:59:40 | 029,431,903 | ---- | C] () -- C:\Users\Wir Zuhause\Desktop\Kerstin2.odt
[2012.07.14 09:48:22 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.13 11:29:28 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2012.07.10 14:17:30 | 000,015,322 | ---- | C] () -- C:\Users\Public\Documents\Interview mit KErstinseltern.odt
[2012.07.05 13:58:18 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.03 19:29:15 | 002,621,723 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.07.03 19:28:10 | 000,014,324 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb
[2012.06.27 14:42:59 | 000,002,139 | ---- | C] () -- C:\Users\Public\Desktop\Media Impression.lnk
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.02.21 13:38:51 | 000,100,159 | ---- | C] () -- C:\ProgramData\1329824262.bdinstall.bin
[2012.01.21 13:55:01 | 000,314,077 | ---- | C] () -- C:\ProgramData\1327146115.bdinstall.bin
[2012.01.21 13:39:35 | 000,102,491 | ---- | C] () -- C:\ProgramData\1327145953.bdinstall.bin
[2012.01.11 11:26:26 | 000,000,000 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\{770631B1-B43D-456E-8BAD-2F0B02957066}
[2011.11.08 08:51:28 | 000,000,000 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\{9A89FF69-F7B9-4CD0-9B02-6728492FFC6D}
[2011.10.27 16:37:27 | 000,000,000 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\{4C9748DF-FB2F-4E70-8833-66719F23A638}
[2011.10.24 10:52:09 | 000,000,000 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\{A6413DDB-12ED-4DD5-95B7-AF51B2D42B56}
[2011.07.12 06:20:58 | 000,000,000 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\{B4D045BD-854D-48C9-8D3E-E4A940095CA7}
[2011.06.28 21:23:07 | 000,007,611 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\Resmon.ResmonCfg
[2011.04.28 09:49:18 | 000,012,288 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.17 21:03:36 | 000,000,053 | ---- | C] () -- C:\Windows\COLONIZ.INI
[2011.03.15 22:03:53 | 000,590,145 | ---- | C] () -- C:\ProgramData\bdinstall.bin
[2011.01.30 15:39:09 | 000,000,161 | ---- | C] () -- C:\Users\Wir Zuhause\AppData\Roaming\default.rss
========== LOP Check ==========
[2011.08.27 12:15:13 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Canon
[2011.07.14 18:26:48 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\DS-Timer
[2011.01.15 23:04:38 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\JLC's Software
[2011.09.25 21:40:31 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\LolClient
[2012.05.24 10:27:32 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\LolClient2
[2012.01.20 12:05:27 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Meine Traffic
[2011.01.17 20:05:59 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\OpenOffice.org
[2011.03.15 22:04:25 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\QuickScan
[2011.05.23 19:05:24 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\temp
[2011.09.07 00:28:44 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Thunderbird
[2012.07.23 19:29:02 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\TS3Client
[2011.09.29 10:30:05 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\ts3overlay
[2012.07.12 19:32:07 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011.02.02 12:22:32 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Adobe
[2012.06.27 14:47:45 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\ArcSoft
[2012.07.05 14:03:33 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Avira
[2011.08.27 12:15:13 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Canon
[2011.07.14 18:26:48 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\DS-Timer
[2011.01.12 23:07:57 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Identities
[2011.01.19 18:26:12 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\InstallShield
[2011.01.15 23:04:38 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\JLC's Software
[2011.09.25 21:40:31 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\LolClient
[2012.05.24 10:27:32 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\LolClient2
[2011.01.13 00:38:21 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Macromedia
[2012.07.14 09:48:42 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Media Center Programs
[2012.01.20 12:05:27 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Meine Traffic
[2011.11.21 21:29:56 | 000,000,000 | --SD | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Microsoft
[2011.01.13 00:20:57 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Mozilla
[2011.01.26 01:32:20 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Nero
[2011.01.17 20:05:59 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\OpenOffice.org
[2011.03.15 22:04:25 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\QuickScan
[2011.05.04 23:16:49 | 000,000,000 | RH-D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\SecuROM
[2012.06.15 11:49:08 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Skype
[2011.07.13 10:35:15 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\teamspeak2
[2011.05.23 19:05:24 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\temp
[2011.09.07 00:28:44 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Thunderbird
[2012.07.23 19:29:02 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\TS3Client
[2011.09.29 10:30:05 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\ts3overlay
[2012.07.19 22:51:57 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\Winamp
[2011.01.31 23:39:05 | 000,000,000 | ---D | M] -- C:\Users\Wir Zuhause\AppData\Roaming\WinRAR
< %APPDATA%\*.exe /s >
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
< MD5 for: IASTORV.SYS >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\drivers\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\drivers\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
< MD5 for: USER32.DLL >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
< MD5 for: WININIT.EXE >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< MD5 for: WINLOGON.EXE >
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
< End of report >
|
|
27.07.2012, 13:29
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - user.js - File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3180283940-2608338086-1196643646-1005..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O4 - HKU\S-1-5-21-3180283940-2608338086-1196643646-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{628eb08d-8ce6-11e0-a7d7-6c626d99f886}\Shell - "" = AutoRun
O33 - MountPoints2\{628eb08d-8ce6-11e0-a7d7-6c626d99f886}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{9a13ca6d-c6d4-11e1-a93d-6c626d99f886}\Shell - "" = AutoRun
O33 - MountPoints2\{9a13ca6d-c6d4-11e1-a93d-6c626d99f886}\Shell\AutoRun\command - "" = G:\EasySuite.exe bootup
:Files
C:\Program Files (x86)\Common Files\Spigot
C:\Program Files (x86)\PDFCreator\Toolbar
C:\Program Files (x86)\pdfforge Toolbar
G:\Frank IBM\Dokumente und Einstellungen\Administrator 2\Eigene Dateien\Internetprogramme\vidalia-bundle-0.2.0.31-0.1.9.exe
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.07.2012, 22:14
| #11 |
| | 2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner Guten Abend, Als Hinweis die externe Festplatte, wo die alte Daten drauf sind hatte ich nicht angeschlossen da Antivir da Viren gefunden hatte und ich meinen Rechner nicht neu infizieren wollte. Muß Dich da eh fragen: Wie kann ich ein paar alte Daten auf eine DVD brennen ohne das ich in dem Augenblick, wo die Festplatte per USB verbunden ist Viren auf meine Rechner hole? Die geforderte FIX-Log-File liest sich so: Code:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3180283940-2608338086-1196643646-1005\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3180283940-2608338086-1196643646-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Pando Media Booster deleted successfully.
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe moved successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{628eb08d-8ce6-11e0-a7d7-6c626d99f886}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{628eb08d-8ce6-11e0-a7d7-6c626d99f886}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{628eb08d-8ce6-11e0-a7d7-6c626d99f886}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{628eb08d-8ce6-11e0-a7d7-6c626d99f886}\ not found.
File H:\setup_vmc_lite.exe /checkApplicationPresence not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a13ca6d-c6d4-11e1-a93d-6c626d99f886}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a13ca6d-c6d4-11e1-a93d-6c626d99f886}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9a13ca6d-c6d4-11e1-a93d-6c626d99f886}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9a13ca6d-c6d4-11e1-a93d-6c626d99f886}\ not found.
File G:\EasySuite.exe bootup not found.
========== FILES ==========
File\Folder C:\Program Files (x86)\Common Files\Spigot not found.
C:\Program Files (x86)\PDFCreator\Toolbar folder moved successfully.
File\Folder C:\Program Files (x86)\pdfforge Toolbar not found.
File\Folder G:\Frank IBM\Dokumente und Einstellungen\Administrator 2\Eigene Dateien\Internetprogramme\vidalia-bundle-0.2.0.31-0.1.9.exe not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Wir Zuhause
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 3052280 bytes
->Java cache emptied: 806206 bytes
->FireFox cache emptied: 55243520 bytes
->Flash cache emptied: 563 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5022424 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 192516 bytes
RecycleBin emptied: 15208930 bytes
Total Files Cleaned = 76,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default
User: Default User
User: Public
User: UpdatusUser
User: Wir Zuhause
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.55.0 log created on 07272012_230227
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
27.07.2012, 22:43
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.07.2012, 17:58
| #13 |
| | 2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner Hallo Cosinus, bin erst heute wieder da, habe 2mal sicherheitshalber Deine Anweisung gemacht. Beide Logs ergaben keine Funde. Das aktuelleree poste ich. Viele Grüße Frank Code:
ATTFilter 18:46:25.0048 4064 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:46:27.0061 4064 ============================================================
18:46:27.0061 4064 Current date / time: 2012/07/30 18:46:27.0061
18:46:27.0061 4064 SystemInfo:
18:46:27.0061 4064
18:46:27.0061 4064 OS Version: 6.1.7601 ServicePack: 1.0
18:46:27.0061 4064 Product type: Workstation
18:46:27.0061 4064 ComputerName: KNOBELBECHER
18:46:27.0061 4064 UserName: Wir Zuhause
18:46:27.0061 4064 Windows directory: C:\Windows
18:46:27.0061 4064 System windows directory: C:\Windows
18:46:27.0061 4064 Running under WOW64
18:46:27.0061 4064 Processor architecture: Intel x64
18:46:27.0061 4064 Number of processors: 2
18:46:27.0061 4064 Page size: 0x1000
18:46:27.0061 4064 Boot type: Normal boot
18:46:27.0061 4064 ============================================================
18:46:28.0746 4064 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:46:28.0746 4064 ============================================================
18:46:28.0746 4064 \Device\Harddisk0\DR0:
18:46:28.0746 4064 MBR partitions:
18:46:28.0746 4064 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
18:46:28.0746 4064 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x257CE000
18:46:28.0746 4064 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x25800800, BlocksNum 0x4EF05800
18:46:28.0746 4064 ============================================================
18:46:28.0761 4064 C: <-> \Device\Harddisk0\DR0\Partition1
18:46:28.0824 4064 D: <-> \Device\Harddisk0\DR0\Partition2
18:46:28.0824 4064 ============================================================
18:46:28.0824 4064 Initialize success
18:46:28.0824 4064 ============================================================
18:48:41.0954 2836 ============================================================
18:48:41.0954 2836 Scan started
18:48:41.0954 2836 Mode: Manual;
18:48:41.0954 2836 ============================================================
18:48:43.0218 2836 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:48:43.0234 2836 1394ohci - ok
18:48:43.0327 2836 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
18:48:43.0358 2836 ACDaemon - ok
18:48:43.0390 2836 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:48:43.0390 2836 ACPI - ok
18:48:43.0405 2836 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:48:43.0405 2836 AcpiPmi - ok
18:48:43.0452 2836 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:48:43.0468 2836 AdobeARMservice - ok
18:48:43.0530 2836 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:48:43.0546 2836 adp94xx - ok
18:48:43.0577 2836 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:48:43.0608 2836 adpahci - ok
18:48:43.0624 2836 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:48:43.0624 2836 adpu320 - ok
18:48:43.0639 2836 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:48:43.0655 2836 AeLookupSvc - ok
18:48:43.0717 2836 Afc (6ccd1135320109d6b219f1a6e04ad9f6) C:\Windows\syswow64\drivers\Afc.sys
18:48:43.0733 2836 Afc - ok
18:48:43.0780 2836 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:48:43.0811 2836 AFD - ok
18:48:43.0842 2836 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:48:43.0842 2836 agp440 - ok
18:48:43.0858 2836 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:48:43.0858 2836 ALG - ok
18:48:43.0873 2836 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:48:43.0873 2836 aliide - ok
18:48:43.0889 2836 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:48:43.0889 2836 amdide - ok
18:48:43.0904 2836 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:48:43.0904 2836 AmdK8 - ok
18:48:43.0936 2836 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:48:43.0936 2836 AmdPPM - ok
18:48:43.0967 2836 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
18:48:43.0967 2836 amdsata - ok
18:48:43.0982 2836 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:48:43.0998 2836 amdsbs - ok
18:48:43.0998 2836 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
18:48:43.0998 2836 amdxata - ok
18:48:44.0076 2836 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:48:44.0092 2836 AntiVirSchedulerService - ok
18:48:44.0107 2836 Scan interrupted by user!
18:48:44.0107 2836 Scan interrupted by user!
18:48:44.0107 2836 Scan interrupted by user!
18:48:44.0107 2836 ============================================================
18:48:44.0107 2836 Scan finished
18:48:44.0107 2836 ============================================================
18:48:44.0107 2840 Detected object count: 0
18:48:44.0107 2840 Actual detected object count: 0
18:48:51.0673 2512 ============================================================
18:48:51.0673 2512 Scan started
18:48:51.0673 2512 Mode: Manual; SigCheck; TDLFS;
18:48:51.0673 2512 ============================================================
18:48:51.0767 2512 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:48:51.0954 2512 1394ohci - ok
18:48:52.0016 2512 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
18:48:52.0094 2512 ACDaemon - ok
18:48:52.0110 2512 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:48:52.0126 2512 ACPI - ok
18:48:52.0126 2512 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:48:52.0204 2512 AcpiPmi - ok
18:48:52.0250 2512 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:48:52.0266 2512 AdobeARMservice - ok
18:48:52.0282 2512 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:48:52.0313 2512 adp94xx - ok
18:48:52.0328 2512 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:48:52.0344 2512 adpahci - ok
18:48:52.0360 2512 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:48:52.0375 2512 adpu320 - ok
18:48:52.0391 2512 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:48:52.0531 2512 AeLookupSvc - ok
18:48:52.0578 2512 Afc (6ccd1135320109d6b219f1a6e04ad9f6) C:\Windows\syswow64\drivers\Afc.sys
18:48:52.0609 2512 Afc - ok
18:48:52.0640 2512 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:48:52.0703 2512 AFD - ok
18:48:52.0718 2512 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:48:52.0734 2512 agp440 - ok
18:48:52.0750 2512 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:48:52.0812 2512 ALG - ok
18:48:52.0828 2512 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:48:52.0859 2512 aliide - ok
18:48:52.0874 2512 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:48:52.0874 2512 amdide - ok
18:48:52.0890 2512 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:48:52.0921 2512 AmdK8 - ok
18:48:52.0937 2512 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:48:52.0968 2512 AmdPPM - ok
18:48:52.0999 2512 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
18:48:53.0015 2512 amdsata - ok
18:48:53.0015 2512 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:48:53.0030 2512 amdsbs - ok
18:48:53.0046 2512 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
18:48:53.0046 2512 amdxata - ok
18:48:53.0108 2512 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
18:48:53.0140 2512 AntiVirSchedulerService - ok
18:48:53.0155 2512 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
18:48:53.0186 2512 AntiVirService - ok
18:48:53.0218 2512 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:48:53.0264 2512 AppID - ok
18:48:53.0280 2512 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:48:53.0342 2512 AppIDSvc - ok
18:48:53.0374 2512 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:48:53.0389 2512 Appinfo - ok
18:48:53.0405 2512 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:48:53.0420 2512 arc - ok
18:48:53.0436 2512 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:48:53.0452 2512 arcsas - ok
18:48:53.0467 2512 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:48:53.0561 2512 AsyncMac - ok
18:48:53.0576 2512 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:48:53.0592 2512 atapi - ok
18:48:53.0623 2512 AtiPcie (7c5d273e29dcc5505469b299c6f29163) C:\Windows\system32\DRIVERS\AtiPcie.sys
18:48:53.0639 2512 AtiPcie - ok
18:48:53.0686 2512 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:48:53.0732 2512 AudioEndpointBuilder - ok
18:48:53.0732 2512 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:48:53.0764 2512 AudioSrv - ok
18:48:53.0795 2512 avgntflt (26e38b5a58c6c55fafbc563eeddb0867) C:\Windows\system32\DRIVERS\avgntflt.sys
18:48:53.0810 2512 avgntflt - ok
18:48:53.0826 2512 avipbb (9d1f00beff84cbbf46d7f052bc7e0565) C:\Windows\system32\DRIVERS\avipbb.sys
18:48:53.0842 2512 avipbb - ok
18:48:53.0842 2512 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
18:48:53.0857 2512 avkmgr - ok
18:48:53.0888 2512 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:48:53.0982 2512 AxInstSV - ok
18:48:54.0013 2512 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:48:54.0076 2512 b06bdrv - ok
18:48:54.0107 2512 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:48:54.0138 2512 b57nd60a - ok
18:48:54.0185 2512 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:48:54.0263 2512 BDESVC - ok
18:48:54.0278 2512 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:48:54.0356 2512 Beep - ok
18:48:54.0419 2512 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
18:48:54.0466 2512 BFE - ok
18:48:54.0512 2512 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
18:48:54.0559 2512 BITS - ok
18:48:54.0590 2512 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:48:54.0622 2512 blbdrive - ok
18:48:54.0637 2512 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:48:54.0684 2512 bowser - ok
18:48:54.0700 2512 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:48:54.0778 2512 BrFiltLo - ok
18:48:54.0793 2512 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:48:54.0809 2512 BrFiltUp - ok
18:48:54.0840 2512 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:48:54.0918 2512 Browser - ok
18:48:54.0949 2512 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:48:55.0027 2512 Brserid - ok
18:48:55.0043 2512 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:48:55.0074 2512 BrSerWdm - ok
18:48:55.0090 2512 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:48:55.0121 2512 BrUsbMdm - ok
18:48:55.0121 2512 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:48:55.0136 2512 BrUsbSer - ok
18:48:55.0152 2512 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:48:55.0183 2512 BTHMODEM - ok
18:48:55.0214 2512 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:48:55.0277 2512 bthserv - ok
18:48:55.0292 2512 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:48:55.0370 2512 cdfs - ok
18:48:55.0402 2512 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
18:48:55.0448 2512 cdrom - ok
18:48:55.0464 2512 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:48:55.0526 2512 CertPropSvc - ok
18:48:55.0526 2512 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:48:55.0542 2512 circlass - ok
18:48:55.0558 2512 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:48:55.0573 2512 CLFS - ok
18:48:55.0620 2512 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:48:55.0636 2512 clr_optimization_v2.0.50727_32 - ok
18:48:55.0667 2512 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:48:55.0682 2512 clr_optimization_v2.0.50727_64 - ok
18:48:55.0698 2512 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:48:55.0729 2512 CmBatt - ok
18:48:55.0745 2512 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:48:55.0745 2512 cmdide - ok
18:48:55.0776 2512 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
18:48:55.0807 2512 CNG - ok
18:48:55.0807 2512 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:48:55.0823 2512 Compbatt - ok
18:48:55.0838 2512 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:48:55.0870 2512 CompositeBus - ok
18:48:55.0870 2512 COMSysApp - ok
18:48:55.0885 2512 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:48:55.0885 2512 crcdisk - ok
18:48:55.0916 2512 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
18:48:55.0963 2512 CryptSvc - ok
18:48:55.0994 2512 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:48:56.0026 2512 DcomLaunch - ok
18:48:56.0057 2512 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:48:56.0104 2512 defragsvc - ok
18:48:56.0135 2512 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:48:56.0182 2512 DfsC - ok
18:48:56.0197 2512 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:48:56.0244 2512 Dhcp - ok
18:48:56.0244 2512 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:48:56.0291 2512 discache - ok
18:48:56.0322 2512 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:48:56.0322 2512 Disk - ok
18:48:56.0353 2512 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:48:56.0416 2512 Dnscache - ok
18:48:56.0447 2512 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:48:56.0494 2512 dot3svc - ok
18:48:56.0525 2512 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:48:56.0556 2512 DPS - ok
18:48:56.0603 2512 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:48:56.0634 2512 drmkaud - ok
18:48:56.0681 2512 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:48:56.0712 2512 DXGKrnl - ok
18:48:56.0743 2512 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:48:56.0759 2512 EapHost - ok
18:48:56.0852 2512 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:48:56.0915 2512 ebdrv - ok
18:48:56.0977 2512 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:48:57.0024 2512 EFS - ok
18:48:57.0086 2512 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:48:57.0133 2512 ehRecvr - ok
18:48:57.0149 2512 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:48:57.0196 2512 ehSched - ok
18:48:57.0242 2512 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:48:57.0289 2512 elxstor - ok
18:48:57.0305 2512 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:48:57.0336 2512 ErrDev - ok
18:48:57.0352 2512 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:48:57.0398 2512 EventSystem - ok
18:48:57.0414 2512 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:48:57.0445 2512 exfat - ok
18:48:57.0461 2512 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:48:57.0492 2512 fastfat - ok
18:48:57.0554 2512 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:48:57.0586 2512 Fax - ok
18:48:57.0586 2512 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:48:57.0601 2512 fdc - ok
18:48:57.0617 2512 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:48:57.0679 2512 fdPHost - ok
18:48:57.0695 2512 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:48:57.0726 2512 FDResPub - ok
18:48:57.0742 2512 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:48:57.0757 2512 FileInfo - ok
18:48:57.0773 2512 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:48:57.0820 2512 Filetrace - ok
18:48:57.0820 2512 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:48:57.0820 2512 flpydisk - ok
18:48:57.0851 2512 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:48:57.0851 2512 FltMgr - ok
18:48:57.0898 2512 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
18:48:57.0944 2512 FontCache - ok
18:48:58.0022 2512 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:48:58.0038 2512 FontCache3.0.0.0 - ok
18:48:58.0054 2512 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:48:58.0069 2512 FsDepends - ok
18:48:58.0100 2512 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:48:58.0116 2512 Fs_Rec - ok
18:48:58.0147 2512 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:48:58.0163 2512 fvevol - ok
18:48:58.0178 2512 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:48:58.0194 2512 gagp30kx - ok
18:48:58.0210 2512 GMSIPCI - ok
18:48:58.0241 2512 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:48:58.0303 2512 gpsvc - ok
18:48:58.0397 2512 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:48:58.0412 2512 gupdate - ok
18:48:58.0428 2512 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:48:58.0444 2512 gupdatem - ok
18:48:58.0444 2512 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:48:58.0475 2512 hcw85cir - ok
18:48:58.0506 2512 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:48:58.0537 2512 HdAudAddService - ok
18:48:58.0553 2512 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:48:58.0584 2512 HDAudBus - ok
18:48:58.0600 2512 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:48:58.0631 2512 HidBatt - ok
18:48:58.0646 2512 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:48:58.0662 2512 HidBth - ok
18:48:58.0662 2512 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:48:58.0693 2512 HidIr - ok
18:48:58.0724 2512 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
18:48:58.0756 2512 hidserv - ok
18:48:58.0771 2512 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:48:58.0787 2512 HidUsb - ok
18:48:58.0818 2512 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:48:58.0880 2512 hkmsvc - ok
18:48:58.0896 2512 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:48:58.0943 2512 HomeGroupListener - ok
18:48:58.0958 2512 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:48:58.0990 2512 HomeGroupProvider - ok
18:48:59.0005 2512 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:48:59.0021 2512 HpSAMD - ok
18:48:59.0068 2512 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:48:59.0114 2512 HTTP - ok
18:48:59.0130 2512 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:48:59.0130 2512 hwpolicy - ok
18:48:59.0161 2512 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:48:59.0177 2512 i8042prt - ok
18:48:59.0208 2512 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
18:48:59.0224 2512 iaStorV - ok
18:48:59.0333 2512 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:48:59.0380 2512 idsvc - ok
18:48:59.0395 2512 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:48:59.0411 2512 iirsp - ok
18:48:59.0426 2512 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:48:59.0489 2512 IKEEXT - ok
18:48:59.0567 2512 IntcAzAudAddService (f5872a11eb4f6db170d636cd4e53ca9f) C:\Windows\system32\drivers\RTKVHD64.sys
18:48:59.0598 2512 IntcAzAudAddService - ok
18:48:59.0676 2512 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:48:59.0707 2512 intelide - ok
18:48:59.0723 2512 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:48:59.0738 2512 intelppm - ok
18:48:59.0754 2512 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:48:59.0801 2512 IPBusEnum - ok
18:48:59.0832 2512 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:48:59.0879 2512 IpFilterDriver - ok
18:48:59.0926 2512 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
18:48:59.0957 2512 iphlpsvc - ok
18:48:59.0972 2512 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:48:59.0988 2512 IPMIDRV - ok
18:49:00.0004 2512 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:49:00.0050 2512 IPNAT - ok
18:49:00.0082 2512 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:49:00.0175 2512 IRENUM - ok
18:49:00.0191 2512 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:49:00.0206 2512 isapnp - ok
18:49:00.0222 2512 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:49:00.0253 2512 iScsiPrt - ok
18:49:00.0269 2512 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
18:49:00.0269 2512 kbdclass - ok
18:49:00.0300 2512 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
18:49:00.0331 2512 kbdhid - ok
18:49:00.0362 2512 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:49:00.0394 2512 KeyIso - ok
18:49:00.0409 2512 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
18:49:00.0425 2512 KSecDD - ok
18:49:00.0440 2512 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
18:49:00.0456 2512 KSecPkg - ok
18:49:00.0456 2512 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:49:00.0503 2512 ksthunk - ok
18:49:00.0518 2512 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:49:00.0565 2512 KtmRm - ok
18:49:00.0612 2512 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
18:49:00.0706 2512 LanmanServer - ok
18:49:00.0721 2512 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:49:00.0784 2512 LanmanWorkstation - ok
18:49:00.0815 2512 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:49:00.0862 2512 lltdio - ok
18:49:00.0893 2512 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:49:00.0924 2512 lltdsvc - ok
18:49:00.0924 2512 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:49:00.0955 2512 lmhosts - ok
18:49:00.0971 2512 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:49:00.0986 2512 LSI_FC - ok
18:49:01.0002 2512 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:49:01.0018 2512 LSI_SAS - ok
18:49:01.0018 2512 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:49:01.0033 2512 LSI_SAS2 - ok
18:49:01.0049 2512 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:49:01.0049 2512 LSI_SCSI - ok
18:49:01.0064 2512 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:49:01.0111 2512 luafv - ok
18:49:01.0127 2512 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:49:01.0189 2512 Mcx2Svc - ok
18:49:01.0205 2512 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:49:01.0220 2512 megasas - ok
18:49:01.0236 2512 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:49:01.0267 2512 MegaSR - ok
18:49:01.0283 2512 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:49:01.0314 2512 MMCSS - ok
18:49:01.0345 2512 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:49:01.0376 2512 Modem - ok
18:49:01.0408 2512 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:49:01.0439 2512 monitor - ok
18:49:01.0470 2512 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:49:01.0517 2512 mouclass - ok
18:49:01.0517 2512 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:49:01.0548 2512 mouhid - ok
18:49:01.0564 2512 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:49:01.0579 2512 mountmgr - ok
18:49:01.0673 2512 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
18:49:01.0720 2512 MozillaMaintenance - ok
18:49:01.0735 2512 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:49:01.0766 2512 mpio - ok
18:49:01.0782 2512 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:49:01.0813 2512 mpsdrv - ok
18:49:01.0860 2512 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
18:49:01.0907 2512 MpsSvc - ok
18:49:01.0922 2512 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:49:01.0954 2512 MRxDAV - ok
18:49:01.0985 2512 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:49:02.0032 2512 mrxsmb - ok
18:49:02.0063 2512 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:49:02.0078 2512 mrxsmb10 - ok
18:49:02.0110 2512 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:49:02.0125 2512 mrxsmb20 - ok
18:49:02.0141 2512 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:49:02.0156 2512 msahci - ok
18:49:02.0172 2512 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:49:02.0188 2512 msdsm - ok
18:49:02.0219 2512 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:49:02.0234 2512 MSDTC - ok
18:49:02.0250 2512 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:49:02.0281 2512 Msfs - ok
18:49:02.0297 2512 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:49:02.0328 2512 mshidkmdf - ok
18:49:02.0344 2512 MSICDSetup - ok
18:49:02.0375 2512 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:49:02.0390 2512 msisadrv - ok
18:49:02.0406 2512 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:49:02.0437 2512 MSiSCSI - ok
18:49:02.0453 2512 msiserver - ok
18:49:02.0468 2512 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:49:02.0546 2512 MSKSSRV - ok
18:49:02.0562 2512 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:49:02.0609 2512 MSPCLOCK - ok
18:49:02.0609 2512 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:49:02.0671 2512 MSPQM - ok
18:49:02.0702 2512 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:49:02.0734 2512 MsRPC - ok
18:49:02.0749 2512 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:49:02.0765 2512 mssmbios - ok
18:49:02.0765 2512 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:49:02.0812 2512 MSTEE - ok
18:49:02.0827 2512 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:49:02.0843 2512 MTConfig - ok
18:49:02.0858 2512 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:49:02.0858 2512 Mup - ok
18:49:02.0890 2512 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:49:02.0936 2512 napagent - ok
18:49:02.0968 2512 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:49:02.0999 2512 NativeWifiP - ok
18:49:03.0061 2512 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:49:03.0092 2512 NDIS - ok
18:49:03.0092 2512 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:49:03.0124 2512 NdisCap - ok
18:49:03.0155 2512 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:49:03.0186 2512 NdisTapi - ok
18:49:03.0217 2512 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:49:03.0248 2512 Ndisuio - ok
18:49:03.0264 2512 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:49:03.0311 2512 NdisWan - ok
18:49:03.0311 2512 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:49:03.0342 2512 NDProxy - ok
18:49:03.0482 2512 Nero BackItUp Scheduler 4.0 (7d2633295eb6ff2b938185874884059d) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
18:49:03.0498 2512 Nero BackItUp Scheduler 4.0 - ok
18:49:03.0514 2512 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:49:03.0545 2512 NetBIOS - ok
18:49:03.0560 2512 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:49:03.0592 2512 NetBT - ok
18:49:03.0607 2512 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:49:03.0623 2512 Netlogon - ok
18:49:03.0654 2512 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:49:03.0685 2512 Netman - ok
18:49:03.0716 2512 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:49:03.0748 2512 netprofm - ok
18:49:03.0826 2512 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:49:03.0857 2512 NetTcpPortSharing - ok
18:49:03.0872 2512 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:49:03.0872 2512 nfrd960 - ok
18:49:03.0904 2512 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:49:03.0950 2512 NlaSvc - ok
18:49:03.0950 2512 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:49:03.0982 2512 Npfs - ok
18:49:03.0997 2512 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:49:04.0044 2512 nsi - ok
18:49:04.0044 2512 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:49:04.0091 2512 nsiproxy - ok
18:49:04.0153 2512 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
18:49:04.0184 2512 Ntfs - ok
18:49:04.0247 2512 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:49:04.0278 2512 Null - ok
18:49:04.0309 2512 nusb3hub (285acec1b13a15ba520aae06bacb9cff) C:\Windows\system32\DRIVERS\nusb3hub.sys
18:49:04.0325 2512 nusb3hub - ok
18:49:04.0340 2512 nusb3xhc (f6d625ff7b56bb6ea063f0d3a5bbc996) C:\Windows\system32\DRIVERS\nusb3xhc.sys
18:49:04.0356 2512 nusb3xhc - ok
18:49:04.0387 2512 NVHDA (102806b360d0e6bc6e55bf47ef655d43) C:\Windows\system32\drivers\nvhda64v.sys
18:49:04.0418 2512 NVHDA - ok
18:49:04.0746 2512 nvlddmkm (ba0b4889c40380a01ecdf84c227a89c9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:49:04.0902 2512 nvlddmkm - ok
18:49:04.0996 2512 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
18:49:05.0027 2512 nvraid - ok
18:49:05.0042 2512 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
18:49:05.0074 2512 nvstor - ok
18:49:05.0136 2512 nvsvc (06633cf95bea62164c3bfca24bce6b11) C:\Windows\system32\nvvsvc.exe
18:49:05.0152 2512 nvsvc - ok
18:49:05.0276 2512 nvUpdatusService (53b629ce436b110c5689c2f6439e567b) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
18:49:05.0308 2512 nvUpdatusService - ok
18:49:05.0339 2512 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:49:05.0354 2512 nv_agp - ok
18:49:05.0370 2512 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:49:05.0401 2512 ohci1394 - ok
18:49:05.0432 2512 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:49:05.0464 2512 p2pimsvc - ok
18:49:05.0479 2512 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:49:05.0495 2512 p2psvc - ok
18:49:05.0526 2512 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:49:05.0526 2512 Parport - ok
18:49:05.0557 2512 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:49:05.0573 2512 partmgr - ok
18:49:05.0588 2512 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:49:05.0604 2512 PcaSvc - ok
18:49:05.0620 2512 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:49:05.0635 2512 pci - ok
18:49:05.0651 2512 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:49:05.0651 2512 pciide - ok
18:49:05.0666 2512 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:49:05.0682 2512 pcmcia - ok
18:49:05.0698 2512 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:49:05.0713 2512 pcw - ok
18:49:05.0729 2512 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:49:05.0791 2512 PEAUTH - ok
18:49:05.0838 2512 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:49:05.0932 2512 PerfHost - ok
18:49:06.0010 2512 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:49:06.0072 2512 pla - ok
18:49:06.0103 2512 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:49:06.0119 2512 PlugPlay - ok
18:49:06.0134 2512 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:49:06.0150 2512 PNRPAutoReg - ok
18:49:06.0166 2512 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:49:06.0181 2512 PNRPsvc - ok
18:49:06.0197 2512 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:49:06.0244 2512 PolicyAgent - ok
18:49:06.0275 2512 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:49:06.0306 2512 Power - ok
18:49:06.0368 2512 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:49:06.0446 2512 PptpMiniport - ok
18:49:06.0462 2512 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:49:06.0478 2512 Processor - ok
18:49:06.0509 2512 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
18:49:06.0540 2512 ProfSvc - ok
18:49:06.0571 2512 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:49:06.0571 2512 ProtectedStorage - ok
18:49:06.0602 2512 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:49:06.0634 2512 Psched - ok
18:49:06.0680 2512 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:49:06.0712 2512 ql2300 - ok
18:49:06.0758 2512 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:49:06.0774 2512 ql40xx - ok
18:49:06.0805 2512 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:49:06.0821 2512 QWAVE - ok
18:49:06.0836 2512 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:49:06.0852 2512 QWAVEdrv - ok
18:49:06.0868 2512 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:49:06.0914 2512 RasAcd - ok
18:49:06.0930 2512 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:49:06.0961 2512 RasAgileVpn - ok
18:49:06.0977 2512 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:49:06.0992 2512 RasAuto - ok
18:49:07.0024 2512 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:49:07.0070 2512 Rasl2tp - ok
18:49:07.0102 2512 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:49:07.0148 2512 RasMan - ok
18:49:07.0164 2512 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:49:07.0195 2512 RasPppoe - ok
18:49:07.0226 2512 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:49:07.0289 2512 RasSstp - ok
18:49:07.0320 2512 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:49:07.0351 2512 rdbss - ok
18:49:07.0367 2512 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:49:07.0414 2512 rdpbus - ok
18:49:07.0414 2512 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:49:07.0460 2512 RDPCDD - ok
18:49:07.0476 2512 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:49:07.0523 2512 RDPENCDD - ok
18:49:07.0523 2512 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:49:07.0538 2512 RDPREFMP - ok
18:49:07.0570 2512 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
18:49:07.0601 2512 RDPWD - ok
18:49:07.0632 2512 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:49:07.0648 2512 rdyboost - ok
18:49:07.0679 2512 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:49:07.0726 2512 RemoteAccess - ok
18:49:07.0741 2512 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:49:07.0788 2512 RemoteRegistry - ok
18:49:07.0788 2512 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:49:07.0835 2512 RpcEptMapper - ok
18:49:07.0850 2512 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:49:07.0882 2512 RpcLocator - ok
18:49:07.0913 2512 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:49:07.0944 2512 RpcSs - ok
18:49:07.0975 2512 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:49:08.0038 2512 rspndr - ok
18:49:08.0084 2512 RTL8167 (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:49:08.0131 2512 RTL8167 - ok
18:49:08.0162 2512 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:49:08.0178 2512 SamSs - ok
18:49:08.0194 2512 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:49:08.0209 2512 sbp2port - ok
18:49:08.0209 2512 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:49:08.0256 2512 SCardSvr - ok
18:49:08.0272 2512 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:49:08.0303 2512 scfilter - ok
18:49:08.0350 2512 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:49:08.0396 2512 Schedule - ok
18:49:08.0412 2512 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:49:08.0443 2512 SCPolicySvc - ok
18:49:08.0459 2512 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:49:08.0506 2512 SDRSVC - ok
18:49:08.0537 2512 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:49:08.0552 2512 secdrv - ok
18:49:08.0584 2512 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:49:08.0615 2512 seclogon - ok
18:49:08.0630 2512 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:49:08.0662 2512 SENS - ok
18:49:08.0677 2512 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:49:08.0708 2512 SensrSvc - ok
18:49:08.0724 2512 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:49:08.0724 2512 Serenum - ok
18:49:08.0740 2512 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:49:08.0755 2512 Serial - ok
18:49:08.0786 2512 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:49:08.0786 2512 sermouse - ok
18:49:08.0818 2512 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:49:08.0864 2512 SessionEnv - ok
18:49:08.0880 2512 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:49:08.0927 2512 sffdisk - ok
18:49:08.0942 2512 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:49:08.0958 2512 sffp_mmc - ok
18:49:08.0958 2512 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:49:08.0974 2512 sffp_sd - ok
18:49:08.0989 2512 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:49:09.0005 2512 sfloppy - ok
18:49:09.0036 2512 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
18:49:09.0067 2512 SharedAccess - ok
18:49:09.0098 2512 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:49:09.0130 2512 ShellHWDetection - ok
18:49:09.0145 2512 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:49:09.0145 2512 SiSRaid2 - ok
18:49:09.0161 2512 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:49:09.0176 2512 SiSRaid4 - ok
18:49:09.0192 2512 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:49:09.0270 2512 Smb - ok
18:49:09.0301 2512 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:49:09.0317 2512 SNMPTRAP - ok
18:49:09.0348 2512 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:49:09.0348 2512 spldr - ok
18:49:09.0379 2512 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:49:09.0426 2512 Spooler - ok
18:49:09.0520 2512 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:49:09.0582 2512 sppsvc - ok
18:49:09.0644 2512 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:49:09.0722 2512 sppuinotify - ok
18:49:09.0769 2512 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:49:09.0816 2512 srv - ok
18:49:09.0832 2512 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:49:09.0863 2512 srv2 - ok
18:49:09.0878 2512 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:49:09.0910 2512 srvnet - ok
18:49:09.0941 2512 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:49:09.0972 2512 SSDPSRV - ok
18:49:09.0988 2512 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:49:10.0019 2512 SstpSvc - ok
18:49:10.0097 2512 Stereo Service (c354621b6b94e10ae7f5cdbe745feb86) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
18:49:10.0128 2512 Stereo Service - ok
18:49:10.0144 2512 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:49:10.0159 2512 stexstor - ok
18:49:10.0190 2512 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:49:10.0237 2512 stisvc - ok
18:49:10.0268 2512 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:49:10.0268 2512 swenum - ok
18:49:10.0315 2512 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:49:10.0362 2512 swprv - ok
18:49:10.0424 2512 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:49:10.0471 2512 SysMain - ok
18:49:10.0549 2512 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:49:10.0612 2512 TabletInputService - ok
18:49:10.0643 2512 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:49:10.0690 2512 TapiSrv - ok
18:49:10.0705 2512 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:49:10.0768 2512 TBS - ok
18:49:10.0877 2512 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:49:10.0924 2512 Tcpip - ok
18:49:10.0986 2512 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:49:11.0017 2512 TCPIP6 - ok
18:49:11.0064 2512 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:49:11.0095 2512 tcpipreg - ok
18:49:11.0111 2512 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:49:11.0126 2512 TDPIPE - ok
18:49:11.0158 2512 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:49:11.0189 2512 TDTCP - ok
18:49:11.0220 2512 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:49:11.0251 2512 tdx - ok
18:49:11.0267 2512 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:49:11.0282 2512 TermDD - ok
18:49:11.0314 2512 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:49:11.0360 2512 TermService - ok
18:49:11.0360 2512 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:49:11.0392 2512 Themes - ok
18:49:11.0423 2512 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:49:11.0438 2512 THREADORDER - ok
18:49:11.0470 2512 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:49:11.0501 2512 TrkWks - ok
18:49:11.0548 2512 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:49:11.0610 2512 TrustedInstaller - ok
18:49:11.0626 2512 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:49:11.0657 2512 tssecsrv - ok
18:49:11.0704 2512 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:49:11.0766 2512 TsUsbFlt - ok
18:49:11.0813 2512 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:49:11.0891 2512 tunnel - ok
18:49:11.0922 2512 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:49:11.0938 2512 uagp35 - ok
18:49:11.0969 2512 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:49:12.0016 2512 udfs - ok
18:49:12.0031 2512 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:49:12.0062 2512 UI0Detect - ok
18:49:12.0078 2512 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:49:12.0094 2512 uliagpkx - ok
18:49:12.0125 2512 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:49:12.0156 2512 umbus - ok
18:49:12.0172 2512 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:49:12.0187 2512 UmPass - ok
18:49:12.0218 2512 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:49:12.0265 2512 upnphost - ok
18:49:12.0296 2512 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
18:49:12.0328 2512 usbccgp - ok
18:49:12.0359 2512 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:49:12.0374 2512 usbcir - ok
18:49:12.0390 2512 usbehci (2ea4aff7be7eb4632e3aa8595b0803b5) C:\Windows\system32\DRIVERS\usbehci.sys
18:49:12.0406 2512 usbehci - ok
18:49:12.0437 2512 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
18:49:12.0468 2512 usbhub - ok
18:49:12.0484 2512 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\DRIVERS\usbohci.sys
18:49:12.0499 2512 usbohci - ok
18:49:12.0499 2512 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:49:12.0530 2512 usbprint - ok
18:49:12.0562 2512 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:49:12.0562 2512 usbscan - ok
18:49:12.0577 2512 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:49:12.0608 2512 USBSTOR - ok
18:49:12.0624 2512 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\DRIVERS\usbuhci.sys
18:49:12.0640 2512 usbuhci - ok
18:49:12.0671 2512 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
18:49:12.0702 2512 usbvideo - ok
18:49:12.0733 2512 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:49:12.0764 2512 UxSms - ok
18:49:12.0780 2512 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:49:12.0796 2512 VaultSvc - ok
18:49:12.0811 2512 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:49:12.0811 2512 vdrvroot - ok
18:49:12.0858 2512 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:49:12.0920 2512 vds - ok
18:49:12.0952 2512 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:49:12.0967 2512 vga - ok
18:49:12.0967 2512 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:49:13.0014 2512 VgaSave - ok
18:49:13.0030 2512 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:49:13.0045 2512 vhdmp - ok
18:49:13.0061 2512 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:49:13.0061 2512 viaide - ok
18:49:13.0076 2512 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:49:13.0092 2512 volmgr - ok
18:49:13.0123 2512 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:49:13.0154 2512 volmgrx - ok
18:49:13.0170 2512 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:49:13.0186 2512 volsnap - ok
18:49:13.0201 2512 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:49:13.0201 2512 vsmraid - ok
18:49:13.0264 2512 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:49:13.0326 2512 VSS - ok
18:49:13.0404 2512 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\System32\drivers\vwifibus.sys
18:49:13.0435 2512 vwifibus - ok
18:49:13.0466 2512 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:49:13.0513 2512 W32Time - ok
18:49:13.0529 2512 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:49:13.0544 2512 WacomPen - ok
18:49:13.0576 2512 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:49:13.0622 2512 WANARP - ok
18:49:13.0622 2512 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:49:13.0638 2512 Wanarpv6 - ok
18:49:13.0685 2512 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:49:13.0747 2512 wbengine - ok
18:49:13.0778 2512 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:49:13.0794 2512 WbioSrvc - ok
18:49:13.0825 2512 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:49:13.0841 2512 wcncsvc - ok
18:49:13.0856 2512 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:49:13.0888 2512 WcsPlugInService - ok
18:49:13.0888 2512 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:49:13.0903 2512 Wd - ok
18:49:13.0934 2512 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:49:13.0950 2512 Wdf01000 - ok
18:49:13.0966 2512 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:49:14.0059 2512 WdiServiceHost - ok
18:49:14.0059 2512 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:49:14.0090 2512 WdiSystemHost - ok
18:49:14.0106 2512 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:49:14.0122 2512 WebClient - ok
18:49:14.0137 2512 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:49:14.0184 2512 Wecsvc - ok
18:49:14.0200 2512 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:49:14.0246 2512 wercplsupport - ok
18:49:14.0278 2512 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:49:14.0309 2512 WerSvc - ok
18:49:14.0340 2512 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:49:14.0356 2512 WfpLwf - ok
18:49:14.0371 2512 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:49:14.0387 2512 WIMMount - ok
18:49:14.0402 2512 WinDefend - ok
18:49:14.0418 2512 WinHttpAutoProxySvc - ok
18:49:14.0449 2512 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:49:14.0480 2512 Winmgmt - ok
18:49:14.0543 2512 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:49:14.0590 2512 WinRM - ok
18:49:14.0699 2512 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:49:14.0746 2512 WinUsb - ok
18:49:14.0792 2512 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:49:14.0839 2512 Wlansvc - ok
18:49:14.0855 2512 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:49:14.0870 2512 WmiAcpi - ok
18:49:14.0886 2512 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:49:14.0917 2512 wmiApSrv - ok
18:49:14.0933 2512 WMPNetworkSvc - ok
18:49:14.0933 2512 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:49:14.0964 2512 WPCSvc - ok
18:49:14.0980 2512 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:49:14.0995 2512 WPDBusEnum - ok
18:49:15.0026 2512 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:49:15.0089 2512 ws2ifsl - ok
18:49:15.0104 2512 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
18:49:15.0167 2512 wscsvc - ok
18:49:15.0167 2512 WSearch - ok
18:49:15.0260 2512 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
18:49:15.0292 2512 wuauserv - ok
18:49:15.0338 2512 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:49:15.0370 2512 WudfPf - ok
18:49:15.0416 2512 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:49:15.0448 2512 WUDFRd - ok
18:49:15.0463 2512 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:49:15.0494 2512 wudfsvc - ok
18:49:15.0526 2512 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:49:15.0541 2512 WwanSvc - ok
18:49:15.0557 2512 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
18:49:15.0728 2512 \Device\Harddisk0\DR0 - ok
18:49:15.0728 2512 Boot (0x1200) (7aa8e1c6bc6b3e0f0397fbfa196808af) \Device\Harddisk0\DR0\Partition0
18:49:15.0728 2512 \Device\Harddisk0\DR0\Partition0 - ok
18:49:15.0760 2512 Boot (0x1200) (f87845f54633b2e8d57eaed552a30701) \Device\Harddisk0\DR0\Partition1
18:49:15.0760 2512 \Device\Harddisk0\DR0\Partition1 - ok
18:49:15.0791 2512 Boot (0x1200) (ac7a0ee493a0d40f2a01650f1471751e) \Device\Harddisk0\DR0\Partition2
18:49:15.0791 2512 \Device\Harddisk0\DR0\Partition2 - ok
18:49:15.0791 2512 ============================================================
18:49:15.0791 2512 Scan finished
18:49:15.0791 2512 ============================================================
18:49:15.0806 2508 Detected object count: 0
18:49:15.0806 2508 Actual detected object count: 0
18:52:18.0925 4056 Deinitialize success
|
|
30.07.2012, 20:31
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | 2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.08.2012, 17:10
| #15 |
| | 2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner Hatte die letzten Tage recht vile zu tun, hatte zwischendurch Drobbox installiert, da ich recht große pdf.Dateien verschiken mußte... Combofix ausgeführt. Folgendes Log: Code:
ATTFilter ComboFix 12-08-05.02 - Wir Zuhause 05.08.2012 17:49:05.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.3073 [GMT 2:00]
ausgeführt von:: c:\users\Wir Zuhause\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\1327145953.bdinstall.bin
c:\programdata\1327146115.bdinstall.bin
c:\programdata\1329824262.bdinstall.bin
c:\windows\IsUn0407.exe
D:\INSTALL.EXE
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-05 bis 2012-08-05 ))))))))))))))))))))))))))))))
.
.
2012-08-01 15:27 . 2012-08-02 07:51 -------- d-----r- c:\users\Wir Zuhause\Dropbox
2012-08-01 14:35 . 2012-08-05 12:34 -------- d-----w- c:\users\Wir Zuhause\AppData\Roaming\Dropbox
2012-07-30 08:50 . 2012-07-30 08:50 -------- d-----w- c:\users\Wir Zuhause\AppData\Roaming\UDC Profiles
2012-07-30 08:49 . 2011-07-25 10:15 30656 ----a-w- c:\windows\system32\udcpm.dll
2012-07-30 08:49 . 2012-07-30 08:49 -------- d-----w- c:\program files (x86)\Universal Document Converter
2012-07-27 21:02 . 2012-07-27 21:02 -------- d-----w- C:\_OTL
2012-07-25 20:42 . 2012-07-25 20:42 -------- d-----w- c:\program files (x86)\ESET
2012-07-14 07:48 . 2012-07-14 07:48 -------- d-----w- c:\users\Wir Zuhause\AppData\Roaming\Malwarebytes
2012-07-14 07:48 . 2012-07-14 07:48 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-14 07:48 . 2012-07-14 07:48 -------- d-----w- c:\programdata\Malwarebytes
2012-07-14 07:48 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-11 19:48 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 08:34 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
2012-07-08 23:09 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-07-08 23:09 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-07-08 23:09 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-07-08 23:09 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-07-08 23:09 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-07-08 23:09 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-07-08 23:09 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-07-08 23:09 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-07-08 23:09 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-24 17:12 . 2012-04-05 09:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-24 17:12 . 2011-08-26 06:44 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 19:46 . 2011-01-23 10:40 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-05-15 10:48 . 2012-07-03 17:29 68928 ----a-w- c:\windows\system32\OpenCL.dll
2012-05-15 10:48 . 2012-07-03 17:29 61248 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-05-15 10:48 . 2012-07-03 17:28 949056 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-05-15 10:48 . 2012-07-03 17:28 818496 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-05-15 10:48 . 2012-07-03 17:28 8105280 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-05-15 10:48 . 2012-07-03 17:28 25743168 ----a-w- c:\windows\system32\nvoglv64.dll
2012-05-15 10:48 . 2012-07-03 17:28 19607872 ----a-w- c:\windows\SysWow64\nvoglv32.dll
2012-05-15 10:48 . 2012-07-03 17:28 10194752 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-05-15 10:48 . 2012-07-03 17:28 8139072 ----a-w- c:\windows\system32\nvcuda.dll
2012-05-15 10:48 . 2012-07-03 17:28 5982528 ----a-w- c:\windows\SysWow64\nvcuda.dll
2012-05-15 10:48 . 2012-07-03 17:28 364352 ----a-w- c:\windows\system32\nvdecodemft.dll
2012-05-15 10:48 . 2012-07-03 17:28 301376 ----a-w- c:\windows\SysWow64\nvdecodemft.dll
2012-05-15 10:48 . 2012-07-03 17:28 2881856 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-05-15 10:48 . 2012-07-03 17:28 2741568 ----a-w- c:\windows\system32\nvapi64.dll
2012-05-15 10:48 . 2012-07-03 17:28 2681664 ----a-w- c:\windows\system32\nvcuvid.dll
2012-05-15 10:48 . 2012-07-03 17:28 2524992 ----a-w- c:\windows\SysWow64\nvcuvid.dll
2012-05-15 10:48 . 2012-07-03 17:28 25248064 ----a-w- c:\windows\system32\nvcompiler.dll
2012-05-15 10:48 . 2012-07-03 17:28 246592 ----a-w- c:\windows\system32\nvinitx.dll
2012-05-15 10:48 . 2012-07-03 17:28 2445120 ----a-w- c:\windows\SysWow64\nvcuvenc.dll
2012-05-15 10:48 . 2012-07-03 17:28 2368832 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-05-15 10:48 . 2012-07-03 17:28 202048 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-05-15 10:48 . 2012-07-03 17:28 18044224 ----a-w- c:\windows\system32\nvd3dumx.dll
2012-05-15 10:48 . 2012-07-03 17:28 17551680 ----a-w- c:\windows\SysWow64\nvcompiler.dll
2012-05-15 10:48 . 2012-07-03 17:28 1738048 ----a-w- c:\windows\system32\nvdispco64.dll
2012-05-15 10:48 . 2012-07-03 17:28 15322432 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2012-05-15 10:48 . 2012-07-03 17:28 1468224 ----a-w- c:\windows\system32\nvgenco64.dll
2012-05-15 10:48 . 2012-07-03 17:28 14298944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-05-15 09:29 . 2012-07-03 17:29 889664 ----a-w- c:\windows\system32\nvvsvc.exe
2012-05-15 09:29 . 2012-07-03 17:29 63296 ----a-w- c:\windows\system32\nvshext.dll
2012-05-15 09:29 . 2012-07-03 17:29 2561856 ----a-w- c:\windows\system32\nvsvcr.dll
2012-05-15 09:29 . 2012-07-03 17:29 118080 ----a-w- c:\windows\system32\nvmctray.dll
2012-05-15 09:29 . 2012-07-03 17:29 2621723 ----a-w- c:\windows\system32\nvcoproc.bin
2012-05-15 09:29 . 2012-07-03 17:29 3149632 ----a-w- c:\windows\system32\nvsvc64.dll
2012-05-15 09:28 . 2012-07-03 17:29 6151488 ----a-w- c:\windows\system32\nvcpl.dll
2012-05-15 00:21 . 2012-05-15 00:21 423744 ----a-w- c:\windows\SysWow64\nvStreaming.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Meine Traffic"="c:\progra~2\MT\MT.EXE" [2012-01-20 1412096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08 136176]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08 136176]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-30 113120]
R3 MSICDSetup;MSICDSetup;E:\CDriver64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-05-15 1262400]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2012-04-18 188736]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08 21:52]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08 21:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2726728]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-05-21 2342800]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Wir Zuhause\AppData\Roaming\Mozilla\Firefox\Profiles\g1ps9c6x.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3180283940-2608338086-1196643646-1000\Software\SecuROM\License information*]
"datasecu"=hex:ae,61,5c,c9,66,0b,d7,32,c9,fb,48,1c,0b,65,cf,e5,4e,28,a4,40,87,
d2,dd,94,12,91,65,f0,57,dc,0f,06,39,54,1b,6b,e8,c1,81,0a,b4,e3,f9,ce,37,bd,\
"rkeysecu"=hex:bb,9f,76,9b,9d,f0,dd,96,60,d3,f0,6b,fb,f4,fb,41
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-05 17:55:56 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-08-05 15:55
.
Vor Suchlauf: 10 Verzeichnis(se), 242.467.049.472 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 243.344.855.040 Bytes frei
.
- - End Of File - - FCF65C088BD950F7AF710ED1C39F37AC
Danke Dir Arne Hätte da noch ein paar Fragen: 1. Ist jetzt derzeit mein System sauber? 2. Ich möchte 2 Bootpartitionen haben, sozusagen einen Bootmanager am Anfang...einmal Win7 als system und einemal linux (ubuntu o.ä.) Muß ich den Rechner neuaufsetzen? Lohnt sich das? Bin ein ONU (otto-Normal-User), mit ein paar erweiteren Kenntnissen. 3. Lohnt sich die Installation eines Sandkasten für den Browser für mich? Gruß Frank |
|
| Themen zu 2-fach Fund von PUP.OfferBundler.ST mit Malwarebyte auf meinem Rechner |
| adobe, antivir, autorun, battle.net, bho, desktop, error, fehler, firefox, flash player, google, google earth, helper, heuristiks/extra, heuristiks/shuriken, home, hängen, iexplore.exe, install.exe, ip-adresse, logfile, mozilla, nvidia update, pando media booster, pdfforge toolbar, plug-in, realtek, registry, richtlinie, rundll, searchscopes, security, starten, svchost.exe, teamspeak, udp, usb 3.0, version., viren |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
