GVU-Trojaner Fehler beim Laden wpbt0.dll

Nena83 · 17.12.2012, 21:24

Hallo,

mein Rechner hatte sich mit dem GVU-Trojaner infiziert. Ich konnte diesen mit Hilfe von Spybot und Avira beseiten. Wenn ich jedoch meinen Rechner hoch fahre bekomme ich die Fehlermeldung: Rundll. Fehler beim Laden der wpbt0.dll
Anscheinend habe ich den Trojaner nicht ganz weg bekommen.
Ich habe bereits Malwarebytes und den ESET laufen lassen und es werden immer wieder Bedrohungen gefunden (siehe Anhänge). Wie kann ich meinen Rechner vollkommen von dem Zeug befreien? Aus anderen Foren werde ich einfach nicht schlau draus.

Vielen Dank schonmal vorab.

M-K-D-B · 18.12.2012, 15:19

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Schritt 1
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).

Starte bitte die OTL.exe.
Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
Setze einen Haken bei Scanne alle Benutzer.
Unter Extra Registry, wähle bitte Use SafeList.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Schließe bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Scan Button.
Am Ende des Suchlaufs werden 2 Logdateien erstellt.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

Schritt 2
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.

Starte das Tool mit Doppelklick.
Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
Defogger wird dich fragen "Defogger will forcefully terminate and disable all CD Emulator related drivers and processes... Continue?" bestätige diese Sicherheitsabfrage mit Ja.
Wenn der Scan beendet wurde (Finished), klicke auf OK.
Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt. Poste deren Inhalt mit deiner nächsten Antwort.

Klicke den Re-enable Button nicht ohne Anweisung!

Schritt 3
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Nein.
Klicke auf Scan
Warte bitte bis Scan finished successfully im DOS Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

Schritt 4
Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ )
Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt

Poste den Inhalt bitte hier in deinen Thread.

Bitte poste mit deiner nächsten Antwort

die beiden Logdateien von OTL,
die Logdatei von DeFogger,
die Logdatei von aswMBR,
die Logdatei von TDSSKiller.

Nena83 · 18.12.2012, 20:00

Hallo Matthias,
vielen Dank für deine Hilfe. Hier die Logdateien.OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 18.12.2012 19:14:37 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Medion\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 56,30% Memory free
6,20 Gb Paging File | 4,54 Gb Available in Paging File | 73,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 275,41 Gb Total Space | 226,84 Gb Free Space | 82,36% Space Free | Partition Type: NTFS
Drive D: | 22,66 Gb Total Space | 12,53 Gb Free Space | 55,28% Space Free | Partition Type: FAT32
 
Computer Name: MEDION-PC | User Name: Medion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.18 19:11:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Medion\Desktop\OTL.exe
PRC - [2012.12.11 22:05:24 | 029,425,864 | ---- | M] (Dropbox, Inc.) -- C:\Users\Medion\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.11 17:36:00 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.12.11 17:35:53 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.12.11 17:35:52 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.12.11 17:35:52 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.07.25 08:25:12 | 000,776,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2008.07.03 10:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 03:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
PRC - [2008.01.21 03:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2007.11.02 11:35:42 | 002,564,096 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe
PRC - [2007.11.02 11:31:24 | 000,069,632 | ---- | M] () -- C:\Programme\Softex\OmniPass\opvapp.exe
PRC - [2007.11.02 11:31:08 | 000,040,960 | ---- | M] (Softex Inc.) -- C:\Programme\Softex\OmniPass\OmniServ.exe
PRC - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 14:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.09.11 14:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe
PRC - [2007.09.07 08:26:54 | 000,086,016 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\WButton.exe
PRC - [2007.09.06 10:23:36 | 000,188,416 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe
PRC - [2007.09.01 13:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
PRC - [2007.08.31 11:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
PRC - [2006.12.26 10:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2007.11.02 11:36:16 | 000,048,208 | ---- | M] () -- C:\Programme\Softex\OmniPass\hdddrv.dll
MOD - [2007.11.02 11:35:42 | 002,564,096 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe
MOD - [2007.11.02 11:28:16 | 000,434,176 | ---- | M] () -- C:\Programme\Softex\OmniPass\userdata.dll
MOD - [2007.11.02 11:28:04 | 001,077,248 | ---- | M] () -- C:\Programme\Softex\OmniPass\autheng.dll
MOD - [2007.11.02 11:27:48 | 000,532,480 | ---- | M] () -- C:\Programme\Softex\OmniPass\storeng.dll
MOD - [2007.11.02 11:27:40 | 000,061,440 | ---- | M] () -- C:\Programme\Softex\OmniPass\scuredll.dll
MOD - [2007.11.02 11:27:38 | 000,065,536 | ---- | M] () -- C:\Programme\Softex\OmniPass\opfsdll.dll
MOD - [2007.11.02 11:27:28 | 000,016,896 | ---- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll
MOD - [2007.11.02 11:27:26 | 000,013,824 | ---- | M] () -- C:\Programme\Softex\OmniPass\SSPLogon.dll
MOD - [2007.09.01 13:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2012.12.11 17:36:00 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.11 17:35:52 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.09.30 10:10:15 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.07.25 08:25:13 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Programme\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.11.02 11:31:08 | 000,040,960 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.09.11 14:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- G:\DIAGNOSE\WSTGER32\2PART\uxddrv86.sys -- (uxddrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.12.11 17:36:02 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.12.11 17:36:02 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.11.15 18:04:38 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.07.11 04:08:00 | 007,539,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.07.10 10:12:56 | 001,753,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2008.03.13 02:36:42 | 002,555,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.08.30 19:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2007.08.28 14:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007.06.25 12:37:24 | 000,084,480 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.06.01 09:29:04 | 000,210,736 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2007.05.25 08:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2007.05.25 08:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2003.04.28 10:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1782083187-3164884201-362571484-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/
IE - HKU\S-1-5-21-1782083187-3164884201-362571484-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1782083187-3164884201-362571484-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1782083187-3164884201-362571484-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1782083187-3164884201-362571484-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18571
IE - HKU\S-1-5-21-1782083187-3164884201-362571484-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA_de
IE - HKU\S-1-5-21-1782083187-3164884201-362571484-1001\..\SearchScopes\{7749714D-2421-495C-8BC6-79F282972572}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=crm&q={searchTerms}&locale=de_NL&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^NL&apn_uid=4556130e-ce79-42ac-a969-c17c1f27271f&apn_sauid=1D5B52F2-B71A-4C13-A79C-4FAFC0803E24
IE - HKU\S-1-5-21-1782083187-3164884201-362571484-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18571"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: software@loadtubes.com:1.01
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?babsrc=adbartrp&AF=18571&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.12 21:46:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.05.10 19:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Medion\AppData\Roaming\mozilla\Extensions
[2012.12.11 12:18:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Medion\AppData\Roaming\mozilla\Firefox\Profiles\z51syl7h.default\extensions
[2012.12.03 23:20:41 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\Medion\AppData\Roaming\mozilla\Firefox\Profiles\z51syl7h.default\extensions\software@loadtubes.com
[2012.12.03 23:16:39 | 000,000,000 | ---D | M] (Spartipps von SparPilot.com) -- C:\Users\Medion\AppData\Roaming\mozilla\Firefox\Profiles\z51syl7h.default\extensions\sparpilot@sparpilot.com
[2012.12.11 12:18:33 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Medion\AppData\Roaming\mozilla\firefox\profiles\z51syl7h.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.11.20 20:01:57 | 000,002,413 | ---- | M] () -- C:\Users\Medion\AppData\Roaming\mozilla\firefox\profiles\z51syl7h.default\searchplugins\askcom.xml
[2011.07.27 16:49:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.09.30 10:10:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.30 10:10:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.07.27 16:44:56 | 000,002,226 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012.09.30 10:10:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.30 10:10:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.30 10:10:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.30 10:10:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.30 10:10:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://search.avira.com/?l=dis&o=APN10395&gct=hp&dc=EU&locale=de_DE
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\npctrl.1.0.30401.0.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\gears.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: getPlusPlus for Adobe 162102 (Enabled) = C:\Program Files\NOS\bin\np_gp.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1782083187-3164884201-362571484-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1782083187-3164884201-362571484-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" File not found
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1782083187-3164884201-362571484-1001..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-1782083187-3164884201-362571484-1001..\Run: [Spybot-S&D Cleaning] C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Medion\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Medion\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm File not found
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O9 - Extra Button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O9 - Extra 'Tools' menuitem : Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm File not found
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1782083187-3164884201-362571484-1001\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82CA42DF-4DA4-4380-B0B9-18728C41D813}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCFB50B4-B2EC-4C03-A7C6-60A690BFC64D}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk D:\
O33 - MountPoints2\{e9ac2a12-76e1-11e0-a8fe-001f16029da6}\Shell - "" = AutoRun
O33 - MountPoints2\{e9ac2a12-76e1-11e0-a8fe-001f16029da6}\Shell\AutoRun\command - "" = G:\CD_Start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {233C1507-6A77-46A4-9443-F871F945D258} - Adobe Shockwave Director 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Adobe Shockwave Director 11.0
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - 
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.18 19:11:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Medion\Desktop\OTL.exe
[2012.12.17 21:15:06 | 004,077,368 | ---- | C] (Piriform Ltd) -- C:\Users\Medion\Desktop\ccsetup325.exe
[2012.12.17 20:52:06 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Malwarebytes
[2012.12.17 20:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.17 20:51:46 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.17 20:51:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.12.17 20:51:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.17 20:49:24 | 010,669,952 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Medion\Desktop\mbam-setup-1.65.1.1000.exe
[2012.12.12 20:27:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012.12.12 20:27:09 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2012.12.11 20:29:12 | 000,000,000 | -HSD | C] -- C:\found.000
[2012.12.03 23:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.12.03 23:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2012.12.03 22:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.12.02 22:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012.12.02 22:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012.12.02 22:55:43 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.12.02 22:55:42 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\TestApp
[2012.12.02 22:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012.12.02 22:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\B8C79D1A6DC657990000B8C6E4595D6D
[2012.11.25 10:36:10 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.11.25 10:36:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.11.25 10:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.18 19:20:04 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.18 19:12:58 | 000,628,730 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.18 19:12:58 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.18 19:12:58 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.18 19:12:58 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.18 19:11:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Medion\Desktop\OTL.exe
[2012.12.18 19:05:35 | 000,027,934 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.12.18 19:05:13 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.18 19:05:13 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.18 19:05:10 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.18 19:05:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.18 19:04:58 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.17 21:15:15 | 004,077,368 | ---- | M] (Piriform Ltd) -- C:\Users\Medion\Desktop\ccsetup325.exe
[2012.12.17 20:51:47 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.17 20:49:27 | 010,669,952 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Medion\Desktop\mbam-setup-1.65.1.1000.exe
[2012.12.15 09:06:14 | 000,000,956 | ---- | M] () -- C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.15 09:06:05 | 000,000,926 | ---- | M] () -- C:\Users\Medion\Desktop\Dropbox.lnk
[2012.12.14 21:07:40 | 000,000,000 | -H-- | M] () -- C:\Users\Medion\Documents\Default.rdp
[2012.12.12 21:23:52 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.12.12 20:44:10 | 000,001,975 | ---- | M] () -- C:\Windows\wininit.ini
[2012.12.12 20:27:18 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2012.12.12 20:27:18 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012.12.12 20:27:18 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2012.12.12 20:27:16 | 000,001,962 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012.12.12 20:15:22 | 095,023,320 | ---- | M] () -- C:\ProgramData\0tbpw.pad
[2012.12.11 20:19:19 | 000,342,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.11 17:36:02 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.12.11 17:36:02 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.11.25 10:36:10 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
 
========== Files Created - No Company Name ==========
 
[2012.12.17 20:51:47 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.16 11:16:31 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2012.12.14 21:07:40 | 000,000,000 | -H-- | C] () -- C:\Users\Medion\Documents\Default.rdp
[2012.12.12 20:44:10 | 000,001,975 | ---- | C] () -- C:\Windows\wininit.ini
[2012.12.12 20:27:18 | 000,000,620 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2012.12.12 20:27:18 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012.12.12 20:27:18 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2012.12.12 20:27:16 | 000,001,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012.12.12 20:27:16 | 000,001,962 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012.12.11 18:50:01 | 095,023,320 | ---- | C] () -- C:\ProgramData\0tbpw.pad
[2012.03.22 18:14:01 | 000,000,000 | ---- | C] () -- C:\Users\Medion\AppData\Roaming\Default.PLS
[2011.09.25 19:06:10 | 000,006,144 | ---- | C] () -- C:\Users\Medion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.30 20:52:48 | 000,007,592 | ---- | C] () -- C:\Users\Medion\AppData\Local\d3d9caps.dat
[2011.07.27 16:43:54 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2011.07.27 16:43:54 | 000,029,461 | ---- | C] () -- C:\Windows\unins000.dat
[2011.05.05 08:04:28 | 000,027,934 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.05.05 08:03:11 | 000,027,934 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 03:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Custom Scans ==========
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.09.30 10:10:13 | 000,868,952 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.09.30 10:10:13 | 000,868,952 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.09.30 10:10:13 | 000,868,952 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012.09.30 10:10:15 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012.09.30 10:10:15 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012.09.30 10:10:15 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012.12.05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012.12.05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012.12.05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012.12.05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011.05.28 05:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011.05.28 05:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011.05.28 05:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011.05.28 07:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011.05.28 07:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2012.09.30 10:10:13 | 000,868,952 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2012.09.30 10:10:13 | 000,868,952 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2012.09.30 10:10:13 | 000,868,952 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2012.09.30 10:10:15 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2012.09.30 10:10:15 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2012.09.30 10:10:15 | 000,924,600 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ShowIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --show-icons [2012.12.05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\HideIconsCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --hide-icons [2012.12.05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\InstallInfo\\ReinstallCommand: "C:\Program Files\Google\Chrome\Application\chrome.exe" --make-default-browser [2012.12.05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Google Chrome\shell\open\command\\: "C:\Program Files\Google\Chrome\Application\chrome.exe" [2012.12.05 02:15:17 | 001,242,728 | ---- | M] (Google Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\system32\ie4uinit.exe" -hide [2011.05.28 05:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\system32\ie4uinit.exe" -show [2011.05.28 05:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\system32\ie4uinit.exe" -reinstall [2011.05.28 05:32:51 | 000,173,568 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2011.05.28 07:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2011.05.28 07:09:21 | 000,638,232 | ---- | M] (Microsoft Corporation)
 
<           >

< End of report >

--- --- ---

Extra.txt:OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 18.12.2012 19:14:37 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Medion\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 56,30% Memory free
6,20 Gb Paging File | 4,54 Gb Available in Paging File | 73,19% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 275,41 Gb Total Space | 226,84 Gb Free Space | 82,36% Space Free | Partition Type: NTFS
Drive D: | 22,66 Gb Total Space | 12,53 Gb Free Space | 55,28% Space Free | Partition Type: FAT32
 
Computer Name: MEDION-PC | User Name: Medion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2B28E5DA-0CBF-4D38-801E-9A4EE91C0F44}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{56CA1B5D-98FB-4288-B5F1-DBDDB861FA77}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{30611AB3-4371-451A-9702-C50EC67E5691}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{4BEFA847-B71E-4B31-AE63-0C799A018EDF}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{61CFC382-1D7F-4411-9142-23272B71E6DE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{96EE7343-328E-460B-B372-2B36D01EE775}" = dir=in | app=c:\program files\homecinema\makedisc\makedisc.exe | 
"{9CC3C7EF-F2CA-4D14-AC98-1E1B6AAF8A54}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | 
"{AF42D91F-B305-4EAB-92CB-B35C2F33032D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{B5257A49-C362-4716-90DD-854277332D6B}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{C7502F25-D77E-45AC-A118-9FB6F5CFC59F}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{C8BD795F-FE89-4E6B-8ED4-626FE0193FD4}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{EBB42C07-EB97-4E58-A41A-D4D72859E140}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"TCP Query User{246CC28B-4117-4C6C-A805-33BDC520B7DF}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{8B0002DE-60B3-4430-BF18-667AF9D1356C}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{D461F106-5A7C-421A-BF19-3D2BC03B4E3F}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"TCP Query User{D8BFD566-A321-4EB1-B54F-E7E5BB186ADC}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{64A57C66-7B84-4C2F-B5E0-9CF3A192F334}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{816832C8-957E-4E3A-B5BA-08551EF48DCB}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{A77CDFDC-C8DD-41DE-BC07-FAE4D330709D}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{ADCF4CD0-A98C-43DC-AAAF-4B6AE5FA3099}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Suyin Webcam
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}" = Steuer 2011
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B145EC69-66F5-11D8-9D75-000129760D75}" = MakeDisc
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BD1587F7-B8D0-4111-8F1F-3327628AB02F}" = 3531-W-D
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{D5A9B7C0-8751-11D8-9D75-000129760D75}" = MediaShow
"{D8D22773-14BF-4178-A683-3DBA515C2A26}" = WISO Mein Geld 2008 Professional
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{E815FB81-995F-4F33-8E25-F16712123AB7}" = AuthenTec Fingerprint Sensor Minimum Install
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.00.91
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Avira AntiVir Desktop" = Avira Free Antivirus
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Kalender-Excel-8.8_is1" = Kalender-Excel-8.8
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA Drivers" = NVIDIA Drivers
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1782083187-3164884201-362571484-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 15.12.2012 21:31:22 | Computer Name = Medion-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 15.12.2012 21:32:42 | Computer Name = Medion-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 15.12.2012 21:42:28 | Computer Name = Medion-PC | Source = EventSystem | ID = 4609
Description = 
 
Error - 16.12.2012 06:16:48 | Computer Name = Medion-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 16.12.2012 17:03:40 | Computer Name = Medion-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.12.2012 13:24:17 | Computer Name = Medion-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.12.2012 15:41:16 | Computer Name = Medion-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 17.12.2012 17:17:25 | Computer Name = Medion-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.12.2012 12:46:50 | Computer Name = Medion-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 18.12.2012 14:05:33 | Computer Name = Medion-PC | Source = WinMgmt | ID = 10
Description = 
 
[ Spybot - Search and Destroy Events ]
Error - 14.12.2012 15:18:35 | Computer Name = Medion-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 17.12.2012 14:00:28 | Computer Name = Medion-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 17.12.2012 17:38:39 | Computer Name = Medion-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 18.12.2012 13:59:37 | Computer Name = Medion-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 17.12.2012 13:24:12 | Computer Name = Medion-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 17.12.2012 13:24:18 | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.12.2012 15:41:10 | Computer Name = Medion-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 17.12.2012 15:41:16 | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 17.12.2012 17:17:17 | Computer Name = Medion-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 17.12.2012 17:17:25 | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 18.12.2012 12:46:18 | Computer Name = Medion-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 18.12.2012 12:46:52 | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 18.12.2012 14:05:07 | Computer Name = Medion-PC | Source = HTTP | ID = 15016
Description = 
 
Error - 18.12.2012 14:05:35 | Computer Name = Medion-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >

--- --- ---

Nena83 · 18.12.2012, 20:01

Und hier noch den TDSSKiller:
19:36:39.0818 5512 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
19:36:39.0943 5512 ============================================================
19:36:39.0943 5512 Current date / time: 2012/12/18 19:36:39.0943
19:36:39.0943 5512 SystemInfo:
19:36:39.0943 5512
19:36:39.0943 5512 OS Version: 6.0.6001 ServicePack: 1.0
19:36:39.0943 5512 Product type: Workstation
19:36:39.0943 5512 ComputerName: MEDION-PC
19:36:39.0943 5512 UserName: Medion
19:36:39.0943 5512 Windows directory: C:\Windows
19:36:39.0943 5512 System windows directory: C:\Windows
19:36:39.0943 5512 Processor architecture: Intel x86
19:36:39.0943 5512 Number of processors: 2
19:36:39.0943 5512 Page size: 0x1000
19:36:39.0943 5512 Boot type: Normal boot
19:36:39.0943 5512 ============================================================
19:36:40.0473 5512 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:36:40.0489 5512 ============================================================
19:36:40.0489 5512 \Device\Harddisk0\DR0:
19:36:40.0489 5512 MBR partitions:
19:36:40.0536 5512 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x226D3F70, BlocksNum 0x2D59751
19:36:40.0536 5512 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x226D3EF2
19:36:40.0536 5512 ============================================================
19:36:40.0629 5512 C: <-> \Device\Harddisk0\DR0\Partition2
19:36:40.0660 5512 D: <-> \Device\Harddisk0\DR0\Partition1
19:36:40.0660 5512 ============================================================
19:36:40.0660 5512 Initialize success
19:36:40.0660 5512 ============================================================
19:36:52.0719 0736 ============================================================
19:36:52.0719 0736 Scan started
19:36:52.0719 0736 Mode: Manual;
19:36:52.0719 0736 ============================================================
19:36:53.0062 0736 ================ Scan system memory ========================
19:36:53.0062 0736 System memory - ok
19:36:53.0062 0736 ================ Scan services =============================
19:36:53.0234 0736 [ FCB8C7210F0135E24C6580F7F649C73C ] ACPI C:\Windows\system32\drivers\acpi.sys
19:36:53.0234 0736 ACPI - ok
19:36:53.0265 0736 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
19:36:53.0265 0736 adp94xx - ok
19:36:53.0390 0736 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
19:36:53.0390 0736 adpahci - ok
19:36:53.0406 0736 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
19:36:53.0406 0736 adpu160m - ok
19:36:53.0421 0736 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
19:36:53.0421 0736 adpu320 - ok
19:36:53.0468 0736 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
19:36:53.0468 0736 AeLookupSvc - ok
19:36:53.0593 0736 [ 48EB99503533C27AC6135648E5474457 ] AFD C:\Windows\system32\drivers\afd.sys
19:36:53.0593 0736 AFD - ok
19:36:53.0608 0736 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
19:36:53.0608 0736 agp440 - ok
19:36:53.0624 0736 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
19:36:53.0624 0736 aic78xx - ok
19:36:53.0655 0736 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
19:36:53.0655 0736 ALG - ok
19:36:53.0655 0736 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
19:36:53.0655 0736 aliide - ok
19:36:53.0686 0736 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
19:36:53.0686 0736 amdagp - ok
19:36:53.0702 0736 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
19:36:53.0702 0736 amdide - ok
19:36:53.0718 0736 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
19:36:53.0718 0736 AmdK7 - ok
19:36:53.0733 0736 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
19:36:53.0733 0736 AmdK8 - ok
19:36:53.0842 0736 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:36:53.0842 0736 AntiVirSchedulerService - ok
19:36:53.0874 0736 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:36:53.0874 0736 AntiVirService - ok
19:36:53.0936 0736 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
19:36:53.0936 0736 Appinfo - ok
19:36:53.0967 0736 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
19:36:53.0967 0736 arc - ok
19:36:53.0998 0736 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
19:36:53.0998 0736 arcsas - ok
19:36:54.0014 0736 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
19:36:54.0014 0736 AsyncMac - ok
19:36:54.0045 0736 [ 0D83C87A801A3DFCD1BF73893FE7518C ] atapi C:\Windows\system32\drivers\atapi.sys
19:36:54.0061 0736 atapi - ok
19:36:54.0076 0736 [ 69E65A2CE11619F0C868967CA9540B80 ] ATSWPDRV C:\Windows\system32\DRIVERS\ATSwpDrv.sys
19:36:54.0092 0736 ATSWPDRV - ok
19:36:54.0123 0736 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
19:36:54.0123 0736 AudioEndpointBuilder - ok
19:36:54.0154 0736 [ 42076E29AAFA0830A2C5D4E310F58DD1 ] Audiosrv C:\Windows\System32\Audiosrv.dll
19:36:54.0154 0736 Audiosrv - ok
19:36:54.0201 0736 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
19:36:54.0201 0736 avgntflt - ok
19:36:54.0232 0736 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
19:36:54.0232 0736 avipbb - ok
19:36:54.0248 0736 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
19:36:54.0248 0736 avkmgr - ok
19:36:54.0264 0736 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
19:36:54.0264 0736 Beep - ok
19:36:54.0435 0736 [ 8582E233C346AEFE759833E8A30DD697 ] BFE C:\Windows\System32\bfe.dll
19:36:54.0451 0736 BFE - ok
19:36:54.0498 0736 [ 02ED7B4DBC2A3232A389106DA7515C3D ] BITS C:\Windows\System32\qmgr.dll
19:36:54.0513 0736 BITS - ok
19:36:54.0544 0736 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
19:36:54.0544 0736 blbdrive - ok
19:36:54.0591 0736 [ 8153396D5551276227FA146900F734E6 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
19:36:54.0591 0736 bowser - ok
19:36:54.0607 0736 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
19:36:54.0607 0736 BrFiltLo - ok
19:36:54.0622 0736 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
19:36:54.0622 0736 BrFiltUp - ok
19:36:54.0700 0736 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
19:36:54.0700 0736 Browser - ok
19:36:54.0716 0736 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
19:36:54.0716 0736 Brserid - ok
19:36:54.0747 0736 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
19:36:54.0747 0736 BrSerWdm - ok
19:36:54.0763 0736 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
19:36:54.0763 0736 BrUsbMdm - ok
19:36:54.0778 0736 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
19:36:54.0778 0736 BrUsbSer - ok
19:36:54.0825 0736 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
19:36:54.0825 0736 BTHMODEM - ok
19:36:54.0888 0736 [ 48F64A84054771B2FEF55606ADF57557 ] Cam5607 C:\Windows\system32\Drivers\BisonC07.sys
19:36:54.0903 0736 Cam5607 - ok
19:36:54.0934 0736 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
19:36:54.0934 0736 cdfs - ok
19:36:54.0950 0736 [ 1EC25CEA0DE6AC4718BF89F9E1778B57 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
19:36:54.0950 0736 cdrom - ok
19:36:54.0966 0736 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] CertPropSvc C:\Windows\System32\certprop.dll
19:36:54.0966 0736 CertPropSvc - ok
19:36:55.0028 0736 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
19:36:55.0028 0736 circlass - ok
19:36:55.0059 0736 [ 465745561C832B29F7C48B488AAB3842 ] CLFS C:\Windows\system32\CLFS.sys
19:36:55.0059 0736 CLFS - ok
19:36:55.0200 0736 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:36:55.0200 0736 clr_optimization_v2.0.50727_32 - ok
19:36:55.0231 0736 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:36:55.0246 0736 clr_optimization_v4.0.30319_32 - ok
19:36:55.0278 0736 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
19:36:55.0278 0736 CmBatt - ok
19:36:55.0309 0736 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
19:36:55.0309 0736 cmdide - ok
19:36:55.0340 0736 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
19:36:55.0340 0736 Compbatt - ok
19:36:55.0356 0736 COMSysApp - ok
19:36:55.0356 0736 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
19:36:55.0356 0736 crcdisk - ok
19:36:55.0434 0736 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
19:36:55.0434 0736 Crusoe - ok
19:36:55.0465 0736 [ 6DE363F9F99334514C46AEC02D3E3678 ] CryptSvc C:\Windows\system32\cryptsvc.dll
19:36:55.0465 0736 CryptSvc - ok
19:36:55.0512 0736 [ 301AE00E12408650BADDC04DBC832830 ] DcomLaunch C:\Windows\system32\rpcss.dll
19:36:55.0527 0736 DcomLaunch - ok
19:36:55.0590 0736 [ A3E9FA213F443AC77C7746119D13FEEC ] DfsC C:\Windows\system32\Drivers\dfsc.sys
19:36:55.0590 0736 DfsC - ok
19:36:55.0668 0736 [ FA3463F25F9CC9C3BCF1E7912FEFF099 ] DFSR C:\Windows\system32\DFSR.exe
19:36:55.0714 0736 DFSR - ok
19:36:55.0746 0736 [ 43A988A9C10333476CB5FB667CBD629D ] Dhcp C:\Windows\System32\dhcpcsvc.dll
19:36:55.0746 0736 Dhcp - ok
19:36:55.0761 0736 [ 64109E623ABD6955C8FB110B592E68B7 ] disk C:\Windows\system32\drivers\disk.sys
19:36:55.0761 0736 disk - ok
19:36:55.0792 0736 [ 4805D9A6D281C7A7DEFD9094DEC6AF7D ] Dnscache C:\Windows\System32\dnsrslvr.dll
19:36:55.0792 0736 Dnscache - ok
19:36:55.0870 0736 [ 5AF620A08C614E24206B79E8153CF1A8 ] dot3svc C:\Windows\System32\dot3svc.dll
19:36:55.0870 0736 dot3svc - ok
19:36:55.0886 0736 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
19:36:55.0886 0736 DPS - ok
19:36:55.0917 0736 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
19:36:55.0917 0736 drmkaud - ok
19:36:55.0964 0736 [ 85F33880B8CFB554BD3D9CCDB486845A ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
19:36:55.0980 0736 DXGKrnl - ok
19:36:56.0011 0736 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
19:36:56.0011 0736 E1G60 - ok
19:36:56.0104 0736 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
19:36:56.0104 0736 EapHost - ok
19:36:56.0120 0736 [ DD2CD259D83D8B72C02C5F2331FF9D68 ] Ecache C:\Windows\system32\drivers\ecache.sys
19:36:56.0120 0736 Ecache - ok
19:36:56.0182 0736 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
19:36:56.0182 0736 ehRecvr - ok
19:36:56.0198 0736 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
19:36:56.0198 0736 ehSched - ok
19:36:56.0214 0736 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
19:36:56.0214 0736 ehstart - ok
19:36:56.0229 0736 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
19:36:56.0245 0736 elxstor - ok
19:36:56.0292 0736 [ 70B1A86DF0C8EAD17D2BC332EDAE2C7C ] EMDMgmt C:\Windows\system32\emdmgmt.dll
19:36:56.0292 0736 EMDMgmt - ok
19:36:56.0354 0736 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
19:36:56.0354 0736 ErrDev - ok
19:36:56.0416 0736 [ 3CB3343D720168B575133A0A20DC2465 ] EventSystem C:\Windows\system32\es.dll
19:36:56.0416 0736 EventSystem - ok
19:36:56.0448 0736 [ 0D858EB20589A34EFB25695ACAA6AA2D ] exfat C:\Windows\system32\drivers\exfat.sys
19:36:56.0448 0736 exfat - ok
19:36:56.0463 0736 [ 3C489390C2E2064563727752AF8EAB9E ] fastfat C:\Windows\system32\drivers\fastfat.sys
19:36:56.0463 0736 fastfat - ok
19:36:56.0463 0736 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
19:36:56.0463 0736 fdc - ok
19:36:56.0510 0736 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
19:36:56.0510 0736 fdPHost - ok
19:36:56.0526 0736 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
19:36:56.0526 0736 FDResPub - ok
19:36:56.0541 0736 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
19:36:56.0541 0736 FileInfo - ok
19:36:56.0604 0736 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
19:36:56.0604 0736 Filetrace - ok
19:36:56.0619 0736 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
19:36:56.0619 0736 flpydisk - ok
19:36:56.0635 0736 [ 05EA53AFE985443011E36DAB07343B46 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
19:36:56.0635 0736 FltMgr - ok
19:36:56.0697 0736 [ C9BE08664611DDAF98E2331E9288B00B ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:36:56.0697 0736 FontCache3.0.0.0 - ok
19:36:56.0728 0736 [ 65EA8B77B5851854F0C55C43FA51A198 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
19:36:56.0728 0736 Fs_Rec - ok
19:36:56.0760 0736 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
19:36:56.0760 0736 gagp30kx - ok
19:36:56.0791 0736 [ 33EFD5039EA1BFA623D8BB9FB787CB0F ] GoogleDesktopManager C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
19:36:56.0791 0736 GoogleDesktopManager - ok
19:36:56.0822 0736 [ D9F1113D9401185245573350712F92FC ] gpsvc C:\Windows\System32\gpsvc.dll
19:36:56.0822 0736 gpsvc - ok
19:36:56.0994 0736 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
19:36:56.0994 0736 gupdate - ok
19:36:56.0994 0736 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
19:36:56.0994 0736 gupdatem - ok
19:36:57.0040 0736 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
19:36:57.0040 0736 HdAudAddService - ok
19:36:57.0072 0736 [ C87B1EE051C0464491C1A7B03FA0BC99 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
19:36:57.0072 0736 HDAudBus - ok
19:36:57.0087 0736 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
19:36:57.0087 0736 HidBth - ok
19:36:57.0103 0736 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
19:36:57.0103 0736 HidIr - ok
19:36:57.0134 0736 [ 8FA640195279ACE21BEA91396A0054FC ] hidserv C:\Windows\system32\hidserv.dll
19:36:57.0134 0736 hidserv - ok
19:36:57.0212 0736 [ E2B5BD48AFCC0F0974FB44641B223250 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
19:36:57.0212 0736 HidUsb - ok
19:36:57.0243 0736 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
19:36:57.0243 0736 hkmsvc - ok
19:36:57.0259 0736 [ 8B566EA71D5B76157A9CDB78F25A5731 ] Hotkey C:\Windows\system32\drivers\Hotkey.sys
19:36:57.0259 0736 Hotkey - ok
19:36:57.0290 0736 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
19:36:57.0290 0736 HpCISSs - ok
19:36:57.0430 0736 [ 96E241624C71211A79C84F50A8E71CAB ] HTTP C:\Windows\system32\drivers\HTTP.sys
19:36:57.0430 0736 HTTP - ok
19:36:57.0462 0736 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
19:36:57.0462 0736 i2omp - ok
19:36:57.0493 0736 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
19:36:57.0493 0736 i8042prt - ok
19:36:57.0602 0736 [ 72B53E9C8924949DEC8F3799BCBA2251 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
19:36:57.0602 0736 IAANTMON - ok
19:36:57.0633 0736 [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
19:36:57.0649 0736 iaStor - ok
19:36:57.0664 0736 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
19:36:57.0680 0736 iaStorV - ok
19:36:57.0789 0736 [ 7B630ACAED64FEF0C3E1CF255CB56686 ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:36:57.0820 0736 idsvc - ok
19:36:57.0852 0736 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
19:36:57.0852 0736 iirsp - ok
19:36:57.0945 0736 [ A3BC480A2BF8AA8E4DABD2D5DCE0AFAC ] IKEEXT C:\Windows\System32\ikeext.dll
19:36:57.0945 0736 IKEEXT - ok
19:36:58.0054 0736 [ 5D26CCB06E1F3B5C26E863DF3F4F2611 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
19:36:58.0070 0736 IntcAzAudAddService - ok
19:36:58.0148 0736 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
19:36:58.0148 0736 intelide - ok
19:36:58.0226 0736 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
19:36:58.0226 0736 intelppm - ok
19:36:58.0257 0736 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
19:36:58.0273 0736 IPBusEnum - ok
19:36:58.0320 0736 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:36:58.0320 0736 IpFilterDriver - ok
19:36:58.0351 0736 [ 6A35D233693EDC29A12742049BC5E37F ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
19:36:58.0351 0736 iphlpsvc - ok
19:36:58.0366 0736 IpInIp - ok
19:36:58.0398 0736 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
19:36:58.0398 0736 IPMIDRV - ok
19:36:58.0413 0736 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
19:36:58.0429 0736 IPNAT - ok
19:36:58.0476 0736 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
19:36:58.0476 0736 IRENUM - ok
19:36:58.0491 0736 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
19:36:58.0491 0736 isapnp - ok
19:36:58.0538 0736 [ F247EEC28317F6C739C16DE420097301 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
19:36:58.0538 0736 iScsiPrt - ok
19:36:58.0554 0736 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
19:36:58.0554 0736 iteatapi - ok
19:36:58.0663 0736 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
19:36:58.0663 0736 iteraid - ok
19:36:58.0678 0736 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
19:36:58.0678 0736 kbdclass - ok
19:36:58.0678 0736 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
19:36:58.0694 0736 kbdhid - ok
19:36:58.0725 0736 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] KeyIso C:\Windows\system32\lsass.exe
19:36:58.0725 0736 KeyIso - ok
19:36:58.0850 0736 [ 7A0CF7908B6824D6A2A1D313E5AE3DCA ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
19:36:58.0850 0736 KSecDD - ok
19:36:58.0959 0736 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
19:36:58.0959 0736 KtmRm - ok
19:36:59.0022 0736 [ 1925E63C91CF1610AE41BFD539062079 ] LanmanServer C:\Windows\system32\srvsvc.dll
19:36:59.0022 0736 LanmanServer - ok
19:36:59.0068 0736 [ 2AE2E1628C5D3F1C0A46A67C9FA1DF15 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
19:36:59.0068 0736 LanmanWorkstation - ok
19:36:59.0115 0736 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
19:36:59.0115 0736 lltdio - ok
19:36:59.0193 0736 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
19:36:59.0193 0736 lltdsvc - ok
19:36:59.0209 0736 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
19:36:59.0209 0736 lmhosts - ok
19:36:59.0240 0736 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
19:36:59.0240 0736 LSI_FC - ok
19:36:59.0302 0736 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
19:36:59.0302 0736 LSI_SAS - ok
19:36:59.0334 0736 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
19:36:59.0334 0736 LSI_SCSI - ok
19:36:59.0349 0736 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
19:36:59.0349 0736 luafv - ok
19:36:59.0380 0736 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
19:36:59.0380 0736 MBAMProtector - ok
19:36:59.0536 0736 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
19:36:59.0552 0736 MBAMScheduler - ok
19:36:59.0599 0736 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
19:36:59.0614 0736 MBAMService - ok
19:36:59.0661 0736 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
19:36:59.0661 0736 Mcx2Svc - ok
19:36:59.0739 0736 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
19:36:59.0739 0736 megasas - ok
19:36:59.0770 0736 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
19:36:59.0770 0736 MegaSR - ok
19:36:59.0786 0736 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
19:36:59.0802 0736 MMCSS - ok
19:36:59.0817 0736 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
19:36:59.0817 0736 Modem - ok
19:36:59.0833 0736 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
19:36:59.0833 0736 monitor - ok
19:36:59.0848 0736 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
19:36:59.0864 0736 mouclass - ok
19:36:59.0926 0736 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
19:36:59.0926 0736 mouhid - ok
19:36:59.0942 0736 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
19:36:59.0942 0736 MountMgr - ok
19:37:00.0020 0736 [ 96AA8BA23142CC8E2B30F3CAE0C80254 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
19:37:00.0020 0736 MozillaMaintenance - ok
19:37:00.0051 0736 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
19:37:00.0051 0736 mpio - ok
19:37:00.0067 0736 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
19:37:00.0067 0736 mpsdrv - ok
19:37:00.0114 0736 [ D1639BA315B0D79DEC49A4B0E1FB929B ] MpsSvc C:\Windows\system32\mpssvc.dll
19:37:00.0114 0736 MpsSvc - ok
19:37:00.0129 0736 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
19:37:00.0129 0736 Mraid35x - ok
19:37:00.0160 0736 [ AE3DE84536B6799D2267443CEC8EDBB9 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
19:37:00.0160 0736 MRxDAV - ok
19:37:00.0192 0736 [ 5734A0F2BE7E495F7D3ED6EFD4B9F5A1 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
19:37:00.0192 0736 mrxsmb - ok
19:37:00.0223 0736 [ 6B5FA5ADFACAC9DBBE0991F4566D7D55 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:37:00.0223 0736 mrxsmb10 - ok
19:37:00.0301 0736 [ 5C80D8159181C7ABF1B14BA703B01E0B ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:37:00.0301 0736 mrxsmb20 - ok
19:37:00.0332 0736 [ F70590424EEFBF5C27A40C67AFDB8383 ] msahci C:\Windows\system32\drivers\msahci.sys
19:37:00.0332 0736 msahci - ok
19:37:00.0363 0736 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
19:37:00.0363 0736 msdsm - ok
19:37:00.0379 0736 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
19:37:00.0379 0736 MSDTC - ok
19:37:00.0410 0736 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
19:37:00.0410 0736 Msfs - ok
19:37:00.0426 0736 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
19:37:00.0426 0736 msisadrv - ok
19:37:00.0457 0736 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
19:37:00.0457 0736 MSiSCSI - ok
19:37:00.0472 0736 msiserver - ok
19:37:00.0504 0736 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
19:37:00.0504 0736 MSKSSRV - ok
19:37:00.0550 0736 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
19:37:00.0550 0736 MSPCLOCK - ok
19:37:00.0566 0736 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
19:37:00.0566 0736 MSPQM - ok
19:37:00.0582 0736 [ B5614AECB05A9340AA0FB55BF561CC63 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
19:37:00.0582 0736 MsRPC - ok
19:37:00.0597 0736 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
19:37:00.0597 0736 mssmbios - ok
19:37:00.0628 0736 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
19:37:00.0628 0736 MSTEE - ok
19:37:00.0628 0736 [ 6DFD1D322DE55B0B7DB7D21B90BEC49C ] Mup C:\Windows\system32\Drivers\mup.sys
19:37:00.0644 0736 Mup - ok
19:37:00.0675 0736 [ C43B25863FBD65B6D2A142AF3AE320CA ] napagent C:\Windows\system32\qagentRT.dll
19:37:00.0675 0736 napagent - ok
19:37:00.0706 0736 [ 3C21CE48FF529BB73DADB98770B54025 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
19:37:00.0706 0736 NativeWifiP - ok
19:37:00.0738 0736 [ 9BDC71790FA08F0A0B5F10462B1BD0B1 ] NDIS C:\Windows\system32\drivers\ndis.sys
19:37:00.0753 0736 NDIS - ok
19:37:00.0784 0736 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
19:37:00.0784 0736 NdisTapi - ok
19:37:00.0800 0736 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
19:37:00.0800 0736 Ndisuio - ok
19:37:00.0816 0736 [ 3D14C3B3496F88890D431E8AA022A411 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
19:37:00.0816 0736 NdisWan - ok
19:37:00.0878 0736 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
19:37:00.0878 0736 NDProxy - ok
19:37:01.0050 0736 [ 40D7D0A208EE863BCA8D89E299216F15 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
19:37:01.0065 0736 Nero BackItUp Scheduler 3 - ok
19:37:01.0081 0736 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
19:37:01.0081 0736 NetBIOS - ok
19:37:01.0128 0736 [ 7C5FEE5B1C5728507CD96FB4A13E7A02 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
19:37:01.0128 0736 netbt - ok
19:37:01.0159 0736 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] Netlogon C:\Windows\system32\lsass.exe
19:37:01.0159 0736 Netlogon - ok
19:37:01.0190 0736 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
19:37:01.0190 0736 Netman - ok
19:37:01.0237 0736 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
19:37:01.0252 0736 netprofm - ok
19:37:01.0284 0736 [ 0AD5876EF4E9EB77C8F93EB5B2FFF386 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:37:01.0284 0736 NetTcpPortSharing - ok
19:37:01.0455 0736 [ 4547B8AEDD8119FCC127FDC7F282E983 ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
19:37:01.0486 0736 NETw4v32 - ok
19:37:01.0611 0736 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
19:37:01.0611 0736 nfrd960 - ok
19:37:01.0627 0736 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
19:37:01.0642 0736 NlaSvc - ok
19:37:01.0720 0736 [ EBA1B4BF2E2375ABDADEDB649F283541 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
19:37:01.0783 0736 NMIndexingService - ok
19:37:01.0814 0736 [ ECB5003F484F9ED6C608D6D6C7886CBB ] Npfs C:\Windows\system32\drivers\Npfs.sys
19:37:01.0814 0736 Npfs - ok
19:37:01.0845 0736 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
19:37:01.0845 0736 nsi - ok
19:37:01.0861 0736 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
19:37:01.0861 0736 nsiproxy - ok
19:37:01.0908 0736 [ B4EFFE29EB4F15538FD8A9681108492D ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
19:37:01.0908 0736 Ntfs - ok
19:37:01.0939 0736 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
19:37:01.0939 0736 ntrigdigi - ok
19:37:01.0970 0736 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
19:37:01.0970 0736 Null - ok
19:37:02.0173 0736 [ B0CC8B78A9F0C6D9C8909B9BF874A4DE ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:37:02.0235 0736 nvlddmkm - ok
19:37:02.0298 0736 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
19:37:02.0298 0736 nvraid - ok
19:37:02.0313 0736 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
19:37:02.0313 0736 nvstor - ok
19:37:02.0391 0736 [ 1F3671DC1060477E6262E41F9EFD46F6 ] nvsvc C:\Windows\system32\nvvsvc.exe
19:37:02.0391 0736 nvsvc - ok
19:37:02.0407 0736 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
19:37:02.0407 0736 nv_agp - ok
19:37:02.0407 0736 NwlnkFlt - ok
19:37:02.0422 0736 NwlnkFwd - ok
19:37:02.0563 0736 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:37:02.0578 0736 odserv - ok
19:37:02.0594 0736 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
19:37:02.0594 0736 ohci1394 - ok
19:37:02.0672 0736 [ 27915BDFF44CA08E85DA3D1DDB7B6ECD ] omniserv C:\Program Files\Softex\OmniPass\OmniServ.exe
19:37:02.0672 0736 omniserv - ok
19:37:02.0688 0736 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:37:02.0688 0736 ose - ok
19:37:02.0750 0736 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2pimsvc C:\Windows\system32\p2psvc.dll
19:37:02.0766 0736 p2pimsvc - ok
19:37:02.0797 0736 [ 5DE1A3972FD3112C75EB17BDCF454169 ] p2psvc C:\Windows\system32\p2psvc.dll
19:37:02.0812 0736 p2psvc - ok
19:37:02.0844 0736 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
19:37:02.0844 0736 Parport - ok
19:37:02.0875 0736 [ 3B38467E7C3DAED009DFE359E17F139F ] partmgr C:\Windows\system32\drivers\partmgr.sys
19:37:02.0875 0736 partmgr - ok
19:37:02.0937 0736 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
19:37:02.0937 0736 Parvdm - ok
19:37:02.0953 0736 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
19:37:02.0953 0736 PcaSvc - ok
19:37:02.0968 0736 [ 01B94418DEB235DFF777CC80076354B4 ] pci C:\Windows\system32\drivers\pci.sys
19:37:02.0968 0736 pci - ok
19:37:02.0984 0736 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
19:37:02.0984 0736 pciide - ok
19:37:03.0000 0736 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
19:37:03.0015 0736 pcmcia - ok
19:37:03.0093 0736 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
19:37:03.0109 0736 PEAUTH - ok
19:37:03.0187 0736 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
19:37:03.0218 0736 pla - ok
19:37:03.0280 0736 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
19:37:03.0280 0736 PLFlash DeviceIoControl Service - ok
19:37:03.0327 0736 [ 78F975CB6D18265BE6F492EDB2D7BC7B ] PlugPlay C:\Windows\system32\umpnpmgr.dll
19:37:03.0327 0736 PlugPlay - ok
19:37:03.0358 0736 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
19:37:03.0358 0736 PNRPAutoReg - ok
19:37:03.0390 0736 [ 5DE1A3972FD3112C75EB17BDCF454169 ] PNRPsvc C:\Windows\system32\p2psvc.dll
19:37:03.0390 0736 PNRPsvc - ok
19:37:03.0514 0736 [ 47B8F37AA18B74D8C2E1BC1A7A2C8F8A ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
19:37:03.0530 0736 PolicyAgent - ok
19:37:03.0577 0736 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
19:37:03.0577 0736 PptpMiniport - ok
19:37:03.0608 0736 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
19:37:03.0608 0736 Processor - ok
19:37:03.0639 0736 [ B627E4FC8585E8843C5905D4D3587A90 ] ProfSvc C:\Windows\system32\profsvc.dll
19:37:03.0639 0736 ProfSvc - ok
19:37:03.0655 0736 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] ProtectedStorage C:\Windows\system32\lsass.exe
19:37:03.0655 0736 ProtectedStorage - ok
19:37:03.0686 0736 [ BFEF604508A0ED1EAE2A73E872555FFB ] PSched C:\Windows\system32\DRIVERS\pacer.sys
19:37:03.0686 0736 PSched - ok
19:37:03.0733 0736 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
19:37:03.0748 0736 ql2300 - ok
19:37:03.0780 0736 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
19:37:03.0780 0736 ql40xx - ok
19:37:03.0826 0736 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
19:37:03.0826 0736 QWAVE - ok
19:37:03.0889 0736 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
19:37:03.0889 0736 QWAVEdrv - ok
19:37:03.0904 0736 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
19:37:03.0904 0736 RasAcd - ok
19:37:03.0920 0736 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
19:37:03.0920 0736 RasAuto - ok
19:37:03.0951 0736 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
19:37:03.0951 0736 Rasl2tp - ok
19:37:03.0982 0736 [ 6E7C284FC5C4EC07AD164D93810385A6 ] RasMan C:\Windows\System32\rasmans.dll
19:37:03.0982 0736 RasMan - ok
19:37:03.0998 0736 [ 3E9D9B048107B40D87B97DF2E48E0744 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
19:37:03.0998 0736 RasPppoe - ok
19:37:04.0014 0736 [ A7D141684E9500AC928A772ED8E6B671 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
19:37:04.0014 0736 RasSstp - ok
19:37:04.0076 0736 [ 6E1C5D0457622F9EE35F683110E93D14 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
19:37:04.0076 0736 rdbss - ok
19:37:04.0123 0736 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
19:37:04.0123 0736 RDPCDD - ok
19:37:04.0138 0736 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
19:37:04.0154 0736 rdpdr - ok
19:37:04.0154 0736 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
19:37:04.0154 0736 RDPENCDD - ok
19:37:04.0232 0736 [ E1C18F4097A5ABCEC941DC4B2F99DB7E ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
19:37:04.0248 0736 RDPWD - ok
19:37:04.0341 0736 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
19:37:04.0341 0736 RemoteAccess - ok
19:37:04.0372 0736 [ CC4E32400F3C7253400CF8F3F3A0B676 ] RemoteRegistry C:\Windows\system32\regsvc.dll
19:37:04.0372 0736 RemoteRegistry - ok
19:37:04.0419 0736 [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo C:\Program Files\CyberLink\Shared Files\RichVideo.exe
19:37:04.0419 0736 RichVideo - ok
19:37:04.0450 0736 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
19:37:04.0450 0736 RpcLocator - ok
19:37:04.0482 0736 [ 301AE00E12408650BADDC04DBC832830 ] RpcSs C:\Windows\system32\rpcss.dll
19:37:04.0482 0736 RpcSs - ok
19:37:04.0560 0736 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
19:37:04.0560 0736 rspndr - ok
19:37:04.0622 0736 [ B7E1C523E2F7787D700766FC78E01F77 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
19:37:04.0638 0736 RTL8169 - ok
19:37:04.0669 0736 [ 0D1C1B0DE2819FE1EA25098183130B64 ] RTSTOR C:\Windows\system32\drivers\RTSTOR.SYS
19:37:04.0669 0736 RTSTOR - ok
19:37:04.0684 0736 [ A911ECAC81F94ADEAFBE8E3F7873EDB0 ] SamSs C:\Windows\system32\lsass.exe
19:37:04.0684 0736 SamSs - ok
19:37:04.0778 0736 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
19:37:04.0778 0736 sbp2port - ok
19:37:04.0794 0736 [ 11387E32642269C7E62E8B52C060B3C6 ] SCardSvr C:\Windows\System32\SCardSvr.dll
19:37:04.0794 0736 SCardSvr - ok
19:37:04.0840 0736 [ 7B587B8A6D4A99F79D2902D0385F29BD ] Schedule C:\Windows\system32\schedsvc.dll
19:37:04.0840 0736 Schedule - ok
19:37:04.0903 0736 [ 87C2D0377B23E2D8A41093C2F5FB1A5B ] SCPolicySvc C:\Windows\System32\certprop.dll
19:37:04.0903 0736 SCPolicySvc - ok
19:37:04.0934 0736 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
19:37:04.0934 0736 SDRSVC - ok
19:37:05.0012 0736 [ 206387AB881E93A1A6EB89966C8651F1 ] SDScannerService C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
19:37:05.0028 0736 SDScannerService - ok
19:37:05.0121 0736 [ A529CFE32565C0B145578FFB2B32C9A5 ] SDUpdateService C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
19:37:05.0137 0736 SDUpdateService - ok
19:37:05.0199 0736 [ CB63BDB77BB86549FC3303C2F11EDC18 ] SDWSCService C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
19:37:05.0215 0736 SDWSCService - ok
19:37:05.0246 0736 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
19:37:05.0246 0736 secdrv - ok
19:37:05.0262 0736 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
19:37:05.0262 0736 seclogon - ok
19:37:05.0340 0736 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
19:37:05.0340 0736 SENS - ok
19:37:05.0371 0736 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
19:37:05.0371 0736 Serenum - ok
19:37:05.0386 0736 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
19:37:05.0386 0736 Serial - ok
19:37:05.0402 0736 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
19:37:05.0402 0736 sermouse - ok
19:37:05.0527 0736 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
19:37:05.0527 0736 SessionEnv - ok
19:37:05.0527 0736 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
19:37:05.0527 0736 sffdisk - ok
19:37:05.0542 0736 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
19:37:05.0542 0736 sffp_mmc - ok
19:37:05.0558 0736 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
19:37:05.0558 0736 sffp_sd - ok
19:37:05.0589 0736 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
19:37:05.0589 0736 sfloppy - ok
19:37:05.0636 0736 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
19:37:05.0636 0736 SharedAccess - ok
19:37:05.0683 0736 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
19:37:05.0683 0736 ShellHWDetection - ok
19:37:05.0761 0736 [ 4346D5BBDDE7756D8614A3F193D60984 ] Si3531 C:\Windows\system32\DRIVERS\Si3531.sys
19:37:05.0761 0736 Si3531 - ok
19:37:05.0776 0736 [ E853C341BBF4AC0007A8DB0858DBB09D ] SiFilter C:\Windows\system32\DRIVERS\SiWinAcc.sys
19:37:05.0792 0736 SiFilter - ok
19:37:05.0808 0736 [ D80E6F142EB4963E82A8537DD745F51B ] SiRemFil C:\Windows\system32\DRIVERS\SiRemFil.sys
19:37:05.0808 0736 SiRemFil - ok
19:37:05.0823 0736 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
19:37:05.0823 0736 sisagp - ok
19:37:05.0854 0736 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
19:37:05.0854 0736 SiSRaid2 - ok
19:37:05.0870 0736 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
19:37:05.0870 0736 SiSRaid4 - ok
19:37:05.0917 0736 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
19:37:05.0917 0736 SkypeUpdate - ok
19:37:06.0120 0736 [ 0BA91E1358AD25236863039BB2609A2E ] slsvc C:\Windows\system32\SLsvc.exe
19:37:06.0291 0736 slsvc - ok
19:37:06.0322 0736 [ 7C6DC44CA0BFA6291629AB764200D1D4 ] SLUINotify C:\Windows\system32\SLUINotify.dll
19:37:06.0322 0736 SLUINotify - ok
19:37:06.0354 0736 [ 031E6BCD53C9B2B9ACE111EAFEC347B6 ] Smb C:\Windows\system32\DRIVERS\smb.sys
19:37:06.0354 0736 Smb - ok
19:37:06.0416 0736 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
19:37:06.0432 0736 SNMPTRAP - ok
19:37:06.0541 0736 [ 913D2CE973ED904FE54DE9DB38FCEFF2 ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
19:37:06.0556 0736 SNP2UVC - ok
19:37:06.0603 0736 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
19:37:06.0603 0736 spldr - ok
19:37:06.0681 0736 [ 3665F79026A3F91FBCA63F2C65A09B19 ] Spooler C:\Windows\System32\spoolsv.exe
19:37:06.0681 0736 Spooler - ok
19:37:06.0728 0736 [ 2252AEF839B1093D16761189F45AF885 ] srv C:\Windows\system32\DRIVERS\srv.sys
19:37:06.0728 0736 srv - ok
19:37:06.0759 0736 [ B7FF59408034119476B00A81BB53D5D1 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
19:37:06.0759 0736 srv2 - ok
19:37:06.0790 0736 [ 2ACCC9B12AF02030F531E6CCA6F8B76E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
19:37:06.0790 0736 srvnet - ok
19:37:06.0822 0736 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
19:37:06.0822 0736 SSDPSRV - ok
19:37:06.0868 0736 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
19:37:06.0868 0736 ssmdrv - ok
19:37:06.0900 0736 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
19:37:06.0900 0736 SstpSvc - ok
19:37:06.0915 0736 [ 7DD08A597BC56051F320DA0BAF69E389 ] stisvc C:\Windows\System32\wiaservc.dll
19:37:06.0931 0736 stisvc - ok
19:37:06.0962 0736 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
19:37:06.0962 0736 swenum - ok
19:37:06.0993 0736 [ B36C7CDB86F7F7A8E884479219766950 ] swprv C:\Windows\System32\swprv.dll
19:37:06.0993 0736 swprv - ok
19:37:07.0009 0736 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
19:37:07.0009 0736 Symc8xx - ok
19:37:07.0024 0736 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
19:37:07.0024 0736 Sym_hi - ok
19:37:07.0040 0736 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
19:37:07.0040 0736 Sym_u3 - ok
19:37:07.0071 0736 [ 4C6DE67EBB6C487F7690A373FCFDE279 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
19:37:07.0071 0736 SynTP - ok
19:37:07.0102 0736 [ 8710A92D0024B03B5FB9540DF1F71F1D ] SysMain C:\Windows\system32\sysmain.dll
19:37:07.0118 0736 SysMain - ok
19:37:07.0118 0736 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
19:37:07.0134 0736 TabletInputService - ok
19:37:07.0149 0736 [ 680916BB09EE0F3A6ACA7C274B0D633F ] TapiSrv C:\Windows\System32\tapisrv.dll
19:37:07.0165 0736 TapiSrv - ok
19:37:07.0212 0736 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
19:37:07.0212 0736 TBS - ok
19:37:07.0258 0736 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
19:37:07.0274 0736 Tcpip - ok
19:37:07.0321 0736 [ 782568AB6A43160A159B6215B70BCCE9 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
19:37:07.0336 0736 Tcpip6 - ok
19:37:07.0430 0736 [ D4A2E4A4B011F3A883AF77315A5AE76B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
19:37:07.0430 0736 tcpipreg - ok
19:37:07.0446 0736 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
19:37:07.0446 0736 TDPIPE - ok
19:37:07.0461 0736 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
19:37:07.0461 0736 TDTCP - ok
19:37:07.0477 0736 [ D09276B1FAB033CE1D40DCBDF303D10F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
19:37:07.0477 0736 tdx - ok
19:37:07.0477 0736 [ A048056F5E1A96A9BF3071B91741A5AA ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
19:37:07.0477 0736 TermDD - ok
19:37:07.0524 0736 [ D605031E225AACCBCEB5B76A4F1603A6 ] TermService C:\Windows\System32\termsrv.dll
19:37:07.0539 0736 TermService - ok
19:37:07.0586 0736 [ 1E3FDB80E40A3CE645F229DFBDFB7694 ] Themes C:\Windows\system32\shsvcs.dll
19:37:07.0602 0736 Themes - ok
19:37:07.0633 0736 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
19:37:07.0648 0736 THREADORDER - ok
19:37:07.0664 0736 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
19:37:07.0664 0736 TrkWks - ok
19:37:07.0726 0736 [ 16613A1BAD034D4ECF957AF18B7C2FF5 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
19:37:07.0726 0736 TrustedInstaller - ok
19:37:07.0773 0736 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
19:37:07.0773 0736 tssecsrv - ok
19:37:07.0789 0736 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
19:37:07.0789 0736 tunmp - ok
19:37:07.0804 0736 [ 6042505FF6FA9AC1EF7684D0E03B6940 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
19:37:07.0804 0736 tunnel - ok
19:37:07.0867 0736 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
19:37:07.0867 0736 uagp35 - ok
19:37:07.0882 0736 [ 8B5088058FA1D1CD897A2113CCFF6C58 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
19:37:07.0882 0736 udfs - ok
19:37:07.0960 0736 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
19:37:07.0960 0736 UI0Detect - ok
19:37:08.0023 0736 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
19:37:08.0023 0736 uliagpkx - ok
19:37:08.0038 0736 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
19:37:08.0038 0736 uliahci - ok
19:37:08.0054 0736 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
19:37:08.0054 0736 UlSata - ok
19:37:08.0070 0736 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
19:37:08.0070 0736 ulsata2 - ok
19:37:08.0101 0736 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
19:37:08.0101 0736 umbus - ok
19:37:08.0116 0736 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
19:37:08.0116 0736 upnphost - ok
19:37:08.0179 0736 [ B902EBDC7B36B0CE29B70AF8E0A27AFF ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
19:37:08.0194 0736 usbccgp - ok
19:37:08.0241 0736 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
19:37:08.0241 0736 usbcir - ok
19:37:08.0257 0736 [ 9AF290F63974796782606521C4CB2E20 ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
19:37:08.0272 0736 usbehci - ok
19:37:08.0288 0736 [ BF40C876B38B719822A96CF3261434FA ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
19:37:08.0288 0736 usbhub - ok
19:37:08.0304 0736 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
19:37:08.0304 0736 usbohci - ok
19:37:08.0319 0736 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
19:37:08.0319 0736 usbprint - ok
19:37:08.0397 0736 [ 87BA6B83C5D19B69160968D07D6E2982 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:37:08.0397 0736 USBSTOR - ok
19:37:08.0413 0736 [ 0E4C7F6266B2CC444C3239D60569410E ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
19:37:08.0413 0736 usbuhci - ok
19:37:08.0460 0736 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
19:37:08.0460 0736 usbvideo - ok
19:37:08.0460 0736 uxddrv - ok
19:37:08.0553 0736 [ 032A0ACC3909AE7215D524E29D536797 ] UxSms C:\Windows\System32\uxsms.dll
19:37:08.0553 0736 UxSms - ok
19:37:08.0616 0736 [ B13BC395B9D6116628F5AF47E0802AC4 ] vds C:\Windows\System32\vds.exe
19:37:08.0631 0736 vds - ok
19:37:08.0725 0736 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
19:37:08.0725 0736 vga - ok
19:37:08.0756 0736 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
19:37:08.0756 0736 VgaSave - ok
19:37:08.0818 0736 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
19:37:08.0818 0736 viaagp - ok
19:37:08.0834 0736 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
19:37:08.0834 0736 ViaC7 - ok
19:37:08.0850 0736 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
19:37:08.0850 0736 viaide - ok
19:37:08.0865 0736 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
19:37:08.0865 0736 volmgr - ok
19:37:08.0912 0736 [ 98F5FFE6316BD74E9E2C97206C190196 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
19:37:08.0912 0736 volmgrx - ok
19:37:08.0928 0736 [ D8B4A53DD2769F226B3EB374374987C9 ] volsnap C:\Windows\system32\drivers\volsnap.sys
19:37:08.0943 0736 volsnap - ok
19:37:08.0990 0736 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
19:37:08.0990 0736 vsmraid - ok
19:37:09.0084 0736 [ D5FB73D19C46ADE183F968E13F186B23 ] VSS C:\Windows\system32\vssvc.exe
19:37:09.0099 0736 VSS - ok
19:37:09.0162 0736 [ 1CF9206966A8458CDA9A8B20DF8AB7D3 ] W32Time C:\Windows\system32\w32time.dll
19:37:09.0177 0736 W32Time - ok
19:37:09.0224 0736 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
19:37:09.0224 0736 WacomPen - ok
19:37:09.0240 0736 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
19:37:09.0240 0736 Wanarp - ok
19:37:09.0240 0736 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
19:37:09.0240 0736 Wanarpv6 - ok
19:37:09.0255 0736 [ F3A5C2E1A6533192B070D06ECF6BE796 ] wcncsvc C:\Windows\System32\wcncsvc.dll
19:37:09.0271 0736 wcncsvc - ok
19:37:09.0318 0736 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
19:37:09.0318 0736 WcsPlugInService - ok
19:37:09.0333 0736 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
19:37:09.0333 0736 Wd - ok
19:37:09.0364 0736 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
19:37:09.0364 0736 Wdf01000 - ok
19:37:09.0396 0736 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
19:37:09.0396 0736 WdiServiceHost - ok
19:37:09.0396 0736 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
19:37:09.0396 0736 WdiSystemHost - ok
19:37:09.0411 0736 [ CF9A5F41789B642DB967021DE06A2713 ] WebClient C:\Windows\System32\webclnt.dll
19:37:09.0427 0736 WebClient - ok
19:37:09.0442 0736 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
19:37:09.0458 0736 Wecsvc - ok
19:37:09.0458 0736 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
19:37:09.0474 0736 wercplsupport - ok
19:37:09.0536 0736 [ FD1965AAA112C6818A30AB02742D0461 ] WerSvc C:\Windows\System32\WerSvc.dll
19:37:09.0536 0736 WerSvc - ok
19:37:09.0598 0736 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
19:37:09.0598 0736 WinDefend - ok
19:37:09.0614 0736 WinHttpAutoProxySvc - ok
19:37:09.0708 0736 [ 00B79A7C984678F24CF052E5BEB3A2F5 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
19:37:09.0708 0736 Winmgmt - ok
19:37:09.0770 0736 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
19:37:09.0801 0736 WinRM - ok
19:37:09.0895 0736 [ F0FE933E27F1E2A83FF322A0693A4724 ] WisLMSvc C:\Program Files\Launch Manager\WisLMSvc.exe
19:37:09.0895 0736 WisLMSvc - ok
19:37:09.0926 0736 [ 275F4346E569DF56CFB95243BD6F6FF0 ] Wlansvc C:\Windows\System32\wlansvc.dll
19:37:09.0957 0736 Wlansvc - ok
19:37:10.0020 0736 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
19:37:10.0020 0736 WmiAcpi - ok
19:37:10.0051 0736 [ ABA4CF9F856D9A3A25F4DDD7690A6E9D ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
19:37:10.0051 0736 wmiApSrv - ok
19:37:10.0191 0736 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
19:37:10.0207 0736 WMPNetworkSvc - ok
19:37:10.0300 0736 [ 5D94CD167751294962BA238D82DD1BB8 ] WPCSvc C:\Windows\System32\wpcsvc.dll
19:37:10.0316 0736 WPCSvc - ok
19:37:10.0378 0736 [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
19:37:10.0378 0736 WPDBusEnum - ok
19:37:10.0472 0736 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:37:10.0488 0736 WPFFontCache_v0400 - ok
19:37:10.0550 0736 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
19:37:10.0550 0736 ws2ifsl - ok
19:37:10.0566 0736 [ 683DD16B590372F2C9661D277F35E49C ] wscsvc C:\Windows\System32\wscsvc.dll
19:37:10.0566 0736 wscsvc - ok
19:37:10.0581 0736 WSearch - ok
19:37:10.0675 0736 [ 6298277B73C77FA99106B271A7525163 ] wuauserv C:\Windows\system32\wuaueng.dll
19:37:10.0753 0736 wuauserv - ok
19:37:10.0815 0736 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
19:37:10.0815 0736 WUDFRd - ok
19:37:10.0815 0736 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
19:37:10.0831 0736 wudfsvc - ok
19:37:10.0846 0736 ================ Scan global ===============================
19:37:10.0956 0736 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
19:37:10.0987 0736 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
19:37:11.0049 0736 [ F42F8855CB5C22E203C6672B124F17FD ] C:\Windows\system32\winsrv.dll
19:37:11.0127 0736 [ 2B336AB6286D6C81FA02CBAB914E3C6C ] C:\Windows\system32\services.exe
19:37:11.0127 0736 [Global] - ok
19:37:11.0127 0736 ================ Scan MBR ==================================
19:37:11.0190 0736 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
19:37:11.0439 0736 \Device\Harddisk0\DR0 - ok
19:37:11.0439 0736 ================ Scan VBR ==================================
19:37:11.0455 0736 [ 242D551B4A9950CDE4E9C8AB3402ECAF ] \Device\Harddisk0\DR0\Partition1
19:37:11.0455 0736 \Device\Harddisk0\DR0\Partition1 - ok
19:37:11.0470 0736 [ 0F66965CE083CE3A9D3720CF0CA37BFE ] \Device\Harddisk0\DR0\Partition2
19:37:11.0470 0736 \Device\Harddisk0\DR0\Partition2 - ok
19:37:11.0470 0736 ============================================================
19:37:11.0470 0736 Scan finished
19:37:11.0470 0736 ============================================================
19:37:11.0486 0244 Detected object count: 0
19:37:11.0486 0244 Actual detected object count: 0
19:38:53.0058 1764 Deinitialize success

Komischerweise habe ich heute beim Hochfahren meines Laptops die Fehlermeldung mit der wpbt0.dll nicht erhalten. Habe heute auch noch mal den Malwarebytes laufen lassen und er hat dieses Mal nix mehr gefunden. Bei Spybot jedoch hat er noch Malware gefunden. Mir kommt es aber vor, dass Spybot immer die gleichen Schädlinge findet.... Brauchst du dazu auch den Report?

Danke!

M-K-D-B · 18.12.2012, 20:21

Servus,

Zitat:

Zitat von Nena83

Komischerweise habe ich heute beim Hochfahren meines Laptops die Fehlermeldung mit der wpbt0.dll nicht erhalten. Habe heute auch noch mal den Malwarebytes laufen lassen und er hat dieses Mal nix mehr gefunden. Bei Spybot jedoch hat er noch Malware gefunden. Mir kommt es aber vor, dass Spybot immer die gleichen Schädlinge findet.... Brauchst du dazu auch den Report?

Ja bitte.

Warum ist das Service Pack 2 für Windows Vista nicht installiert?

Schritt 1
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.

Bitte lade Junkware Removal Tool auf Deinen Desktop.

Starte das Tool mit Doppelklick. Vista und 7 Nutzer bitte mit Rechtsklick "als Administrator ausführen" starten.
Das Tool wird sich öffnen und mit dem Scan beginnen.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Schritt 3
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Bitte poste mit deiner nächsten Antwort

die Beantwortung der gestellten Frage,
die Logdatei von AdwCleaner,
die Logdatei von JRT,
die Logdatei von ComboFix.

Nena83 · 18.12.2012, 22:08

Warum ich Service Pack 2 nicht installiert habe, weiß ich gar nicht.

Ist das notwendig? Soll ich es nach der Bereinigung installieren oder jetzt schon?

Ich schicke dir den Spybot-Report einmal vor deinen Anweisungen und einmal danach.

Wie ist denn der bisherige Stand? Habe nur gesehen, dass Combofix mal wieder etwas gefunden hat.

M-K-D-B · 19.12.2012, 19:48

Servus,

Zitat:

Zitat von Nena83

Warum ich Service Pack 2 nicht installiert habe, weiß ich gar nicht.

Du Witzbold...

Zitat:

Zitat von Nena83

Ist das notwendig? Soll ich es nach der Bereinigung installieren oder jetzt schon?

Ja, es ist notwendig. Wir installieren es ganz zum Schluss!

Zitat:

Zitat von Nena83

Ich schicke dir den Spybot-Report einmal vor deinen Anweisungen und einmal danach.

Wie ist denn der bisherige Stand? Habe nur gesehen, dass Combofix mal wieder etwas gefunden hat.

Spybot-Bericht ist unauffällig. ComboFix hat noch ein paar Reste des GVU-Trojaners entfernt. Zudem war eine Systemdatei infiziert, diese ist jetzt auch wieder sauber.

Wie läuft dein Rechner derzeit? Gibt es noch Probleme, die auf Malware hindeuten?

Starte bitte OTL.exe und drücke den Quick Scan Button.
Poste die OTL.txt hier in deinen Thread.

Nena83 · 20.12.2012, 21:14

Hallo Matthias,

hier die Ergebnisse zu OTL.exe:OTL Logfile:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 20.12.2012 21:07:25 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Medion\Desktop
Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 58,06% Memory free
6,20 Gb Paging File | 4,69 Gb Available in Paging File | 75,64% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 275,41 Gb Total Space | 223,45 Gb Free Space | 81,13% Space Free | Partition Type: NTFS
Drive D: | 22,66 Gb Total Space | 12,53 Gb Free Space | 55,28% Space Free | Partition Type: FAT32
 
Computer Name: MEDION-PC | User Name: Medion | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.12.18 19:11:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Medion\Desktop\OTL.exe
PRC - [2012.12.11 22:05:24 | 029,425,864 | ---- | M] (Dropbox, Inc.) -- C:\Users\Medion\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.11 17:36:00 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.12.11 17:35:53 | 000,079,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.12.11 17:35:52 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.12.11 17:35:52 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.11.13 14:08:12 | 003,487,240 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdate.exe
PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.07.25 08:25:12 | 000,776,192 | ---- | M] (Google) -- C:\Programme\Google\Google Desktop Search\GoogleDesktopIndex.exe
PRC - [2008.07.03 10:27:12 | 006,266,880 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.02.28 17:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2008.01.21 03:24:13 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008.01.21 03:23:29 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2007.11.02 11:35:42 | 002,564,096 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe
PRC - [2007.11.02 11:31:24 | 000,069,632 | ---- | M] () -- C:\Programme\Softex\OmniPass\opvapp.exe
PRC - [2007.11.02 11:31:08 | 000,040,960 | ---- | M] (Softex Inc.) -- C:\Programme\Softex\OmniPass\OmniServ.exe
PRC - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.10.03 14:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2007.09.11 14:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe
PRC - [2007.09.07 08:26:54 | 000,086,016 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\WButton.exe
PRC - [2007.09.06 10:23:36 | 000,188,416 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe
PRC - [2007.09.01 13:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
PRC - [2007.08.31 11:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
PRC - [2006.12.26 10:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlFileFormats150.bpl
MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\JSDialogPack150.bpl
MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Programme\Spybot - Search & Destroy 2\DEC150.bpl
MOD - [2007.11.02 11:36:16 | 000,048,208 | ---- | M] () -- C:\Programme\Softex\OmniPass\hdddrv.dll
MOD - [2007.11.02 11:35:42 | 002,564,096 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe
MOD - [2007.11.02 11:28:16 | 000,434,176 | ---- | M] () -- C:\Programme\Softex\OmniPass\userdata.dll
MOD - [2007.11.02 11:28:04 | 001,077,248 | ---- | M] () -- C:\Programme\Softex\OmniPass\autheng.dll
MOD - [2007.11.02 11:27:48 | 000,532,480 | ---- | M] () -- C:\Programme\Softex\OmniPass\storeng.dll
MOD - [2007.11.02 11:27:40 | 000,061,440 | ---- | M] () -- C:\Programme\Softex\OmniPass\scuredll.dll
MOD - [2007.11.02 11:27:38 | 000,065,536 | ---- | M] () -- C:\Programme\Softex\OmniPass\opfsdll.dll
MOD - [2007.11.02 11:27:28 | 000,016,896 | ---- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll
MOD - [2007.11.02 11:27:26 | 000,013,824 | ---- | M] () -- C:\Programme\Softex\OmniPass\SSPLogon.dll
MOD - [2007.09.01 13:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2012.12.11 17:36:00 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.11 17:35:52 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.09.30 10:10:15 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.07.25 08:25:13 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Programme\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.11.02 11:31:08 | 000,040,960 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2007.10.03 14:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.09.11 14:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2006.10.26 13:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- G:\DIAGNOSE\WSTGER32\2PART\uxddrv86.sys -- (uxddrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012.12.11 17:36:02 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.12.11 17:36:02 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.11.15 18:04:38 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.09.29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2008.07.11 04:08:00 | 007,539,744 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.07.10 10:12:56 | 001,753,984 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snp2uvc.sys -- (SNP2UVC)
DRV - [2008.03.13 02:36:42 | 002,555,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.08.30 19:24:24 | 000,805,416 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2007.08.28 14:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007.06.25 12:37:24 | 000,084,480 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2007.06.01 09:29:04 | 000,210,736 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2007.05.25 08:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2007.05.25 08:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2003.04.28 10:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1782083187-3164884201-362571484-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1782083187-3164884201-362571484-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1782083187-3164884201-362571484-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKU\S-1-5-21-1782083187-3164884201-362571484-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1782083187-3164884201-362571484-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA_de
IE - HKU\S-1-5-21-1782083187-3164884201-362571484-1001\..\SearchScopes\{7749714D-2421-495C-8BC6-79F282972572}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=crm&q={searchTerms}&locale=de_NL&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^NL&apn_uid=4556130e-ce79-42ac-a969-c17c1f27271f&apn_sauid=1D5B52F2-B71A-4C13-A79C-4FAFC0803E24
IE - HKU\S-1-5-21-1782083187-3164884201-362571484-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: software@loadtubes.com:1.01
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.12 21:46:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2011.05.10 19:05:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Medion\AppData\Roaming\mozilla\Extensions
[2012.12.18 20:51:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Medion\AppData\Roaming\mozilla\Firefox\Profiles\z51syl7h.default\extensions
[2012.12.03 23:16:39 | 000,000,000 | ---D | M] (Spartipps von SparPilot.com) -- C:\Users\Medion\AppData\Roaming\mozilla\Firefox\Profiles\z51syl7h.default\extensions\sparpilot@sparpilot.com
[2012.12.11 12:18:33 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Medion\AppData\Roaming\mozilla\firefox\profiles\z51syl7h.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2011.07.27 16:49:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
File not found (No name found) -- C:\USERS\MEDION\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\Z51SYL7H.DEFAULT\EXTENSIONS\SOFTWARE@LOADTUBES.COM
[2012.09.30 10:10:16 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.09.30 10:10:13 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.30 10:10:13 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.09.30 10:10:13 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.30 10:10:13 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.30 10:10:13 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.30 10:10:13 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\gcswf32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\npctrl.1.0.30401.0.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.95\gears.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: getPlusPlus for Adobe 162102 (Enabled) = C:\Program Files\NOS\bin\np_gp.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
 
O1 HOSTS File: ([2012.12.18 21:29:57 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-1782083187-3164884201-362571484-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Programme\GoogleEULA\EULALauncher.exe ( )
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKU\S-1-5-21-1782083187-3164884201-362571484-1001..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - Startup: C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Medion\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1782083187-3164884201-362571484-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1782083187-3164884201-362571484-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Medion\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\npjpi160_07.dll (Sun Microsystems, Inc.)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O15 - HKU\S-1-5-21-1782083187-3164884201-362571484-1001\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/DE/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{82CA42DF-4DA4-4380-B0B9-18728C41D813}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCFB50B4-B2EC-4C03-A7C6-60A690BFC64D}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Autumn Leaves.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.12.18 21:42:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2012.12.18 21:42:02 | 000,015,224 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2012.12.18 21:40:33 | 055,454,464 | ---- | C] (Safer-Networking Ltd.                                       ) -- C:\Users\Medion\Desktop\SpybotSD2_2.0.12.exe
[2012.12.18 21:36:35 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.18 21:32:00 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.12.18 21:21:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.18 21:21:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.18 21:21:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.18 21:21:34 | 000,000,000 | ---D | C] -- C:\ComboFix
[2012.12.18 21:03:51 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.18 21:03:34 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.18 20:56:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012.12.18 20:56:18 | 000,000,000 | ---D | C] -- C:\JRT
[2012.12.18 20:44:44 | 005,012,571 | R--- | C] (Swearware) -- C:\Users\Medion\Desktop\ComboFix.exe
[2012.12.18 20:42:26 | 000,496,299 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Medion\Desktop\JRT.exe
[2012.12.18 19:29:10 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Medion\Desktop\tdsskiller.exe
[2012.12.18 19:28:59 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Medion\Desktop\aswMBR.exe
[2012.12.18 19:11:22 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Medion\Desktop\OTL.exe
[2012.12.17 21:15:06 | 004,077,368 | ---- | C] (Piriform Ltd) -- C:\Users\Medion\Desktop\ccsetup325.exe
[2012.12.17 20:52:06 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\Malwarebytes
[2012.12.17 20:51:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.17 20:51:46 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.17 20:51:46 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.12.17 20:51:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.17 20:49:24 | 010,669,952 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Medion\Desktop\mbam-setup-1.65.1.1000.exe
[2012.12.11 20:29:12 | 000,000,000 | ---D | C] -- C:\found.000
[2012.12.03 23:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.12.03 23:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2012.12.03 22:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2012.12.02 22:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools
[2012.12.02 22:56:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2012.12.02 22:55:43 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.12.02 22:55:42 | 000,000,000 | ---D | C] -- C:\Users\Medion\AppData\Roaming\TestApp
[2012.12.02 22:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2012.12.02 22:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\B8C79D1A6DC657990000B8C6E4595D6D
[2012.11.25 10:36:10 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2012.11.25 10:36:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.11.25 10:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
 
========== Files - Modified Within 30 Days ==========
 
[2012.12.20 20:20:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.12.20 20:18:53 | 000,628,730 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.20 20:18:53 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.20 20:18:53 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.20 20:18:53 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.20 20:11:29 | 000,027,934 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.12.20 20:11:29 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.12.20 20:11:22 | 000,000,620 | ---- | M] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2012.12.20 20:10:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.20 20:10:58 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.20 20:10:57 | 000,000,616 | ---- | M] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012.12.20 20:10:57 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2012.12.20 20:10:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.20 20:10:48 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.18 21:42:08 | 000,001,962 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012.12.18 21:40:34 | 055,454,464 | ---- | M] (Safer-Networking Ltd.                                       ) -- C:\Users\Medion\Desktop\SpybotSD2_2.0.12.exe
[2012.12.18 21:29:57 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012.12.18 20:44:50 | 005,012,571 | R--- | M] (Swearware) -- C:\Users\Medion\Desktop\ComboFix.exe
[2012.12.18 20:42:34 | 000,496,299 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Medion\Desktop\JRT.exe
[2012.12.18 20:41:40 | 000,547,175 | ---- | M] () -- C:\Users\Medion\Desktop\adwcleaner.exe
[2012.12.18 19:29:16 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Medion\Desktop\tdsskiller.exe
[2012.12.18 19:29:01 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Medion\Desktop\aswMBR.exe
[2012.12.18 19:28:06 | 000,050,477 | ---- | M] () -- C:\Users\Medion\Desktop\Defogger.exe
[2012.12.18 19:11:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Medion\Desktop\OTL.exe
[2012.12.17 21:15:15 | 004,077,368 | ---- | M] (Piriform Ltd) -- C:\Users\Medion\Desktop\ccsetup325.exe
[2012.12.17 20:51:47 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.17 20:49:27 | 010,669,952 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Medion\Desktop\mbam-setup-1.65.1.1000.exe
[2012.12.15 09:06:14 | 000,000,956 | ---- | M] () -- C:\Users\Medion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.15 09:06:05 | 000,000,926 | ---- | M] () -- C:\Users\Medion\Desktop\Dropbox.lnk
[2012.12.14 21:07:40 | 000,000,000 | -H-- | M] () -- C:\Users\Medion\Documents\Default.rdp
[2012.12.12 21:23:52 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.12.11 20:19:19 | 000,342,624 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.11 17:36:02 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2012.12.11 17:36:02 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2012.11.25 10:36:10 | 000,001,880 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
 
========== Files Created - No Company Name ==========
 
[2012.12.18 21:42:14 | 000,000,446 | ---- | C] () -- C:\Windows\tasks\Scan the system (Spybot - Search & Destroy).job
[2012.12.18 21:42:13 | 000,000,620 | ---- | C] () -- C:\Windows\tasks\Check for updates (Spybot - Search & Destroy).job
[2012.12.18 21:42:13 | 000,000,616 | ---- | C] () -- C:\Windows\tasks\Refresh immunization (Spybot - Search & Destroy).job
[2012.12.18 21:42:08 | 000,001,974 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2012.12.18 21:42:08 | 000,001,962 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2012.12.18 21:21:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.18 21:21:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.18 21:21:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.18 21:21:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.18 21:21:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.18 20:41:32 | 000,547,175 | ---- | C] () -- C:\Users\Medion\Desktop\adwcleaner.exe
[2012.12.18 19:28:05 | 000,050,477 | ---- | C] () -- C:\Users\Medion\Desktop\Defogger.exe
[2012.12.17 20:51:47 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.16 11:16:31 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2012.12.14 21:07:40 | 000,000,000 | -H-- | C] () -- C:\Users\Medion\Documents\Default.rdp
[2012.03.22 18:14:01 | 000,000,000 | ---- | C] () -- C:\Users\Medion\AppData\Roaming\Default.PLS
[2011.09.25 19:06:10 | 000,006,144 | ---- | C] () -- C:\Users\Medion\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.08.30 20:52:48 | 000,007,592 | ---- | C] () -- C:\Users\Medion\AppData\Local\d3d9caps.dat
[2011.07.27 16:43:54 | 000,723,294 | ---- | C] () -- C:\Windows\unins000.exe
[2011.07.27 16:43:54 | 000,029,461 | ---- | C] () -- C:\Windows\unins000.dat
[2011.05.05 08:04:28 | 000,027,934 | ---- | C] () -- C:\ProgramData\nvModes.001
[2011.05.05 08:03:11 | 000,027,934 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2011.01.21 16:46:32 | 011,582,464 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.03.03 05:36:24 | 000,615,424 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.01.21 03:24:03 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.04.16 15:44:08 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Buhl Data Service
[2012.12.20 20:12:09 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Dropbox
[2012.07.19 18:15:59 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\DVDVideoSoft
[2011.07.27 16:44:58 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Easy MP3 Recorder
[2012.10.02 16:54:26 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\ICAClient
[2012.12.12 22:18:08 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Kaca
[2012.12.02 22:55:42 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\TestApp
[2011.06.26 23:46:22 | 000,000,000 | ---D | M] -- C:\Users\Medion\AppData\Roaming\Ulead Systems
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

Also, ich muss sagen seit dem ComboFix habe ich nichts Auffälliges gesehen.
Am Montag/Dienstag hatte der Trojaner noch versucht meinen Emailaccount zu knacken. Habe mein Passwort mehrmals ändern müssen, da mein Account immer wieder gesperrt war. Ich bin daher seit Dienstag nicht mehr über meinen Laptop in meine Emails gegangen. Werde das heute mal testen und schauen, ob der Trojaner noch aktiv ist. Wie kann ich denn sonst feststellen, ob das blöde Ding endlich weg ist?

LG
Nena

M-K-D-B · 21.12.2012, 19:53

Servus,

der GVU Trojaner ist weg.

Wir entfernen noch ein paar Adware-Reste und kontrollieren nochmal:

Schritt 1

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
IE - HKU\S-1-5-21-1782083187-3164884201-362571484-1001\..\SearchScopes\{7749714D-2421-495C-8BC6-79F282972572}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-4&o=APN10267&src=crm&q={searchTerms}&locale=de_NL&apn_ptnrs=^AGY&apn_dtid=^YYYYYY^YY^NL&apn_uid=4556130e-ce79-42ac-a969-c17c1f27271f&apn_sauid=1D5B52F2-B71A-4C13-A79C-4FAFC0803E24
FF - prefs.js..extensions.enabledAddons: software@loadtubes.com:1.01

:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Starte Malwarebytes' Anti-Malware, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4
Downloade Dir bitte SecurityCheck

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS- Box.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Wenn der Scan beendet wurde sollte sich ein Textdokument ( checkup.txt ) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei von OTL,
die Logdatei von MBAM,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

Nena83 · 22.12.2012, 12:10

Hallo Matthias,

hier die Ergebnisse.

Und wie siehts aus?

M-K-D-B · 22.12.2012, 12:43

Servus,

Wenn du keine Probleme mehr hast, dann sind wir hier fertig. Deine Logdateien sind sauber.

Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.

Schritt 1
Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.

Downloade dir bitte die neueste Java-Version von hier
Speichere die jxpiinstall.exe
Schließe alle laufenden Programme. Speziell deinen Browser.
Starte die jxpiinstall.exe. Diese wird den Installer für die neueste Java Version ( Java 7 Update 10 ) herunter laden.
Entferne den Haken bei "Installieren Sie die Ask-Toolbar ..." während der Installation.
Wenn die Installation beendet wurde
Start --> Systemsteuerung --> Programme und deinstalliere alle älteren Java Versionen.
Starte deinen Rechner neu sobald alle älteren Versionen deinstalliert wurden.

Nach dem Neustart

Öffne erneut die Systemsteuerung --> Programme und klicke auf das Java Symbol.
Im Reiter Allgemein, klicke unter Temporäre Internetdateien auf Einstellungen.
Klicke auf Dateien löschen....
Gehe sicher das überall ein Haken gesetzt ist und klicke OK.
Klicke erneut OK.

schneller Plugin-Test: PluginCheck

Schritt 2
Deine Version von Adobe Flash Player ist veraltet.
Bitte folge diesen Schritte, um Adobe Flash zu aktualisieren:

Bitte besuche diese Seite von Adobe.
Wähle dein Betriebssystem und deinen Internetbrowser ("Internet Explorer" oder "other" für Firefox zum Beispiel)
Deaktiviere gegebenenfalls den Haken vor Google Chrome bzw. McAfee Security Scan.
Installiere die neuste Version auf deinem Computer.

Schritt 3
Deinstalliere bitte deine aktuelle Version von Adobe Reader
Start--> Systemsteuerung--> Software / Programme deinstallieren--> Adobe Reader
und lade dir die neue Version von Hier herunter-
Entferne den Hacken für den McAfee SecurityScan bzw. Google Chrome.

Schritt 4

Klicke auf > Hilfe > Über Firefox
Warte bis das Update geladen ist, klicke auf Update installieren und lasse Firefox neu starten.
Prüfe bitte, ob weitere Updates vorliegen oder ob Firefox aktuell ist.
Klicke nun auf > Add-ons > > Auf Updates überprüfen
Nach einem weiteren Neustart von Firefox sollte alles aktuell sein.

Prüfe bitte auch (regelmässig) ob folgende Links fehlende Updates bei deinen Plugins zeigen:

Schritt 5
Starte DeFogger und klicke auf Re-enable.
Gegebenenfalls muss dein Rechner neu gestartet werden.

Schritt 6
Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Windows-Taste + R drücke. Kopiere nun folgende Zeile in die Kommandozeile und klicke OK.

Code:

ATTFilter

Combofix /Uninstall

Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch aus dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.

Schritt 7
Downloade dir bitte delfix auf deinen Desktop.

Schließe alle offenen Programme.
Starte die delfix.exe mit einem Doppelklick.
Klicke auf Löschen.
Schließe die sich öffnende Textdatei.
Klicke abschließend auf Deinstallation.
Bestätige mit Ja.
Starte deinen Rechner neu auf!

Schritt 8

Starte Spybot S&D => stelle im Menü "Modus" den "Erweiterten Modus" ein
Klicke dann links unten auf "Werkzeuge"
Klicke auf "Resident"
Das Häkchen bei Resident "TeaTimer" hinzufügen(Schutz aller Systemeinstellungen)
Spybot Search&Destroy schließen
Rechner neu starten.
Bebilderte Anleitung.

Schritt 9
Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles, nur weil es Dich dazu auffordert und schön bunt ist.
Verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe.

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann.

M-K-D-B · 23.12.2012, 11:27

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

23.12.2012, 11:27	#12
M-K-D-B /// TB-Ausbilder	GVU-Trojaner Fehler beim Laden wpbt0.dll Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen.

GVU-Trojaner Fehler beim Laden wpbt0.dll

Log-Analyse und Auswertung: GVU-Trojaner Fehler beim Laden wpbt0.dll