Incredibar Firefox

krabat · 04.08.2012, 16:17

Hallo,
auch ich habe Bekanntschaft mit Incredibar gemacht und bitte nun höflichst um Hilfe.
Aufgefallen ist mir das Problem, als ich offline Firefox gestartet habe. Dabei fand sich Folgendes in der Adresszeile:

Code:

ATTFilter

hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://us.yhs4.search.yahoo.com/yhs/search?fr=altavista&itag=ody&q=hxxp://mystart.incredibar.com/mb144?a=6pqylaiolt

Analog eines anderen Threads hier zu Incredibar habe ich die dortigen Ratschläge befolgt und einen Scan mit Malwarebytes, ESET Online-Scanner und AdwCleaner gemacht. Hier die Logs:

Malwarebytes:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.04.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-LAPTOP [Administrator]

Schutz: Aktiviert

04.08.2012 13:15:41
mbam-log-2012-08-04 (13-15-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 256966
Laufzeit: 1 Stunde(n), 9 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\***\AppData\Local\Temp\BI_RunOnce.exe (PUP.BundleInstaller.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\Downloads\SoftonicDownloader_fuer_sks-screenlineal.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\Downloads\VirtualWifiRouter_2.0.1.5_Installer.exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

ESET Online-Scanner

Code:

ATTFilter

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7587c60998dcc342a320558a5772327b
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-04 02:44:00
# local_time=2012-08-04 04:44:00 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 18647704 18647704 0 0
# compatibility_mode=5893 16776573 100 94 64245 95716841 0 0
# compatibility_mode=8192 67108863 100 0 837 837 0 0
# scanned=76776
# found=1
# cleaned=0
# scan_time=5790
C:\Users\***\AppData\Local\Temp\MyBabylonTB.exe	Win32/Toolbar.Babylon application (unable to clean)	00000000000000000000000000000000	I

AdwCleaner

Code:

ATTFilter

# AdwCleaner v1.800 - Logfile created 08/04/2012 at 16:53:30
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : *** - ***-LAPTOP
# Running from : C:\Users\***\Downloads\adwcleaner (1).exe
# Option [Search]


***** [Services] *****

Found : Web Assistant Updater

***** [Files / Folders] *****

Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\Program Files\Web Assistant

***** [Registry] *****

Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Found : HKLM\SOFTWARE\Web Assistant
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0 (de)

Profile name : default 
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\u6zm706k.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "MyStart Search");
Found : user_pref("extensions.incredibar.admin", false);
Found : user_pref("extensions.incredibar.aflt", "orgnl");
Found : user_pref("extensions.incredibar.cntry", "DE");
Found : user_pref("extensions.incredibar.dfltLng", "");
Found : user_pref("extensions.incredibar.dfltSrch", false);
Found : user_pref("extensions.incredibar.did", "10643");
Found : user_pref("extensions.incredibar.envrmnt", "production");
Found : user_pref("extensions.incredibar.excTlbr", false);
Found : user_pref("extensions.incredibar.hdrMd5", "93BA9E37133E3E29DF5142EE8043E77B");
Found : user_pref("extensions.incredibar.hmpg", false);
Found : user_pref("extensions.incredibar.id", "0297891e000000000000ec55f924372e");
Found : user_pref("extensions.incredibar.installerproductid", "26");
Found : user_pref("extensions.incredibar.instlDay", "15488");
Found : user_pref("extensions.incredibar.instlRef", "");
Found : user_pref("extensions.incredibar.isDcmntCmplt", true);
Found : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1416:03:47");
Found : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Found : user_pref("extensions.incredibar.newTab", false);
Found : user_pref("extensions.incredibar.noFFXTlbr", false);
Found : user_pref("extensions.incredibar.ppd", "1");
Found : user_pref("extensions.incredibar.prdct", "incredibar");
Found : user_pref("extensions.incredibar.productid", "26");
Found : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar.sg", "none");
Found : user_pref("extensions.incredibar.smplGrp", "none");
Found : user_pref("extensions.incredibar.tlbrId", "base");
Found : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQyLaIoLt&loc=IB_T[...]
Found : user_pref("extensions.incredibar.upn2", "6PQyLaIoLt");
Found : user_pref("extensions.incredibar.upn2n", "92542963046531775");
Found : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1416:03:47");
Found : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Found : user_pref("extensions.incredibar_i.dfltLng", "");
Found : user_pref("extensions.incredibar_i.did", "10643");
Found : user_pref("extensions.incredibar_i.excTlbr", false);
Found : user_pref("extensions.incredibar_i.id", "0297891e000000000000ec55f924372e");
Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Found : user_pref("extensions.incredibar_i.instlDay", "15488");
Found : user_pref("extensions.incredibar_i.instlRef", "");
Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Found : user_pref("extensions.incredibar_i.newTab", false);
Found : user_pref("extensions.incredibar_i.ppd", "1");
Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Found : user_pref("extensions.incredibar_i.productid", "26");
Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Found : user_pref("extensions.incredibar_i.tlbrId", "base");
Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQyLaIoLt&loc=IB[...]
Found : user_pref("extensions.incredibar_i.upn2", "6PQyLaIoLt");
Found : user_pref("extensions.incredibar_i.upn2n", "92542963046531775");
Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1416:03:47");
Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Found : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb143/?loc=IB_DS&a=6PQyLaIoLt&&i=26&search="[...]
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://us.yhs4.search.y[...]
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.sear[...]
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

*************************

AdwCleaner[R1].txt - [6566 octets] - [04/08/2012 16:53:30]

########## EOF - C:\AdwCleaner[R1].txt - [6694 octets] ##########

Endgültig elöscht habe ich bisher noch nichts. Welche Schritte sollte ich als nächstes unternehmen. Über Hilfe wäre ich sehr dankbar.

Hallo,

ich habe mittlerweile in adwCleaner Delete ausgeführt. Das oben beschriebene Problem der Weiterleitung in Firefox tritt seither nicht mehr auf.
Hier ist der Log von adwcleaner:

Code:

ATTFilter

# AdwCleaner v1.800 - Logfile created 08/05/2012 at 13:15:26
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : *** - ***-LAPTOP
# Running from : C:\Users\***\Downloads\adwcleaner (1).exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Web Assistant Updater

***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Program Files\Web Assistant

***** [Registry] *****

Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0 (de)

Profile name : default 
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\u6zm706k.default\prefs.js

C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\u6zm706k.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "MyStart Search");
Deleted : user_pref("extensions.incredibar.admin", false);
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.cntry", "DE");
Deleted : user_pref("extensions.incredibar.dfltLng", "");
Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Deleted : user_pref("extensions.incredibar.did", "10643");
Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Deleted : user_pref("extensions.incredibar.excTlbr", false);
Deleted : user_pref("extensions.incredibar.hdrMd5", "93BA9E37133E3E29DF5142EE8043E77B");
Deleted : user_pref("extensions.incredibar.hmpg", false);
Deleted : user_pref("extensions.incredibar.id", "0297891e000000000000ec55f924372e");
Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Deleted : user_pref("extensions.incredibar.instlDay", "15488");
Deleted : user_pref("extensions.incredibar.instlRef", "");
Deleted : user_pref("extensions.incredibar.isDcmntCmplt", true);
Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1416:03:47");
Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Deleted : user_pref("extensions.incredibar.newTab", false);
Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Deleted : user_pref("extensions.incredibar.ppd", "1");
Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar.productid", "26");
Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar.sg", "none");
Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQyLaIoLt&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.upn2", "6PQyLaIoLt");
Deleted : user_pref("extensions.incredibar.upn2n", "92542963046531775");
Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1416:03:47");
Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10643");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "0297891e000000000000ec55f924372e");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15488");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "1");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQyLaIoLt&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6PQyLaIoLt");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92542963046531775");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1416:03:47");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb143/?loc=IB_DS&a=6PQyLaIoLt&&i=26&search="[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://us.yhs4.search.y[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.sear[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

*************************

AdwCleaner[R1].txt - [6695 octets] - [04/08/2012 16:53:30]
AdwCleaner[S1].txt - [267 octets] - [05/08/2012 13:14:21]
AdwCleaner[R2].txt - [6814 octets] - [05/08/2012 13:15:00]
AdwCleaner[S2].txt - [7017 octets] - [05/08/2012 13:15:26]

########## EOF - C:\AdwCleaner[S2].txt - [7145 octets] ##########

Weiterhin habe ich, wie unter "Anweisungen an alle Hilfesuchenden" beschrieben, (nach dem Löschen) zuerst Defogger und dann OTL ausgeführt.
Dies ist der Inhalt der Datei OTL.txt:

Code:

ATTFilter

OTL logfile created on: 05.08.2012 14:42:57 - Run 3
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\***\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,09 Mb Total Physical Memory | 393,30 Mb Available Physical Memory | 38,82% Memory free
1,99 Gb Paging File | 1,24 Gb Available in Paging File | 62,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219,79 Gb Total Space | 191,16 Gb Free Space | 86,97% Space Free | Partition Type: NTFS
 
Computer Name: ***-LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.05 13:36:47 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.05.24 19:14:42 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.05.24 19:14:34 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.05.09 09:47:54 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Programme\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012.05.08 20:59:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 20:59:14 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.08 20:59:13 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 20:59:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) -- C:\Programme\Skype\Updater\Updater.exe
PRC - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.01.03 21:49:25 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LMworker.exe
PRC - [2012.01.03 21:49:23 | 000,968,272 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2012.01.03 21:49:22 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\dsiwmis.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.25 10:50:50 | 000,270,672 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe
PRC - [2011.08.25 10:50:50 | 000,153,424 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.10.13 11:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.10.13 11:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.16 00:13:05 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
MOD - [2012.06.16 00:04:21 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012.06.16 00:03:33 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012.06.16 00:02:57 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012.06.16 00:02:50 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
MOD - [2012.06.07 13:22:24 | 000,115,137 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
MOD - [2012.05.31 18:32:15 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll
MOD - [2012.05.31 18:21:11 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.31 18:20:46 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012.05.31 18:14:52 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012.05.31 18:14:49 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll
MOD - [2012.05.31 18:14:38 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012.05.31 18:14:19 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012.05.31 18:13:59 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2012.05.24 19:14:42 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012.03.16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Programme\Evernote\Evernote\libtidy.dll
MOD - [2012.03.16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Programme\Evernote\Evernote\libxml2.dll
MOD - [2012.01.03 21:49:20 | 000,072,200 | ---- | M] () -- C:\Programme\Launch Manager\CdDirIo.dll
MOD - [2011.08.25 10:50:50 | 000,153,424 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.08.03 21:59:37 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.09 23:49:52 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 20:59:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 20:59:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.03 21:49:22 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Programme\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.25 10:50:50 | 000,270,672 | ---- | M] () [Auto | Running] -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.11.20 23:29:25 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.11.20 23:29:25 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.20 23:29:25 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009.10.13 11:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.08 20:59:18 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 20:59:18 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.06.02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.06.02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.06.02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011.03.26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2011.03.26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2011.03.26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2011.03.26 10:37:12 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.20 15:10:32 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DB D5 1F 8F B5 3A CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.09 23:49:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.09 23:49:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.01.01 21:09:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.07.31 18:25:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u6zm706k.default\extensions
[2012.01.01 21:08:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.09 10:38:50 | 000,151,256 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U6ZM706K.DEFAULT\EXTENSIONS\CK@EVERYGAIN.COM.XPI
[2012.06.09 23:49:52 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.02.03 19:19:14 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.03 19:19:14 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.03 19:19:14 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.03 19:19:14 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.03 19:19:14 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.03 19:19:14 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe ()
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Programme\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\p***cies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\p***cies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A72D8500-FC25-4428-9736-D3A72E78F8B1}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEA80291-5017-4E08-B3FF-C4C3EBB297F9}: NameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5491EA8-971B-424C-BD1A-317C3849F3FD}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.05 13:34:02 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.08.05 13:21:14 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012.08.04 14:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.08.04 14:53:01 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2012.08.04 13:08:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.08.04 13:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.04 13:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.04 13:08:20 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.04 13:08:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.01 20:50:22 | 000,000,000 | ---D | C] -- C:\UserData
[2012.07.31 18:22:55 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbser6k.sys
[2012.07.31 18:22:55 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbnmea.sys
[2012.07.31 18:22:55 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys
[2012.07.31 18:22:55 | 000,009,216 | ---- | C] (MBB Incorporated) -- C:\Windows\System32\drivers\massfilter.sys
[2012.07.31 18:22:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\SupportAppCB
[2012.07.31 18:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick
[2012.07.31 18:22:27 | 000,000,000 | ---D | C] -- C:\Program Files\1&1 Surf-Stick
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.05 14:49:02 | 000,017,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.05 14:49:02 | 000,017,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.05 14:48:33 | 000,724,098 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.05 14:48:33 | 000,673,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.05 14:48:33 | 000,154,040 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.05 14:48:33 | 000,125,620 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.05 14:41:20 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.05 14:41:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.05 14:41:02 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.05 14:37:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.05 14:08:22 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.05 13:39:47 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.08.05 13:36:47 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.08.05 13:36:15 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\gxlkpumd.exe
[2012.08.04 16:52:58 | 000,614,903 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner (1).exe
[2012.08.04 13:08:23 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.02 20:44:55 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.08.01 20:57:07 | 000,302,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.31 18:22:43 | 000,001,708 | ---- | M] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk
 
========== Files Created - No Company Name ==========
 
[2012.08.05 13:39:47 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.08.05 13:35:30 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\gxlkpumd.exe
[2012.08.04 16:51:33 | 000,614,903 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner (1).exe
[2012.08.04 13:08:23 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.02 20:44:55 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.08.01 20:50:22 | 000,000,557 | ---- | C] () -- C:\NetworkCfg.xml
[2012.07.31 18:22:28 | 000,001,708 | ---- | C] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk
[2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.01.03 21:50:39 | 000,000,000 | ---- | C] () -- C:\Windows\Setup.INI
[2012.01.01 21:26:23 | 000,247,560 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2012.01.01 21:26:23 | 000,037,468 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT
[2012.01.01 21:26:23 | 000,001,448 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2012.01.01 21:26:23 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat
[2012.01.01 21:26:23 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2012.01.01 21:26:23 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2012.01.01 21:26:23 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2012.01.01 21:26:23 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2012.01.01 21:26:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2012.01.01 20:52:54 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010.11.21 02:46:14 | 000,724,098 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.11.21 02:46:14 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.11.21 02:46:14 | 000,154,040 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.11.21 02:46:14 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
 
========== LOP Check ==========
 
[2012.05.20 16:30:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Iconico
[2012.03.13 18:53:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.05.20 16:56:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Keseling
[2012.01.01 21:35:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Liteon
[2012.05.31 23:27:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.03.24 17:14:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.06.07 13:28:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp
[2012.04.19 16:23:11 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

Ein txt-file mit Namen Extras wurde bei diesem Scan nicht erstellt. Allerdings habe ich gestern, bevor ich irgendetwas anderes gemacht hatte, schoneinmal einen Scan durchgeführt. Dabei wurde eine Datei Extras.txt generiert. Falls er dienlich sein sollte, hier der Inhalt:

Code:

ATTFilter

OTL Extras logfile created on: 02.08.2012 21:01:47 - Run 1
OTL by OldTimer - Version 3.2.55.0     Folder = C:\Users\***\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,09 Mb Total Physical Memory | 461,38 Mb Available Physical Memory | 45,54% Memory free
1,99 Gb Paging File | 1,10 Gb Available in Paging File | 55,35% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219,79 Gb Total Space | 191,24 Gb Free Space | 87,01% Space Free | Partition Type: NTFS
 
Computer Name: ***-LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallP***cy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallP***cy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallP***cy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallP***cy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallP***cy\FirewallRules]
"{100393F0-0F7A-473E-AA9E-4634BB0A08A5}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{15431C4C-60F8-47CA-998E-2CFDE7671D05}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{2DC74927-650E-47EF-B147-51A30D98F0F1}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{40C93472-B228-4C34-9517-692BF9E3FC33}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe | 
"{499B7011-77CB-43DB-894F-12D1E67DD06E}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{771D6378-CBC1-4504-8609-BA625561543A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{9B237E42-1D1E-454C-B698-2CD5DB72A276}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{E836276C-FD99-4E6C-8F9F-88342F4CD92F}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{F0C2C165-829A-4826-9944-45B7D2349E7A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java(TM) 7 Update 5
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.440
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{51F026FA-5146-4232-A8BA-1364740BD053}" = Acer Crystal Eye webcam
"{5542B6FC-191D-4D38-A4AF-BED6451A038B}" = Google Drive
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1F7C704-99F2-11E1-9C74-984BE15F174E}" = Evernote v. 4.5.6
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"IrfanView" = IrfanView (remove only)
"LManager" = Launch Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 13.0 (x86 de)" = Mozilla Firefox 13.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 7" = TeamViewer 7
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.07.2012 13:37:13 | Computer Name = ***-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.07.2012 13:30:48 | Computer Name = ***-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.07.2012 12:11:01 | Computer Name = ***-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 31.07.2012 12:21:58 | Computer Name = ***-Laptop | Source = VSS | ID = 8194
Description = 
 
Error - 31.07.2012 12:23:43 | Computer Name = ***-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\1&1
 Surf-Stick\Component\BKATProtocol.dll".  Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 31.07.2012 12:23:43 | Computer Name = ***-Laptop | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\1&1
 Surf-Stick\Component\BKATProtocol.dll".  Die abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 01.08.2012 14:50:20 | Computer Name = ***-Laptop | Source = RasClient | ID = 20227
Description = 
 
Error - 01.08.2012 14:50:28 | Computer Name = ***-Laptop | Source = Windows Search Service | ID = 3007
Description = 
 
Error - 01.08.2012 14:58:39 | Computer Name = ***-Laptop | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.08.2012 12:06:03 | Computer Name = ***-Laptop | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 16.05.2012 08:25:41 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst IPBusEnum erreicht.
 
Error - 17.05.2012 14:03:24 | Computer Name = ***-Laptop | Source = DCOM | ID = 10016
Description = 
 
Error - 18.05.2012 03:35:09 | Computer Name = ***-Laptop | Source = DCOM | ID = 10016
Description = 
 
Error - 18.05.2012 16:07:56 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst IPBusEnum erreicht.
 
Error - 18.05.2012 17:17:13 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
Error - 18.05.2012 19:38:39 | Computer Name = ***-Laptop | Source = DCOM | ID = 10005
Description = 
 
Error - 18.05.2012 19:38:38 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7038
Description = Der Dienst "upnphost" konnte sich nicht als "NT AUTHORITY\LocalService"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1352    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 18.05.2012 19:38:38 | Computer Name = ***-Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1069
 
Error - 19.05.2012 02:59:34 | Computer Name = ***-Laptop | Source = DCOM | ID = 10016
Description = 
 
Error - 19.05.2012 03:25:20 | Computer Name = ***-Laptop | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >

Abschließend habe ich noch einen Scan mit GMER gemacht:

Code:

ATTFilter

GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-05 14:31:46
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 ST925031 rev.0001
Running: gxlkpumd.exe; Driver: C:\Users\***\AppData\Local\Temp\pwloikow.sys


---- System - GMER 1.0.15 ----

SSDT            8A9B0FC6                                                                                               ZwCreateSection
SSDT            8A9B0FD0                                                                                               ZwRequestWaitReplyPort
SSDT            8A9B0FCB                                                                                               ZwSetContextThread
SSDT            8A9B0FD5                                                                                               ZwSetSecurityObject
SSDT            8A9B0FDA                                                                                               ZwSystemDebugControl
SSDT            8A9B0F67                                                                                               ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                               81A513C9 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                 81A8AD52 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                    81A91EAC 4 Bytes  [C6, 0F, 9B, 8A]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                    81A92208 4 Bytes  [D0, 0F, 9B, 8A]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                    81A9224C 4 Bytes  [CB, 0F, 9B, 8A]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                    81A922C8 4 Bytes  [D5, 0F, 9B, 8A]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                    81A9231C 4 Bytes  [DA, 0F, 9B, 8A]
.text           ...                                                                                                    

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[2176] ntdll.dll!DbgUiRemoteBreakin  7720F17D 1 Byte  [C3]

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass1                                                                Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation)

Device          \Driver\ACPI_HAL \Device\00000048                                                                      halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device          \FileSystem\MBAMProtector \Device\MBAMProtector                                                        A8AFA490

---- EOF - GMER 1.0.15 ----

Kann ich mich nun sicher fühlen, oder ist noch was zu tun? Sollte ich die von Eset gefundene Babylon Toolbar ebenfalls löschen? Vielen Dank für Eure Hilfe,

Gruß
Krabat

cosinus · 06.08.2012, 19:24

Code:

ATTFilter

C:\Users\***\Downloads\SoftonicDownloader_fuer_sks-screenlineal.exe

Das hat man davon wenn man den Müll von Softonic runterlädt!
Vermüllte Software von Softonic scheint gerade stark in Mode zu sein!

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

krabat · 07.08.2012, 17:41

Zitat:

Zitat von cosinus

Code:

ATTFilter

C:\Users\***\Downloads\SoftonicDownloader_fuer_sks-screenlineal.exe

Das hat man davon wenn man den Müll von Softonic runterlädt!
Vermüllte Software von Softonic scheint gerade stark in Mode zu sein!

Finger weg von Softonic!!

Ja, das habe ich nun auch heraus gefunden.

Zitat:

Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Das sind alle verfügbaren Logdateien:

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.04.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-LAPTOP [Administrator]

Schutz: Aktiviert

04.08.2012 13:15:41
mbam-log-2012-08-04 (13-15-41).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 256966
Laufzeit: 1 Stunde(n), 9 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 3
C:\Users\***\AppData\Local\Temp\BI_RunOnce.exe (PUP.BundleInstaller.Somoto) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\Downloads\SoftonicDownloader_fuer_sks-screenlineal.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\Downloads\VirtualWifiRouter_2.0.1.5_Installer.exe (PUP.BundleInstaller.BI) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Code:

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.04.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
*** :: ***-LAPTOP [Administrator]

Schutz: Aktiviert

04.08.2012 21:18:42
mbam-log-2012-08-04 (21-18-42).txt

Art des Suchlaufs: Flash-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Registrierung | Dateisystem | P2P
Durchsuchte Objekte: 143020
Laufzeit: 3 Minute(n), 47 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Ich habe das Programm erst am 4.8.12 neu installiert.

Gruß krabat

cosinus · 08.08.2012, 18:38

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

krabat · 08.08.2012, 21:06

Hallo cosinus,
danke für deine Antwort.
AdwCleaner hatte ich schon ausgeführt (siehe erster Beitrag, viertes Feld). Ich kopiere es nochmals rein:

Code:

ATTFilter

# AdwCleaner v1.800 - Logfile created 08/04/2012 at 16:53:30
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : *** - ***-LAPTOP
# Running from : C:\Users\***\Downloads\adwcleaner (1).exe
# Option [Search]


***** [Services] *****

Found : Web Assistant Updater

***** [Files / Folders] *****

Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\Program Files\Web Assistant

***** [Registry] *****

Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Softonic
Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Found : HKLM\SOFTWARE\Web Assistant
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0 (de)

Profile name : default 
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\u6zm706k.default\prefs.js

Found : user_pref("browser.search.defaultenginename", "MyStart Search");
Found : user_pref("extensions.incredibar.admin", false);
Found : user_pref("extensions.incredibar.aflt", "orgnl");
Found : user_pref("extensions.incredibar.cntry", "DE");
Found : user_pref("extensions.incredibar.dfltLng", "");
Found : user_pref("extensions.incredibar.dfltSrch", false);
Found : user_pref("extensions.incredibar.did", "10643");
Found : user_pref("extensions.incredibar.envrmnt", "production");
Found : user_pref("extensions.incredibar.excTlbr", false);
Found : user_pref("extensions.incredibar.hdrMd5", "93BA9E37133E3E29DF5142EE8043E77B");
Found : user_pref("extensions.incredibar.hmpg", false);
Found : user_pref("extensions.incredibar.id", "0297891e000000000000ec55f924372e");
Found : user_pref("extensions.incredibar.installerproductid", "26");
Found : user_pref("extensions.incredibar.instlDay", "15488");
Found : user_pref("extensions.incredibar.instlRef", "");
Found : user_pref("extensions.incredibar.isDcmntCmplt", true);
Found : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1416:03:47");
Found : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Found : user_pref("extensions.incredibar.newTab", false);
Found : user_pref("extensions.incredibar.noFFXTlbr", false);
Found : user_pref("extensions.incredibar.ppd", "1");
Found : user_pref("extensions.incredibar.prdct", "incredibar");
Found : user_pref("extensions.incredibar.productid", "26");
Found : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar.sg", "none");
Found : user_pref("extensions.incredibar.smplGrp", "none");
Found : user_pref("extensions.incredibar.tlbrId", "base");
Found : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQyLaIoLt&loc=IB_T[...]
Found : user_pref("extensions.incredibar.upn2", "6PQyLaIoLt");
Found : user_pref("extensions.incredibar.upn2n", "92542963046531775");
Found : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1416:03:47");
Found : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Found : user_pref("extensions.incredibar_i.dfltLng", "");
Found : user_pref("extensions.incredibar_i.did", "10643");
Found : user_pref("extensions.incredibar_i.excTlbr", false);
Found : user_pref("extensions.incredibar_i.id", "0297891e000000000000ec55f924372e");
Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Found : user_pref("extensions.incredibar_i.instlDay", "15488");
Found : user_pref("extensions.incredibar_i.instlRef", "");
Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Found : user_pref("extensions.incredibar_i.newTab", false);
Found : user_pref("extensions.incredibar_i.ppd", "1");
Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Found : user_pref("extensions.incredibar_i.productid", "26");
Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Found : user_pref("extensions.incredibar_i.tlbrId", "base");
Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQyLaIoLt&loc=IB[...]
Found : user_pref("extensions.incredibar_i.upn2", "6PQyLaIoLt");
Found : user_pref("extensions.incredibar_i.upn2n", "92542963046531775");
Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1416:03:47");
Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Found : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb143/?loc=IB_DS&a=6PQyLaIoLt&&i=26&search="[...]
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://us.yhs4.search.y[...]
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.sear[...]
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

*************************

AdwCleaner[R1].txt - [6566 octets] - [04/08/2012 16:53:30]

########## EOF - C:\AdwCleaner[R1].txt - [6694 octets] ##########

Gruß
krabat

cosinus · 09.08.2012, 15:43

Kannst du damit einen neuen Suchlauf starten?

krabat · 09.08.2012, 17:19

Neuer Suchlauf:

Code:

ATTFilter

# AdwCleaner v1.800 - Logfile created 08/09/2012 at 18:15:16
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : *** - ***-LAPTOP
# Running from : C:\Users\***\Desktop\adwcleaner (1).exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\ProgramData\boost_interprocess

***** [Registry] *****

Key Found : HKCU\Software\Ask.com.tmp

***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0 (de)

Profile name : default 
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\u6zm706k.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6695 octets] - [04/08/2012 16:53:30]
AdwCleaner[S1].txt - [267 octets] - [05/08/2012 13:14:21]
AdwCleaner[R2].txt - [6814 octets] - [05/08/2012 13:15:00]
AdwCleaner[S2].txt - [7146 octets] - [05/08/2012 13:15:26]
AdwCleaner[R3].txt - [1156 octets] - [09/08/2012 18:14:18]
AdwCleaner[R4].txt - [1085 octets] - [09/08/2012 18:15:16]

########## EOF - C:\AdwCleaner[R4].txt - [1213 octets] ##########

cosinus · 10.08.2012, 20:07

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

krabat · 10.08.2012, 20:40

Hier der Inhalt der Textdatei:

Code:

ATTFilter

# AdwCleaner v1.800 - Logfile created 08/10/2012 at 21:34:55
# Updated 01/08/2012 by Xplode
# Operating system : Windows 7 Starter Service Pack 1 (32 bits)
# User : *** - ***-LAPTOP
# Running from : C:\Users\***\Desktop\adwcleaner (1).exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\ProgramData\boost_interprocess

***** [Registry] *****


***** [Registre - GUID] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0 (de)

Profile name : default 
File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\u6zm706k.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [6695 octets] - [04/08/2012 16:53:30]
AdwCleaner[S1].txt - [267 octets] - [05/08/2012 13:14:21]
AdwCleaner[R2].txt - [6814 octets] - [05/08/2012 13:15:00]
AdwCleaner[S2].txt - [7146 octets] - [05/08/2012 13:15:26]
AdwCleaner[R3].txt - [1156 octets] - [09/08/2012 18:14:18]
AdwCleaner[R4].txt - [1214 octets] - [09/08/2012 18:15:16]
AdwCleaner[S3].txt - [1108 octets] - [10/08/2012 21:34:55]

########## EOF - C:\AdwCleaner[S3].txt - [1236 octets] ##########

cosinus · 11.08.2012, 16:27

Hätte da mal drei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
3.) Das incredizeugs ist nun weg?

krabat · 11.08.2012, 18:18

1) Ja
2) Nein. Alles vorhanden.
3) Ja

cosinus · 11.08.2012, 19:48

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

ATTFilter

 hier steht das Log

CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:

ATTFilter

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

krabat · 11.08.2012, 21:39

Hier das Logfile:

Code:

ATTFilter

OTL logfile created on: 11.08.2012 21:37:47 - Run 4
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\***\Desktop
 Starter Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1013,09 Mb Total Physical Memory | 395,61 Mb Available Physical Memory | 39,05% Memory free
1,99 Gb Paging File | 1,07 Gb Available in Paging File | 53,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 219,79 Gb Total Space | 189,66 Gb Free Space | 86,29% Space Free | Partition Type: NTFS
 
Computer Name: ***-LAPTOP | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.11 19:30:39 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.08.08 20:54:14 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.05.24 19:14:42 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.05.24 19:14:34 | 003,521,464 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.05.09 09:47:54 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Programme\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012.05.08 20:59:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 20:59:14 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.05.08 20:59:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.01.03 21:49:25 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LMworker.exe
PRC - [2012.01.03 21:49:23 | 000,968,272 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.exe
PRC - [2012.01.03 21:49:22 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\dsiwmis.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.25 10:50:50 | 000,270,672 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe
PRC - [2011.08.25 10:50:50 | 000,153,424 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 23:29:19 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009.10.13 11:25:54 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.10.13 11:25:30 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.07.14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.16 00:13:05 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
MOD - [2012.06.16 00:04:21 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012.06.16 00:03:33 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012.06.16 00:02:57 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012.06.16 00:02:50 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
MOD - [2012.06.07 13:22:24 | 000,115,137 | ---- | M] () -- C:\Users\***\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
MOD - [2012.05.31 18:32:15 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll
MOD - [2012.05.31 18:21:11 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.31 18:20:46 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012.05.31 18:14:52 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012.05.31 18:14:49 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll
MOD - [2012.05.31 18:14:38 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012.05.31 18:14:19 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012.05.31 18:13:59 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2012.05.24 19:14:42 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012.03.16 15:42:58 | 000,315,392 | ---- | M] () -- C:\Programme\Evernote\Evernote\libtidy.dll
MOD - [2012.03.16 15:42:56 | 000,433,664 | ---- | M] () -- C:\Programme\Evernote\Evernote\libxml2.dll
MOD - [2012.01.03 21:49:20 | 000,072,200 | ---- | M] () -- C:\Programme\Launch Manager\CdDirIo.dll
MOD - [2011.08.25 10:50:50 | 000,153,424 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.08.11 21:33:02 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.08.03 21:59:37 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.05.08 20:59:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 20:59:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.03 08:31:10 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.01.03 21:49:22 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Programme\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.25 10:50:50 | 000,270,672 | ---- | M] () [Auto | Running] -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service)
SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.11.20 23:29:25 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.11.20 23:29:25 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.20 23:29:25 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\System32\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009.10.13 11:25:30 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.08 20:59:18 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 20:59:18 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.12.15 16:00:00 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.06.02 07:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011.06.02 07:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadbus.sys -- (ssadbus)
DRV - [2011.06.02 07:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV - [2011.03.26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2011.03.26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2011.03.26 10:37:12 | 000,107,776 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2011.03.26 10:37:12 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.05.20 15:10:32 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2009.07.14 02:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1333963626-2189502092-3752770917-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1333963626-2189502092-3752770917-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1333963626-2189502092-3752770917-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1333963626-2189502092-3752770917-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = DB D5 1F 8F B5 3A CD 01  [binary data]
IE - HKU\S-1-5-21-1333963626-2189502092-3752770917-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1333963626-2189502092-3752770917-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1333963626-2189502092-3752770917-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.11 21:33:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.08.11 21:33:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.01.01 21:09:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.07.31 18:25:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\u6zm706k.default\extensions
[2012.01.01 21:08:54 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.06.09 10:38:50 | 000,151,256 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\U6ZM706K.DEFAULT\EXTENSIONS\CK@EVERYGAIN.COM.XPI
[2012.08.11 21:33:04 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.08.11 21:32:57 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.11 21:32:57 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.08.11 21:32:57 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.11 21:32:57 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.11 21:32:57 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.11 21:32:57 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe ()
O4 - HKU\S-1-5-21-1333963626-2189502092-3752770917-1000..\Run: [KiesAirMessage] C:\Program Files\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-1333963626-2189502092-3752770917-1000..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-1333963626-2189502092-3752770917-1000..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Programme\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\p***cies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\p***cies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A72D8500-FC25-4428-9736-D3A72E78F8B1}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DEA80291-5017-4E08-B3FF-C4C3EBB297F9}: NameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5491EA8-971B-424C-BD1A-317C3849F3FD}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.11 19:30:11 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.08.11 19:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2012.08.04 14:53:33 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.08.04 14:53:01 | 000,000,000 | -H-D | C] -- C:\Windows\AxInstSV
[2012.08.04 13:08:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.08.04 13:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.04 13:08:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.04 13:08:20 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.04 13:08:20 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.01 20:50:22 | 000,000,000 | ---D | C] -- C:\UserData
[2012.07.31 18:22:55 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbser6k.sys
[2012.07.31 18:22:55 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbnmea.sys
[2012.07.31 18:22:55 | 000,107,776 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys
[2012.07.31 18:22:55 | 000,009,216 | ---- | C] (MBB Incorporated) -- C:\Windows\System32\drivers\massfilter.sys
[2012.07.31 18:22:29 | 000,000,000 | ---D | C] -- C:\Windows\System32\SupportAppCB
[2012.07.31 18:22:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick
[2012.07.31 18:22:27 | 000,000,000 | ---D | C] -- C:\Program Files\1&1 Surf-Stick
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.11 21:39:40 | 000,017,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.11 21:39:40 | 000,017,328 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.11 21:38:28 | 000,724,098 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.11 21:38:28 | 000,673,704 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.11 21:38:28 | 000,154,040 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.11 21:38:28 | 000,125,620 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.11 21:37:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.11 21:31:52 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.11 21:31:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.11 21:31:36 | 796,729,344 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.11 21:08:01 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.11 19:30:39 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.08.09 18:14:05 | 000,613,029 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner (1).exe
[2012.08.05 13:39:47 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.08.05 13:36:15 | 000,302,592 | ---- | M] () -- C:\Users\***\Desktop\gxlkpumd.exe
[2012.08.04 13:08:23 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.02 20:44:55 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.08.01 20:57:07 | 000,302,320 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.07.31 18:22:43 | 000,001,708 | ---- | M] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk
 
========== Files Created - No Company Name ==========
 
[2012.08.09 18:05:51 | 000,613,029 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner (1).exe
[2012.08.05 13:39:47 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.08.05 13:35:30 | 000,302,592 | ---- | C] () -- C:\Users\***\Desktop\gxlkpumd.exe
[2012.08.04 13:08:23 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.02 20:44:55 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.08.01 20:50:22 | 000,000,557 | ---- | C] () -- C:\NetworkCfg.xml
[2012.07.31 18:22:28 | 000,001,708 | ---- | C] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk
[2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2012.01.03 21:50:39 | 000,000,000 | ---- | C] () -- C:\Windows\Setup.INI
[2012.01.01 21:26:23 | 000,247,560 | ---- | C] () -- C:\Windows\System32\drivers\RTConvEQ.dat
[2012.01.01 21:26:23 | 000,037,468 | ---- | C] () -- C:\Windows\System32\drivers\RtPCEE3.DAT
[2012.01.01 21:26:23 | 000,001,448 | ---- | C] () -- C:\Windows\System32\drivers\RtHdatEx.dat
[2012.01.01 21:26:23 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX3.dat
[2012.01.01 21:26:23 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX2.dat
[2012.01.01 21:26:23 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX1.dat
[2012.01.01 21:26:23 | 000,000,520 | ---- | C] () -- C:\Windows\System32\drivers\RTEQEX0.dat
[2012.01.01 21:26:23 | 000,000,176 | ---- | C] () -- C:\Windows\System32\drivers\RTHDAEQ1.dat
[2012.01.01 21:26:23 | 000,000,024 | ---- | C] () -- C:\Windows\System32\drivers\rtkhdaud.dat
[2012.01.01 20:52:54 | 000,006,656 | ---- | C] () -- C:\Windows\System32\bcmwlrc.dll
[2010.11.21 02:46:14 | 000,724,098 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2010.11.21 02:46:14 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2010.11.21 02:46:14 | 000,154,040 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2010.11.21 02:46:14 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
 
========== LOP Check ==========
 
[2012.05.20 16:30:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Iconico
[2012.03.13 18:53:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.05.20 16:56:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Keseling
[2012.01.01 21:35:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Liteon
[2012.05.31 23:27:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.03.24 17:14:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.06.07 13:28:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp
[2012.04.19 16:23:11 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.01.01 21:48:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe
[2012.01.01 20:18:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira
[2012.05.20 16:30:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Iconico
[2012.01.01 19:27:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities
[2012.01.01 20:22:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield
[2012.03.13 18:53:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2012.05.20 16:56:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Keseling
[2012.01.01 21:35:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Liteon
[2012.01.03 20:04:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia
[2012.08.04 13:08:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2012.01.27 14:22:06 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft
[2012.01.01 21:09:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla
[2012.05.31 23:27:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung
[2012.06.03 11:37:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype
[2012.03.24 17:14:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.06.07 13:28:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Temp
 
< %APPDATA%\*.exe /s >
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2009.10.13 11:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
[2009.10.13 11:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\drivers\iaStor.sys
[2009.10.13 11:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_b12590c8dd605296\iaStor.sys
[2009.10.13 11:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 23:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 23:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 23:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 23:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 23:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 23:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 23:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

cosinus · 11.08.2012, 21:58

Ziemlich unauffällig

Wenn nach dem nächsten Tool nichts mehr ist und du auch keine Probleme mehr hast sollten wir es dabei belassen finde ich

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C

nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

krabat · 11.08.2012, 23:08

Auch hier wurde nichts gefunden:

Code:

ATTFilter

23:52:28.0458 2144	TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
23:52:29.0971 2144	============================================================
23:52:29.0971 2144	Current date / time: 2012/08/11 23:52:29.0971
23:52:29.0971 2144	SystemInfo:
23:52:29.0971 2144	
23:52:29.0971 2144	OS Version: 6.1.7601 ServicePack: 1.0
23:52:29.0971 2144	Product type: Workstation
23:52:29.0971 2144	ComputerName: ***-LAPTOP
23:52:29.0971 2144	UserName: ***
23:52:29.0971 2144	Windows directory: C:\Windows
23:52:29.0971 2144	System windows directory: C:\Windows
23:52:29.0971 2144	Processor architecture: Intel x86
23:52:29.0971 2144	Number of processors: 4
23:52:29.0971 2144	Page size: 0x1000
23:52:29.0971 2144	Boot type: Normal boot
23:52:29.0971 2144	============================================================
23:52:31.0858 2144	Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:52:32.0046 2144	============================================================
23:52:32.0046 2144	\Device\Harddisk0\DR0:
23:52:32.0061 2144	MBR partitions:
23:52:32.0061 2144	\Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x32000
23:52:32.0061 2144	\Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A32800, BlocksNum 0x1B792800
23:52:32.0061 2144	============================================================
23:52:32.0139 2144	C: <-> \Device\Harddisk0\DR0\Partition1
23:52:32.0170 2144	============================================================
23:52:32.0170 2144	Initialize success
23:52:32.0170 2144	============================================================
23:55:43.0458 4848	============================================================
23:55:43.0458 4848	Scan started
23:55:43.0458 4848	Mode: Manual; SigCheck; TDLFS; 
23:55:43.0458 4848	============================================================
23:55:46.0391 4848	1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
23:55:46.0750 4848	1394ohci - ok
23:55:46.0796 4848	ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
23:55:46.0859 4848	ACPI - ok
23:55:46.0906 4848	AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
23:55:46.0984 4848	AcpiPmi - ok
23:55:47.0124 4848	AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:55:47.0155 4848	AdobeARMservice - ok
23:55:47.0264 4848	AdobeFlashPlayerUpdateSvc (f19c98ad81d2c0e1bbfd8153d2c80ee8) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:55:47.0296 4848	AdobeFlashPlayerUpdateSvc - ok
23:55:47.0358 4848	adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\drivers\adp94xx.sys
23:55:47.0436 4848	adp94xx - ok
23:55:47.0483 4848	adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\drivers\adpahci.sys
23:55:47.0561 4848	adpahci - ok
23:55:47.0608 4848	adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\drivers\adpu320.sys
23:55:47.0654 4848	adpu320 - ok
23:55:47.0717 4848	AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
23:55:47.0873 4848	AeLookupSvc - ok
23:55:47.0966 4848	AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
23:55:48.0107 4848	AFD - ok
23:55:48.0200 4848	agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
23:55:48.0247 4848	agp440 - ok
23:55:48.0294 4848	aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\drivers\djsvs.sys
23:55:48.0325 4848	aic78xx - ok
23:55:48.0388 4848	ALG             (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
23:55:48.0466 4848	ALG - ok
23:55:48.0512 4848	aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
23:55:48.0544 4848	aliide - ok
23:55:48.0575 4848	amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
23:55:48.0606 4848	amdagp - ok
23:55:48.0622 4848	amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
23:55:48.0668 4848	amdide - ok
23:55:48.0700 4848	AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\drivers\amdk8.sys
23:55:48.0746 4848	AmdK8 - ok
23:55:48.0762 4848	AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\drivers\amdppm.sys
23:55:48.0824 4848	AmdPPM - ok
23:55:48.0871 4848	amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
23:55:48.0918 4848	amdsata - ok
23:55:48.0965 4848	amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\drivers\amdsbs.sys
23:55:49.0027 4848	amdsbs - ok
23:55:49.0043 4848	amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
23:55:49.0090 4848	amdxata - ok
23:55:49.0168 4848	AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
23:55:49.0214 4848	AntiVirSchedulerService - ok
23:55:49.0261 4848	AntiVirService  (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
23:55:49.0292 4848	AntiVirService - ok
23:55:49.0370 4848	AppHostSvc      (d1af38fbac0dc7e6d796b0ed01707ee0) C:\Windows\system32\inetsrv\apphostsvc.dll
23:55:49.0448 4848	AppHostSvc - ok
23:55:49.0495 4848	AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
23:55:49.0589 4848	AppID - ok
23:55:49.0636 4848	AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
23:55:49.0745 4848	AppIDSvc - ok
23:55:49.0792 4848	Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
23:55:49.0916 4848	Appinfo - ok
23:55:49.0948 4848	arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\drivers\arc.sys
23:55:49.0994 4848	arc - ok
23:55:50.0026 4848	arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\drivers\arcsas.sys
23:55:50.0072 4848	arcsas - ok
23:55:50.0135 4848	AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
23:55:50.0275 4848	AsyncMac - ok
23:55:50.0322 4848	atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
23:55:50.0369 4848	atapi - ok
23:55:50.0447 4848	AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
23:55:50.0556 4848	AudioEndpointBuilder - ok
23:55:50.0572 4848	Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
23:55:50.0665 4848	Audiosrv - ok
23:55:50.0712 4848	avgntflt        (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
23:55:50.0790 4848	avgntflt - ok
23:55:50.0837 4848	avipbb          (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
23:55:50.0884 4848	avipbb - ok
23:55:50.0899 4848	avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
23:55:50.0962 4848	avkmgr - ok
23:55:50.0993 4848	AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
23:55:51.0118 4848	AxInstSV - ok
23:55:51.0180 4848	b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\drivers\bxvbdx.sys
23:55:51.0274 4848	b06bdrv - ok
23:55:51.0320 4848	b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
23:55:51.0398 4848	b57nd60x - ok
23:55:51.0648 4848	BCM43XX         (f4d388dc3ff004aee886762d5cec7783) C:\Windows\system32\DRIVERS\bcmwl6.sys
23:55:51.0851 4848	BCM43XX - ok
23:55:51.0991 4848	BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
23:55:52.0054 4848	BDESVC - ok
23:55:52.0116 4848	Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
23:55:52.0210 4848	Beep - ok
23:55:52.0288 4848	BFE             (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
23:55:52.0397 4848	BFE - ok
23:55:52.0459 4848	BITS            (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
23:55:52.0568 4848	BITS - ok
23:55:52.0584 4848	blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
23:55:52.0662 4848	blbdrive - ok
23:55:52.0709 4848	bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
23:55:52.0756 4848	bowser - ok
23:55:52.0787 4848	BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\BrFiltLo.sys
23:55:52.0849 4848	BrFiltLo - ok
23:55:52.0896 4848	BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\BrFiltUp.sys
23:55:52.0958 4848	BrFiltUp - ok
23:55:53.0021 4848	Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
23:55:53.0114 4848	Browser - ok
23:55:53.0177 4848	Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
23:55:53.0239 4848	Brserid - ok
23:55:53.0270 4848	BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
23:55:53.0333 4848	BrSerWdm - ok
23:55:53.0364 4848	BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
23:55:53.0426 4848	BrUsbMdm - ok
23:55:53.0442 4848	BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
23:55:53.0504 4848	BrUsbSer - ok
23:55:53.0536 4848	BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\drivers\bthmodem.sys
23:55:53.0598 4848	BTHMODEM - ok
23:55:53.0660 4848	bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
23:55:53.0754 4848	bthserv - ok
23:55:53.0785 4848	cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
23:55:53.0879 4848	cdfs - ok
23:55:53.0910 4848	cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys
23:55:53.0988 4848	cdrom - ok
23:55:54.0019 4848	CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
23:55:54.0128 4848	CertPropSvc - ok
23:55:54.0144 4848	circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\drivers\circlass.sys
23:55:54.0191 4848	circlass - ok
23:55:54.0238 4848	CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
23:55:54.0284 4848	CLFS - ok
23:55:54.0378 4848	clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:55:54.0409 4848	clr_optimization_v2.0.50727_32 - ok
23:55:54.0487 4848	clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:55:54.0518 4848	clr_optimization_v4.0.30319_32 - ok
23:55:54.0550 4848	CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
23:55:54.0612 4848	CmBatt - ok
23:55:54.0628 4848	cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
23:55:54.0659 4848	cmdide - ok
23:55:54.0721 4848	CNG             (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
23:55:54.0815 4848	CNG - ok
23:55:54.0846 4848	Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
23:55:54.0893 4848	Compbatt - ok
23:55:54.0908 4848	CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\DRIVERS\CompositeBus.sys
23:55:54.0971 4848	CompositeBus - ok
23:55:54.0986 4848	COMSysApp - ok
23:55:55.0018 4848	crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\drivers\crcdisk.sys
23:55:55.0064 4848	crcdisk - ok
23:55:55.0127 4848	CryptSvc        (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
23:55:55.0205 4848	CryptSvc - ok
23:55:55.0267 4848	DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
23:55:55.0376 4848	DcomLaunch - ok
23:55:55.0423 4848	defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
23:55:55.0532 4848	defragsvc - ok
23:55:55.0564 4848	DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
23:55:55.0673 4848	DfsC - ok
23:55:55.0735 4848	Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
23:55:55.0829 4848	Dhcp - ok
23:55:55.0860 4848	discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
23:55:55.0954 4848	discache - ok
23:55:56.0000 4848	Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\drivers\disk.sys
23:55:56.0032 4848	Disk - ok
23:55:56.0078 4848	Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
23:55:56.0156 4848	Dnscache - ok
23:55:56.0219 4848	dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
23:55:56.0328 4848	dot3svc - ok
23:55:56.0359 4848	DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
23:55:56.0468 4848	DPS - ok
23:55:56.0500 4848	drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
23:55:56.0546 4848	drmkaud - ok
23:55:56.0656 4848	DsiWMIService   (1fca854cedfc2ccd0c22e46ea4ea18f1) C:\Program Files\Launch Manager\dsiwmis.exe
23:55:56.0734 4848	DsiWMIService - ok
23:55:56.0812 4848	DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
23:55:56.0890 4848	DXGKrnl - ok
23:55:56.0921 4848	EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
23:55:57.0046 4848	EapHost - ok
23:55:57.0264 4848	ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\drivers\evbdx.sys
23:55:57.0436 4848	ebdrv - ok
23:55:57.0545 4848	EFS             (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
23:55:57.0607 4848	EFS - ok
23:55:57.0701 4848	elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\drivers\elxstor.sys
23:55:57.0779 4848	elxstor - ok
23:55:57.0810 4848	ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
23:55:57.0857 4848	ErrDev - ok
23:55:57.0935 4848	EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
23:55:58.0060 4848	EventSystem - ok
23:55:58.0106 4848	exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
23:55:58.0200 4848	exfat - ok
23:55:58.0231 4848	fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
23:55:58.0325 4848	fastfat - ok
23:55:58.0387 4848	Fax             (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
23:55:58.0481 4848	Fax - ok
23:55:58.0512 4848	fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\drivers\fdc.sys
23:55:58.0574 4848	fdc - ok
23:55:58.0606 4848	fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
23:55:58.0699 4848	fdPHost - ok
23:55:58.0715 4848	FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
23:55:58.0808 4848	FDResPub - ok
23:55:58.0824 4848	FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
23:55:58.0855 4848	FileInfo - ok
23:55:58.0886 4848	Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
23:55:58.0980 4848	Filetrace - ok
23:55:58.0996 4848	flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\drivers\flpydisk.sys
23:55:59.0058 4848	flpydisk - ok
23:55:59.0120 4848	FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
23:55:59.0167 4848	FltMgr - ok
23:55:59.0245 4848	FontCache       (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
23:55:59.0339 4848	FontCache - ok
23:55:59.0417 4848	FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:55:59.0448 4848	FontCache3.0.0.0 - ok
23:55:59.0479 4848	FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
23:55:59.0510 4848	FsDepends - ok
23:55:59.0557 4848	Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
23:55:59.0588 4848	Fs_Rec - ok
23:55:59.0651 4848	fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
23:55:59.0713 4848	fvevol - ok
23:55:59.0760 4848	gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\drivers\gagp30kx.sys
23:55:59.0791 4848	gagp30kx - ok
23:55:59.0854 4848	gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
23:55:59.0978 4848	gpsvc - ok
23:56:00.0088 4848	gupdate         (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
23:56:00.0119 4848	gupdate - ok
23:56:00.0134 4848	gupdatem        (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
23:56:00.0166 4848	gupdatem - ok
23:56:00.0197 4848	hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
23:56:00.0259 4848	hcw85cir - ok
23:56:00.0322 4848	HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
23:56:00.0400 4848	HdAudAddService - ok
23:56:00.0462 4848	HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:56:00.0509 4848	HDAudBus - ok
23:56:00.0524 4848	HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\drivers\HidBatt.sys
23:56:00.0571 4848	HidBatt - ok
23:56:00.0602 4848	HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\drivers\hidbth.sys
23:56:00.0665 4848	HidBth - ok
23:56:00.0680 4848	HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\drivers\hidir.sys
23:56:00.0743 4848	HidIr - ok
23:56:00.0805 4848	hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
23:56:00.0899 4848	hidserv - ok
23:56:00.0946 4848	HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
23:56:01.0008 4848	HidUsb - ok
23:56:01.0039 4848	hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
23:56:01.0117 4848	hkmsvc - ok
23:56:01.0164 4848	HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
23:56:01.0258 4848	HomeGroupListener - ok
23:56:01.0289 4848	HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
23:56:01.0367 4848	HomeGroupProvider - ok
23:56:01.0398 4848	HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
23:56:01.0429 4848	HpSAMD - ok
23:56:01.0492 4848	HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
23:56:01.0585 4848	HTTP - ok
23:56:01.0632 4848	hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
23:56:01.0663 4848	hwpolicy - ok
23:56:01.0694 4848	i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
23:56:01.0757 4848	i8042prt - ok
23:56:01.0866 4848	IAANTMON        (660bf3255a1eb18ed803fd2fba6ae400) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
23:56:01.0928 4848	IAANTMON - ok
23:56:02.0006 4848	iaStor          (0baa4115dfffd6a6d809a89d65e1281a) C:\Windows\system32\DRIVERS\iaStor.sys
23:56:02.0053 4848	iaStor - ok
23:56:02.0116 4848	iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
23:56:02.0178 4848	iaStorV - ok
23:56:02.0318 4848	idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:56:02.0396 4848	idsvc - ok
23:56:02.0708 4848	igfx            (d0074897c6bc132f3980ea4654bf7fb9) C:\Windows\system32\DRIVERS\igdkmd32.sys
23:56:02.0989 4848	igfx - ok
23:56:03.0130 4848	iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\drivers\iirsp.sys
23:56:03.0161 4848	iirsp - ok
23:56:03.0254 4848	IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
23:56:03.0379 4848	IKEEXT - ok
23:56:03.0691 4848	IntcAzAudAddService (2a1acec9da72b39188f007437da3b008) C:\Windows\system32\drivers\RTKVHDA.sys
23:56:03.0910 4848	IntcAzAudAddService - ok
23:56:04.0034 4848	intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
23:56:04.0081 4848	intelide - ok
23:56:04.0112 4848	intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
23:56:04.0144 4848	intelppm - ok
23:56:04.0206 4848	IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
23:56:04.0284 4848	IPBusEnum - ok
23:56:04.0315 4848	IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:56:04.0409 4848	IpFilterDriver - ok
23:56:04.0471 4848	iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
23:56:04.0580 4848	iphlpsvc - ok
23:56:04.0612 4848	IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
23:56:04.0658 4848	IPMIDRV - ok
23:56:04.0690 4848	IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
23:56:04.0783 4848	IPNAT - ok
23:56:04.0830 4848	IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
23:56:04.0877 4848	IRENUM - ok
23:56:04.0908 4848	isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
23:56:04.0955 4848	isapnp - ok
23:56:04.0986 4848	iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
23:56:05.0064 4848	iScsiPrt - ok
23:56:05.0095 4848	kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:56:05.0126 4848	kbdclass - ok
23:56:05.0142 4848	kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
23:56:05.0204 4848	kbdhid - ok
23:56:05.0236 4848	KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:56:05.0267 4848	KeyIso - ok
23:56:05.0329 4848	KSecDD          (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
23:56:05.0360 4848	KSecDD - ok
23:56:05.0392 4848	KSecPkg         (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
23:56:05.0438 4848	KSecPkg - ok
23:56:05.0485 4848	KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
23:56:05.0610 4848	KtmRm - ok
23:56:05.0641 4848	L1C             (12de252a44c344a7a044b3c1190df63b) C:\Windows\system32\DRIVERS\L1C62x86.sys
23:56:05.0688 4848	L1C - ok
23:56:05.0735 4848	LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
23:56:05.0828 4848	LanmanServer - ok
23:56:05.0875 4848	LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
23:56:05.0969 4848	LanmanWorkstation - ok
23:56:06.0047 4848	lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
23:56:06.0140 4848	lltdio - ok
23:56:06.0172 4848	lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
23:56:06.0281 4848	lltdsvc - ok
23:56:06.0312 4848	lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
23:56:06.0406 4848	lmhosts - ok
23:56:06.0452 4848	LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\drivers\lsi_fc.sys
23:56:06.0499 4848	LSI_FC - ok
23:56:06.0515 4848	LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\drivers\lsi_sas.sys
23:56:06.0562 4848	LSI_SAS - ok
23:56:06.0593 4848	LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\drivers\lsi_sas2.sys
23:56:06.0624 4848	LSI_SAS2 - ok
23:56:06.0655 4848	LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\drivers\lsi_scsi.sys
23:56:06.0686 4848	LSI_SCSI - ok
23:56:06.0718 4848	luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
23:56:06.0811 4848	luafv - ok
23:56:06.0858 4848	massfilter      (79ec6c0033776f89dd5131241f0170e1) C:\Windows\system32\drivers\massfilter.sys
23:56:06.0936 4848	massfilter - ok
23:56:06.0983 4848	MBAMProtector   (6dfe7f2e8e8a337263aa5c92a215f161) C:\Windows\system32\drivers\mbam.sys
23:56:07.0045 4848	MBAMProtector - ok
23:56:07.0373 4848	MBAMService     (43683e970f008c93c9429ef428147a54) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:56:07.0451 4848	MBAMService - ok
23:56:07.0482 4848	megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\drivers\megasas.sys
23:56:07.0529 4848	megasas - ok
23:56:07.0576 4848	MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\drivers\MegaSR.sys
23:56:07.0638 4848	MegaSR - ok
23:56:07.0685 4848	MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
23:56:07.0778 4848	MMCSS - ok
23:56:07.0810 4848	Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
23:56:07.0888 4848	Modem - ok
23:56:07.0919 4848	monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
23:56:07.0981 4848	monitor - ok
23:56:08.0012 4848	mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
23:56:08.0044 4848	mouclass - ok
23:56:08.0090 4848	mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
23:56:08.0137 4848	mouhid - ok
23:56:08.0168 4848	mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
23:56:08.0200 4848	mountmgr - ok
23:56:08.0293 4848	MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:56:08.0324 4848	MozillaMaintenance - ok
23:56:08.0371 4848	mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
23:56:08.0402 4848	mpio - ok
23:56:08.0434 4848	mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
23:56:08.0512 4848	mpsdrv - ok
23:56:08.0590 4848	MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
23:56:08.0730 4848	MpsSvc - ok
23:56:08.0761 4848	MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
23:56:08.0824 4848	MRxDAV - ok
23:56:08.0870 4848	mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:56:08.0933 4848	mrxsmb - ok
23:56:08.0964 4848	mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:56:09.0042 4848	mrxsmb10 - ok
23:56:09.0058 4848	mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:56:09.0104 4848	mrxsmb20 - ok
23:56:09.0136 4848	msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
23:56:09.0182 4848	msahci - ok
23:56:09.0214 4848	msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
23:56:09.0260 4848	msdsm - ok
23:56:09.0292 4848	MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
23:56:09.0370 4848	MSDTC - ok
23:56:09.0401 4848	Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
23:56:09.0510 4848	Msfs - ok
23:56:09.0541 4848	mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
23:56:09.0619 4848	mshidkmdf - ok
23:56:09.0650 4848	msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
23:56:09.0697 4848	msisadrv - ok
23:56:09.0728 4848	MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
23:56:09.0838 4848	MSiSCSI - ok
23:56:09.0838 4848	msiserver - ok
23:56:09.0900 4848	MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
23:56:09.0978 4848	MSKSSRV - ok
23:56:10.0009 4848	MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
23:56:10.0103 4848	MSPCLOCK - ok
23:56:10.0134 4848	MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
23:56:10.0228 4848	MSPQM - ok
23:56:10.0259 4848	MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
23:56:10.0306 4848	MsRPC - ok
23:56:10.0321 4848	mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
23:56:10.0368 4848	mssmbios - ok
23:56:10.0399 4848	MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
23:56:10.0477 4848	MSTEE - ok
23:56:10.0508 4848	MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\drivers\MTConfig.sys
23:56:10.0555 4848	MTConfig - ok
23:56:10.0586 4848	Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
23:56:10.0633 4848	Mup - ok
23:56:10.0664 4848	napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
23:56:10.0774 4848	napagent - ok
23:56:10.0852 4848	NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
23:56:10.0930 4848	NativeWifiP - ok
23:56:11.0008 4848	NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
23:56:11.0086 4848	NDIS - ok
23:56:11.0117 4848	NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
23:56:11.0210 4848	NdisCap - ok
23:56:11.0257 4848	NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
23:56:11.0335 4848	NdisTapi - ok
23:56:11.0382 4848	Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
23:56:11.0460 4848	Ndisuio - ok
23:56:11.0491 4848	NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
23:56:11.0585 4848	NdisWan - ok
23:56:11.0616 4848	NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
23:56:11.0694 4848	NDProxy - ok
23:56:11.0725 4848	NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
23:56:11.0803 4848	NetBIOS - ok
23:56:11.0834 4848	NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
23:56:11.0928 4848	NetBT - ok
23:56:11.0959 4848	Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:56:12.0022 4848	Netlogon - ok
23:56:12.0131 4848	Netman          (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
23:56:12.0240 4848	Netman - ok
23:56:12.0365 4848	NetMsmqActivator (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:56:12.0427 4848	NetMsmqActivator - ok
23:56:12.0458 4848	NetPipeActivator (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:56:12.0490 4848	NetPipeActivator - ok
23:56:12.0536 4848	netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
23:56:12.0661 4848	netprofm - ok
23:56:12.0692 4848	NetTcpActivator (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:56:12.0724 4848	NetTcpActivator - ok
23:56:12.0739 4848	NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:56:12.0786 4848	NetTcpPortSharing - ok
23:56:12.0817 4848	nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\drivers\nfrd960.sys
23:56:12.0864 4848	nfrd960 - ok
23:56:12.0911 4848	NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
23:56:13.0036 4848	NlaSvc - ok
23:56:13.0082 4848	Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
23:56:13.0176 4848	Npfs - ok
23:56:13.0192 4848	nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
23:56:13.0301 4848	nsi - ok
23:56:13.0316 4848	nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
23:56:13.0410 4848	nsiproxy - ok
23:56:13.0504 4848	Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
23:56:13.0628 4848	Ntfs - ok
23:56:13.0660 4848	Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
23:56:13.0738 4848	Null - ok
23:56:13.0784 4848	nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
23:56:13.0816 4848	nvraid - ok
23:56:13.0847 4848	nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
23:56:13.0909 4848	nvstor - ok
23:56:13.0940 4848	nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
23:56:13.0972 4848	nv_agp - ok
23:56:14.0112 4848	odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:56:14.0174 4848	odserv - ok
23:56:14.0206 4848	ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
23:56:14.0268 4848	ohci1394 - ok
23:56:14.0315 4848	ose             (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:56:14.0346 4848	ose - ok
23:56:14.0393 4848	p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
23:56:14.0471 4848	p2pimsvc - ok
23:56:14.0518 4848	p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
23:56:14.0596 4848	p2psvc - ok
23:56:14.0627 4848	Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\drivers\parport.sys
23:56:14.0674 4848	Parport - ok
23:56:14.0720 4848	partmgr         (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
23:56:14.0767 4848	partmgr - ok
23:56:14.0783 4848	Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\drivers\parvdm.sys
23:56:14.0830 4848	Parvdm - ok
23:56:14.0861 4848	PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
23:56:14.0939 4848	PcaSvc - ok
23:56:14.0970 4848	pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
23:56:15.0017 4848	pci - ok
23:56:15.0032 4848	pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
23:56:15.0079 4848	pciide - ok
23:56:15.0110 4848	pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\drivers\pcmcia.sys
23:56:15.0157 4848	pcmcia - ok
23:56:15.0188 4848	pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
23:56:15.0220 4848	pcw - ok
23:56:15.0298 4848	PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
23:56:15.0422 4848	PEAUTH - ok
23:56:15.0578 4848	pla             (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
23:56:15.0750 4848	pla - ok
23:56:15.0875 4848	PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
23:56:15.0968 4848	PlugPlay - ok
23:56:16.0000 4848	PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
23:56:16.0062 4848	PNRPAutoReg - ok
23:56:16.0109 4848	PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
23:56:16.0156 4848	PNRPsvc - ok
23:56:16.0218 4848	PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
23:56:16.0327 4848	PolicyAgent - ok
23:56:16.0374 4848	Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
23:56:16.0483 4848	Power - ok
23:56:16.0546 4848	PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
23:56:16.0639 4848	PptpMiniport - ok
23:56:16.0686 4848	Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\drivers\processr.sys
23:56:16.0733 4848	Processor - ok
23:56:16.0795 4848	ProfSvc         (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
23:56:16.0873 4848	ProfSvc - ok
23:56:16.0920 4848	ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:56:16.0967 4848	ProtectedStorage - ok
23:56:17.0014 4848	Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
23:56:17.0107 4848	Psched - ok
23:56:17.0216 4848	ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\drivers\ql2300.sys
23:56:17.0341 4848	ql2300 - ok
23:56:17.0482 4848	ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\drivers\ql40xx.sys
23:56:17.0528 4848	ql40xx - ok
23:56:17.0560 4848	QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
23:56:17.0638 4848	QWAVE - ok
23:56:17.0669 4848	QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
23:56:17.0716 4848	QWAVEdrv - ok
23:56:17.0747 4848	RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
23:56:17.0840 4848	RasAcd - ok
23:56:17.0887 4848	RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
23:56:17.0965 4848	RasAgileVpn - ok
23:56:18.0012 4848	RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
23:56:18.0121 4848	RasAuto - ok
23:56:18.0168 4848	Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:56:18.0262 4848	Rasl2tp - ok
23:56:18.0324 4848	RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
23:56:18.0433 4848	RasMan - ok
23:56:18.0464 4848	RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
23:56:18.0558 4848	RasPppoe - ok
23:56:18.0605 4848	RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
23:56:18.0714 4848	RasSstp - ok
23:56:18.0745 4848	rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
23:56:18.0839 4848	rdbss - ok
23:56:18.0870 4848	rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\drivers\rdpbus.sys
23:56:18.0917 4848	rdpbus - ok
23:56:18.0932 4848	RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:56:19.0042 4848	RDPCDD - ok
23:56:19.0073 4848	RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
23:56:19.0166 4848	RDPENCDD - ok
23:56:19.0198 4848	RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
23:56:19.0276 4848	RDPREFMP - ok
23:56:19.0322 4848	RDPWD           (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
23:56:19.0400 4848	RDPWD - ok
23:56:19.0463 4848	rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
23:56:19.0510 4848	rdyboost - ok
23:56:19.0541 4848	RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
23:56:19.0634 4848	RemoteAccess - ok
23:56:19.0666 4848	RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
23:56:19.0759 4848	RemoteRegistry - ok
23:56:19.0790 4848	RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
23:56:19.0900 4848	RpcEptMapper - ok
23:56:19.0931 4848	RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
23:56:19.0978 4848	RpcLocator - ok
23:56:20.0040 4848	RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
23:56:20.0134 4848	RpcSs - ok
23:56:20.0180 4848	rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
23:56:20.0274 4848	rspndr - ok
23:56:20.0321 4848	SamSs           (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:56:20.0368 4848	SamSs - ok
23:56:20.0414 4848	sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
23:56:20.0446 4848	sbp2port - ok
23:56:20.0492 4848	SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
23:56:20.0602 4848	SCardSvr - ok
23:56:20.0617 4848	scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
23:56:20.0711 4848	scfilter - ok
23:56:20.0789 4848	Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
23:56:20.0929 4848	Schedule - ok
23:56:20.0960 4848	SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
23:56:21.0038 4848	SCPolicySvc - ok
23:56:21.0070 4848	SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
23:56:21.0132 4848	SDRSVC - ok
23:56:21.0179 4848	secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:56:21.0272 4848	secdrv - ok
23:56:21.0304 4848	seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
23:56:21.0413 4848	seclogon - ok
23:56:21.0444 4848	SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
23:56:21.0538 4848	SENS - ok
23:56:21.0569 4848	Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\drivers\serenum.sys
23:56:21.0616 4848	Serenum - ok
23:56:21.0647 4848	Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\drivers\serial.sys
23:56:21.0709 4848	Serial - ok
23:56:21.0740 4848	sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\drivers\sermouse.sys
23:56:21.0772 4848	sermouse - ok
23:56:21.0834 4848	SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
23:56:21.0959 4848	SessionEnv - ok
23:56:21.0990 4848	sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
23:56:22.0052 4848	sffdisk - ok
23:56:22.0084 4848	sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
23:56:22.0146 4848	sffp_mmc - ok
23:56:22.0162 4848	sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
23:56:22.0224 4848	sffp_sd - ok
23:56:22.0240 4848	sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\drivers\sfloppy.sys
23:56:22.0318 4848	sfloppy - ok
23:56:22.0364 4848	SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
23:56:22.0489 4848	SharedAccess - ok
23:56:22.0552 4848	ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
23:56:22.0661 4848	ShellHWDetection - ok
23:56:22.0692 4848	sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
23:56:22.0739 4848	sisagp - ok
23:56:22.0786 4848	SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\drivers\SiSRaid2.sys
23:56:22.0817 4848	SiSRaid2 - ok
23:56:22.0848 4848	SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\drivers\sisraid4.sys
23:56:22.0879 4848	SiSRaid4 - ok
23:56:22.0973 4848	SkypeUpdate     (579ba0a911ff5ea70cb604cd3b744b0a) C:\Program Files\Skype\Updater\Updater.exe
23:56:23.0004 4848	SkypeUpdate - ok
23:56:23.0051 4848	Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
23:56:23.0144 4848	Smb - ok
23:56:23.0222 4848	SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
23:56:23.0269 4848	SNMPTRAP - ok
23:56:23.0300 4848	spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
23:56:23.0332 4848	spldr - ok
23:56:23.0394 4848	Spooler         (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
23:56:23.0472 4848	Spooler - ok
23:56:23.0690 4848	sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
23:56:23.0862 4848	sppsvc - ok
23:56:23.0971 4848	sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
23:56:24.0065 4848	sppuinotify - ok
23:56:24.0127 4848	srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
23:56:24.0205 4848	srv - ok
23:56:24.0252 4848	srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
23:56:24.0314 4848	srv2 - ok
23:56:24.0346 4848	srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
23:56:24.0392 4848	srvnet - ok
23:56:24.0470 4848	ssadbus         (64e44acd8c238fcbbb78f0ba4bdc4b05) C:\Windows\system32\DRIVERS\ssadbus.sys
23:56:24.0580 4848	ssadbus - ok
23:56:24.0626 4848	ssadmdfl        (bb2c84a15c765da89fd832b0e73f26ce) C:\Windows\system32\DRIVERS\ssadmdfl.sys
23:56:24.0704 4848	ssadmdfl - ok
23:56:24.0767 4848	ssadmdm         (6d0d132ddc6f43eda00dced6d8b1ca31) C:\Windows\system32\DRIVERS\ssadmdm.sys
23:56:24.0829 4848	ssadmdm - ok
23:56:24.0876 4848	SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
23:56:24.0985 4848	SSDPSRV - ok
23:56:25.0032 4848	ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
23:56:25.0048 4848	ssmdrv - ok
23:56:25.0079 4848	SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
23:56:25.0188 4848	SstpSvc - ok
23:56:25.0235 4848	stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\drivers\stexstor.sys
23:56:25.0266 4848	stexstor - ok
23:56:25.0328 4848	StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
23:56:25.0438 4848	StiSvc - ok
23:56:25.0469 4848	swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
23:56:25.0500 4848	swenum - ok
23:56:25.0562 4848	swprv           (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
23:56:25.0687 4848	swprv - ok
23:56:25.0750 4848	SynTP           (5cdd124913e91c7f79b4d5cae1c7c4de) C:\Windows\system32\DRIVERS\SynTP.sys
23:56:25.0812 4848	SynTP - ok
23:56:25.0890 4848	SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
23:56:26.0015 4848	SysMain - ok
23:56:26.0062 4848	TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
23:56:26.0140 4848	TabletInputService - ok
23:56:26.0186 4848	TapiSrv         (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
23:56:26.0296 4848	TapiSrv - ok
23:56:26.0327 4848	TBS             (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
23:56:26.0452 4848	TBS - ok
23:56:26.0592 4848	Tcpip           (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
23:56:26.0701 4848	Tcpip - ok
23:56:26.0748 4848	TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
23:56:26.0842 4848	TCPIP6 - ok
23:56:26.0888 4848	tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
23:56:26.0982 4848	tcpipreg - ok
23:56:27.0013 4848	TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
23:56:27.0076 4848	TDPIPE - ok
23:56:27.0122 4848	TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
23:56:27.0169 4848	TDTCP - ok
23:56:27.0185 4848	tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
23:56:27.0263 4848	tdx - ok
23:56:27.0512 4848	TeamViewer7     (a4d2ce94b028ef1e437cf4ac3d8ff26c) C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
23:56:27.0731 4848	TeamViewer7 - ok
23:56:27.0871 4848	TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\DRIVERS\termdd.sys
23:56:27.0918 4848	TermDD - ok
23:56:27.0980 4848	TermService     (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
23:56:28.0121 4848	TermService - ok
23:56:28.0152 4848	Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
23:56:28.0230 4848	Themes - ok
23:56:28.0277 4848	THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
23:56:28.0355 4848	THREADORDER - ok
23:56:28.0402 4848	TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
23:56:28.0526 4848	TrkWks - ok
23:56:28.0604 4848	TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
23:56:28.0698 4848	TrustedInstaller - ok
23:56:28.0745 4848	tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:56:28.0838 4848	tssecsrv - ok
23:56:28.0870 4848	TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
23:56:28.0932 4848	TsUsbFlt - ok
23:56:28.0948 4848	TsUsbGD         (01246f0baad7b68ec0f472aa41e33282) C:\Windows\system32\drivers\TsUsbGD.sys
23:56:29.0010 4848	TsUsbGD - ok
23:56:29.0057 4848	tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
23:56:29.0135 4848	tunnel - ok
23:56:29.0166 4848	uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\drivers\uagp35.sys
23:56:29.0213 4848	uagp35 - ok
23:56:29.0244 4848	udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
23:56:29.0353 4848	udfs - ok
23:56:29.0478 4848	UI Assistant Service (2e071263a409931f8aff3a6a656e920c) C:\Program Files\1&1 Surf-Stick\AssistantServices.exe
23:56:29.0540 4848	UI Assistant Service - ok
23:56:29.0572 4848	UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
23:56:29.0650 4848	UI0Detect - ok
23:56:29.0696 4848	uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
23:56:29.0743 4848	uliagpkx - ok
23:56:29.0790 4848	umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
23:56:29.0884 4848	umbus - ok
23:56:29.0915 4848	UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\drivers\umpass.sys
23:56:29.0977 4848	UmPass - ok
23:56:30.0024 4848	upnphost        (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
23:56:30.0133 4848	upnphost - ok
23:56:30.0164 4848	usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
23:56:30.0227 4848	usbccgp - ok
23:56:30.0258 4848	usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
23:56:30.0305 4848	usbcir - ok
23:56:30.0336 4848	usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\drivers\usbehci.sys
23:56:30.0383 4848	usbehci - ok
23:56:30.0430 4848	usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
23:56:30.0492 4848	usbhub - ok
23:56:30.0523 4848	usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
23:56:30.0586 4848	usbohci - ok
23:56:30.0601 4848	usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\drivers\usbprint.sys
23:56:30.0664 4848	usbprint - ok
23:56:30.0679 4848	USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:56:30.0757 4848	USBSTOR - ok
23:56:30.0773 4848	usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
23:56:30.0820 4848	usbuhci - ok
23:56:30.0882 4848	usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\system32\Drivers\usbvideo.sys
23:56:30.0944 4848	usbvideo - ok
23:56:30.0991 4848	UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
23:56:31.0085 4848	UxSms - ok
23:56:31.0132 4848	VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
23:56:31.0163 4848	VaultSvc - ok
23:56:31.0210 4848	vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
23:56:31.0241 4848	vdrvroot - ok
23:56:31.0319 4848	vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
23:56:31.0428 4848	vds - ok
23:56:31.0475 4848	vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
23:56:31.0522 4848	vga - ok
23:56:31.0553 4848	VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
23:56:31.0631 4848	VgaSave - ok
23:56:31.0662 4848	vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
23:56:31.0709 4848	vhdmp - ok
23:56:31.0740 4848	viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
23:56:31.0787 4848	viaagp - ok
23:56:31.0802 4848	ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\drivers\viac7.sys
23:56:31.0865 4848	ViaC7 - ok
23:56:31.0896 4848	viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
23:56:31.0927 4848	viaide - ok
23:56:31.0958 4848	volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
23:56:31.0990 4848	volmgr - ok
23:56:32.0036 4848	volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
23:56:32.0099 4848	volmgrx - ok
23:56:32.0146 4848	volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
23:56:32.0192 4848	volsnap - ok
23:56:32.0224 4848	vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\drivers\vsmraid.sys
23:56:32.0270 4848	vsmraid - ok
23:56:32.0364 4848	VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
23:56:32.0520 4848	VSS - ok
23:56:32.0536 4848	vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
23:56:32.0598 4848	vwifibus - ok
23:56:32.0645 4848	vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
23:56:32.0692 4848	vwififlt - ok
23:56:32.0738 4848	W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
23:56:32.0832 4848	W32Time - ok
23:56:32.0941 4848	W3SVC           (57c8c20bfa5bef6bd851ebac67a8ced0) C:\Windows\system32\inetsrv\iisw3adm.dll
23:56:33.0004 4848	W3SVC - ok
23:56:33.0035 4848	WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\drivers\wacompen.sys
23:56:33.0082 4848	WacomPen - ok
23:56:33.0113 4848	WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
23:56:33.0206 4848	WANARP - ok
23:56:33.0222 4848	Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
23:56:33.0300 4848	Wanarpv6 - ok
23:56:33.0347 4848	WAS             (57c8c20bfa5bef6bd851ebac67a8ced0) C:\Windows\system32\inetsrv\iisw3adm.dll
23:56:33.0409 4848	WAS - ok
23:56:33.0503 4848	wbengine        (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
23:56:33.0643 4848	wbengine - ok
23:56:33.0674 4848	WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
23:56:33.0768 4848	WbioSrvc - ok
23:56:33.0815 4848	wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
23:56:33.0893 4848	wcncsvc - ok
23:56:33.0924 4848	WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
23:56:34.0002 4848	WcsPlugInService - ok
23:56:34.0064 4848	Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\drivers\wd.sys
23:56:34.0096 4848	Wd - ok
23:56:34.0158 4848	Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
23:56:34.0236 4848	Wdf01000 - ok
23:56:34.0252 4848	WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
23:56:34.0361 4848	WdiServiceHost - ok
23:56:34.0376 4848	WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
23:56:34.0423 4848	WdiSystemHost - ok
23:56:34.0486 4848	WebClient       (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
23:56:34.0564 4848	WebClient - ok
23:56:34.0610 4848	Wecsvc          (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
23:56:34.0720 4848	Wecsvc - ok
23:56:34.0751 4848	wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
23:56:34.0829 4848	wercplsupport - ok
23:56:34.0876 4848	WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
23:56:34.0969 4848	WerSvc - ok
23:56:34.0985 4848	WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
23:56:35.0078 4848	WfpLwf - ok
23:56:35.0094 4848	WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
23:56:35.0141 4848	WIMMount - ok
23:56:35.0234 4848	WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
23:56:35.0328 4848	WinDefend - ok
23:56:35.0344 4848	WinHttpAutoProxySvc - ok
23:56:35.0422 4848	Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
23:56:35.0500 4848	Winmgmt - ok
23:56:35.0609 4848	WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
23:56:35.0780 4848	WinRM - ok
23:56:35.0890 4848	WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
23:56:35.0968 4848	WinUsb - ok
23:56:36.0046 4848	Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
23:56:36.0155 4848	Wlansvc - ok
23:56:36.0186 4848	WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
23:56:36.0233 4848	WmiAcpi - ok
23:56:36.0311 4848	wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
23:56:36.0389 4848	wmiApSrv - ok
23:56:36.0514 4848	WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
23:56:36.0638 4848	WMPNetworkSvc - ok
23:56:36.0670 4848	WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
23:56:36.0748 4848	WPCSvc - ok
23:56:36.0779 4848	WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
23:56:36.0857 4848	WPDBusEnum - ok
23:56:36.0919 4848	ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
23:56:37.0028 4848	ws2ifsl - ok
23:56:37.0060 4848	wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
23:56:37.0122 4848	wscsvc - ok
23:56:37.0169 4848	WSDPrintDevice  (553f6ccd7c58eb98d4a8fbdaf283d7a9) C:\Windows\system32\DRIVERS\WSDPrint.sys
23:56:37.0216 4848	WSDPrintDevice - ok
23:56:37.0231 4848	WSearch - ok
23:56:37.0403 4848	wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
23:56:37.0559 4848	wuauserv - ok
23:56:37.0699 4848	WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
23:56:37.0793 4848	WudfPf - ok
23:56:37.0824 4848	WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:56:37.0918 4848	WUDFRd - ok
23:56:37.0964 4848	wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
23:56:38.0074 4848	wudfsvc - ok
23:56:38.0105 4848	WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
23:56:38.0198 4848	WwanSvc - ok
23:56:38.0261 4848	ZTEusbmdm6k     (f6520e06c15dea5ab7bb016309fe4bb3) C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
23:56:38.0323 4848	ZTEusbmdm6k - ok
23:56:38.0354 4848	ZTEusbnmea      (f6520e06c15dea5ab7bb016309fe4bb3) C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
23:56:38.0401 4848	ZTEusbnmea - ok
23:56:38.0432 4848	ZTEusbser6k     (f6520e06c15dea5ab7bb016309fe4bb3) C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
23:56:38.0464 4848	ZTEusbser6k - ok
23:56:38.0510 4848	MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
23:56:38.0932 4848	\Device\Harddisk0\DR0 - ok
23:56:38.0978 4848	Boot (0x1200)   (f29d339f3bd0d1e826c9edc603223d79) \Device\Harddisk0\DR0\Partition0
23:56:38.0994 4848	\Device\Harddisk0\DR0\Partition0 - ok
23:56:39.0010 4848	Boot (0x1200)   (01fcc52acaab96c9a4b91d153d5f04e7) \Device\Harddisk0\DR0\Partition1
23:56:39.0025 4848	\Device\Harddisk0\DR0\Partition1 - ok
23:56:39.0025 4848	============================================================
23:56:39.0025 4848	Scan finished
23:56:39.0025 4848	============================================================
23:56:39.0072 3804	Detected object count: 0
23:56:39.0072 3804	Actual detected object count: 0

09.08.2012, 15:43	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Incredibar Firefox Kannst du damit einen neuen Suchlauf starten? __________________ --> Incredibar Firefox

11.08.2012, 16:27	#10
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Incredibar Firefox Hätte da mal drei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden? 3.) Das incredizeugs ist nun weg? __________________ Logfiles bitte immer in CODE-Tags posten

Incredibar Firefox

Plagegeister aller Art und deren Bekämpfung: Incredibar Firefox