Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglich

denkgeräusch · 07.04.2013, 15:38

Hallo Zusammen,

Nach einiger Recherche und Gesprächen mit Freunden, die leider sehr verschiedene Tipps und Ideen für mich hatten, habe ich beschlossen, mein Problem hier im Forum zu veröffentlichen.

Vor ca vier Wochen habe ich mein System mal wieder neu aufgesetzt, weil meine Systempartition zu klein bemessen war.
Natürlich habe ich im neu aufgesetzten System erstmal Avira Free Antivirus installiert, dann Firefox und was man halt sonst noch so braucht. Danach habe ich für einige Programme die alten AppData ins neue System kopiert, um z.B. bei Firefox das bewährte und gewohnte Profil weiter verwenden zu können.

Daraufhin habe ich dann Stück für Stück meine Dokumente etc. auf die neue Systemplatte kopiert. Auf Partitionierung habe ich verzichtet, nachdem Win7 schon ein paar mal deutlich mehr Speicher gefressen hat, wie ich bei der Partitionierung zunächst angenommen hatte…

Recht bald fiel mir auf, dass bei der Installation von Programmen immer wieder Fehlermeldungen auftraten. (zuletzt bei der NokiaSuite, die ich natürlich direkt vom Hersteller runtergeladen hatte). Im weiteren Verlauf hatte ich, wenn ich mich richtig erinnere, mal einen Bluescreen, bis dann die Fehlermeldung kam, dass meine Festplatte defekt sei und ich sofort ein Backup durchführen soll, um Datenverlust zu vermeiden. Mit Hilfe der Backupfunktion von Windows7 habe ich dann versucht meine Daten auf der Festplatte zu sichern, auf der auch schon die alten Sicherungen meiner Fotos/Videos/Musik/Dokumente liegen. Leider brach das Backup immer wieder ab. Daraufhin habe ich die wichtigen Dateien manuell auf diese Platte kopiert.

Irgendwann wurde ich dann aber doch ein bisschen misstrauisch… Die Festplatte funktionierte ja an sich einwandfrei und es hatte ja auch schon zuvor Probleme mit Installationen gegeben. Also machte ich mich über Google auf die Suche nach möglichen Zusammenhängen mit einem Virus o.ä.. Dabei stieß ich dann auf das Programm Malwarebytes, welches mir folgende Funde brachte:

Log von Malwarebytes:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.03.15.06

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: **** [administrator]

15.03.2013 15:34:26
mbam-log-2013-03-15 (15-34-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 226927
Time elapsed: 2 minute(s), 32 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Users\***\Local Settings\Temporary Internet Files\Content.IE5\G6PYER3T\WORLD_21_target_5830[1].exe (PUP.Adware.Agent) -> Quarantined and deleted successfully.

(end)

Ich stellte die Funde unter Quarantäne und trennte die WLAN Verbindung. Mangels Zeit habe ich mich dann mit dem Thema erstmal nicht mehr beschäftigt und den PC einfach aus gelassen und mit meinem Netbook gearbeitet. Nun brauche ich aber meinen PC doch wieder dringend und wäre daher um Hilfe außerordentlich dankbar!!!

Ich erlaube mir mal, gleich ein paar konkrete Fragen zu stellen:

PUM werden doch idR entweder versehentlich durch den Nutzer oder durch einen Virus/Trojaner etc hervorgerufen. Wie finde ich also diesen Auslöser für die PUM?

Was habe ich konkret zu befürchten? Was macht PUM.Hijack.StartMenu?
Wie kann sich ein Virus ausbreiten? Welche Dateien können welche Dateien wie infizieren? Ist es auszuschließen, dass die vermutlich verseuchten Dateien auf der BackupHDD die noch sauberen alten Backups auch verschmutzt haben? Das wäre ja eine Kathastrophe, da ich dann kein sauberes Backup mehr hätte!!

Ich werde mein System sicherheitshalber auf jeden Fall neu aufsetzen. Die hauptsächliche Frage ist also: Wie vermeide ich es, den Virus oder was auch immer ich mir eingefangen habe auf das neue System mitzunehmen?

Hier die restlichen Logs:

Code:

ATTFilter

OTL logfile created on: 06.04.2013 19:09:18 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = L:\
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,04 Gb Available Physical Memory | 76,10% Memory free
7,99 Gb Paging File | 6,78 Gb Available in Paging File | 84,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 775,38 Gb Free Space | 83,25% Space Free | Partition Type: NTFS
Drive D: | 686,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive L: | 7,62 Gb Total Space | 7,54 Gb Free Space | 98,99% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.05 15:06:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- L:\OTL.exe
PRC - [2013.03.04 18:21:34 | 000,213,384 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe
PRC - [2013.02.27 13:19:08 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.27 13:18:57 | 000,385,248 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.02.27 13:18:57 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.10.10 22:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.10.02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.07.13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2012.06.07 10:17:26 | 001,987,520 | ---- | M] (PANTERASoft) -- C:\Program Files (x86)\HDD Health\hddhealth.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.03.13 01:37:19 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.08 14:12:02 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.27 13:19:08 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.27 13:18:57 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.10.10 22:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 14:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.07.13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2012.06.07 10:17:28 | 000,072,640 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\HDD Health\HDDHealthService.exe -- (HDDHealth)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.04 18:41:58 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2013.02.27 13:19:14 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.02.27 13:19:14 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.02.27 13:19:14 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.02.07 13:42:52 | 002,201,120 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:20 | 000,278,016 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1e6032e.sys -- (e1express)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB 3D BA 98 1F 20 CE 01  [binary data]
IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/home.php?sk=bd"
FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: %7B152455DE-7B40-4bcf-B5B4-C68A1BE85A91%7D:2.7
FF - prefs.js..extensions.enabledAddons: %7B4568ed01-8341-4961-b3d5-98ab068ce4c0%7D:1.0.1.6
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B45d8ff86-d909-11db-9705-005056c00008%7D:1.1.0
FF - prefs.js..extensions.enabledAddons: %7Bd91a2be6-3b56-4dfb-97f5-5e48fe3ed473%7D:1.0
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.5
FF - prefs.js..extensions.enabledAddons: addon%40snip-me.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5
FF - prefs.js..extensions.enabledItems: {4568ed01-8341-4961-b3d5-98ab068ce4c0}:1.0.1.6
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {152455DE-7B40-4bcf-B5B4-C68A1BE85A91}:2.6.9
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {336f36f7-72b2-4314-984a-ae7cac4b7328}:0.9
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {de1b245c-de57-11da-ba2d-0050c2490048}:1.0.8
FF - prefs.js..extensions.enabledItems: maps@ovi.com:4.0.12.12
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: de_DE@dicts.j3e.de:20110321
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.99
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "83.137.26.25"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "83.137.26.25"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "83.137.26.25"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "83.137.26.25"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "83.137.26.25"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 14:12:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 14:12:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 14:12:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 14:12:00 | 000,000,000 | ---D | M]
 
[2013.02.27 13:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions
[2013.03.08 13:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions
[2013.02.27 13:15:26 | 000,000,000 | ---D | M] (Domain Details) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91}
[2013.02.27 13:15:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.02.27 13:15:26 | 000,000,000 | ---D | M] (MinimizeToTray) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{31513E58-F253-47ad-86DB-D5F21E905429}
[2013.02.27 13:15:26 | 000,000,000 | ---D | M] (Extended Cookie Manager) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{336f36f7-72b2-4314-984a-ae7cac4b7328}
[2013.02.27 13:15:26 | 000,000,000 | ---D | M] ("Cookie Manager Button") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{4568ed01-8341-4961-b3d5-98ab068ce4c0}
[2013.02.27 13:15:26 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2013.02.27 13:15:27 | 000,000,000 | ---D | M] (Boss Key) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{A2049DEF-A235-488f-878C-B41F8071FA9C}
[2013.02.27 13:15:27 | 000,000,000 | ---D | M] (Skype Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2013.02.27 13:15:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.02.27 18:38:49 | 000,000,000 | ---D | M] (CSHelper) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473}
[2013.02.27 13:15:29 | 000,000,000 | ---D | M] (MinimizeToTray Plus) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
[2013.02.27 13:15:29 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2013.02.27 13:15:29 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2013.02.27 13:15:23 | 000,000,000 | ---D | M] ("Astroburn Toolbar") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\AstroToolbar@toolbarnet.com
[2013.02.27 13:15:24 | 000,000,000 | ---D | M] (WÃ¶rterbuch Deutsch (de-DE), Hunspell-unterstÃ¼tzt) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\de_DE@dicts.j3e.de
[2013.02.27 13:15:24 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2013.02.27 13:15:24 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2013.02.27 13:15:24 | 000,000,000 | ---D | M] (Ovi maps browser plugin) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\maps@ovi.com
[2013.02.27 13:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\nostmp
[2013.02.27 13:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions
[2013.02.27 13:15:36 | 000,000,000 | ---D | M] (Domain Details) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91}
[2013.02.27 13:15:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.02.27 13:15:36 | 000,000,000 | ---D | M] (MinimizeToTray) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{31513E58-F253-47ad-86DB-D5F21E905429}
[2013.02.27 13:15:36 | 000,000,000 | ---D | M] (Extended Cookie Manager) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{336f36f7-72b2-4314-984a-ae7cac4b7328}
[2013.02.27 13:15:37 | 000,000,000 | ---D | M] ("Cookie Manager Button") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{4568ed01-8341-4961-b3d5-98ab068ce4c0}
[2013.02.27 13:15:37 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2013.02.27 13:15:37 | 000,000,000 | ---D | M] (Boss Key) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{A2049DEF-A235-488f-878C-B41F8071FA9C}
[2013.02.27 13:15:37 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2013.02.27 13:15:38 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2013.02.27 13:15:38 | 000,000,000 | ---D | M] (Skype Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2013.02.27 13:15:38 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2013.02.27 13:15:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2013.02.27 13:15:39 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2013.02.27 13:15:39 | 000,000,000 | ---D | M] (MinimizeToTray Plus) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
[2011.11.23 21:29:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2013.02.27 13:15:39 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2013.02.27 13:15:34 | 000,000,000 | ---D | M] (WÃ¶rterbuch Deutsch (de-DE), Hunspell-unterstÃ¼tzt) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\de_DE@dicts.j3e.de
[2013.02.27 13:15:34 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\de-DE@dictionaries.addons.mozilla.org
[2013.02.27 13:15:34 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\en-GB@dictionaries.addons.mozilla.org
[2013.02.27 13:15:34 | 000,000,000 | ---D | M] (Ovi maps browser plugin) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\maps@ovi.com
[2013.02.27 13:15:35 | 000,000,000 | ---D | M] (Personas) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default - Copy\extensions\personas@christopher.beard
[2013.03.08 13:00:34 | 000,014,855 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\addon@snip-me.de.xpi
[2012.09.29 16:35:08 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\amznUWL2@amazon.com.xpi
[2013.02.27 13:34:36 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\firebug@software.joehewitt.com.xpi
[2013.03.06 19:32:28 | 000,386,363 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\personas@christopher.beard.xpi
[2011.08.15 13:10:19 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\tineye@ideeinc.com.xpi
[2013.02.27 18:12:25 | 000,060,243 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi
[2013.03.04 10:45:11 | 000,872,587 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012.12.30 14:44:40 | 000,377,738 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2012.09.07 11:31:59 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2013.02.18 01:16:30 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.11.09 16:29:30 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\****.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013.03.08 14:12:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.03.08 14:12:02 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2013.02.16 06:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.16 06:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.16 06:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.16 06:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.16 06:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.16 06:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3828931173-708998927-2660071039-1000..\Run: [hddhealth] C:\Program Files (x86)\HDD Health\hddhealth.exe (PANTERASoft)
O4 - HKU\S-1-5-21-3828931173-708998927-2660071039-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3828931173-708998927-2660071039-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D9FD9D6-7659-4DE0-B48B-723F23AA1821}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.01.14 16:18:53 | 000,000,000 | ---D | M] - D:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2002.09.10 01:01:35 | 000,151,552 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2002.08.29 03:14:48 | 000,000,051 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{f698b4c9-7f6a-11e2-a16b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f698b4c9-7f6a-11e2-a16b-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Autorun.exe -- [2002.09.10 01:01:35 | 000,151,552 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.15 16:33:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.03.15 16:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.15 16:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.15 16:33:49 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.15 16:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.15 16:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
[2013.03.15 16:22:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2013.03.15 16:15:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.03.15 16:14:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Health
[2013.03.15 16:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HDD Health
[2013.03.13 21:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2013.03.13 21:10:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opera
[2013.03.13 21:10:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Opera
[2013.03.13 21:10:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2013.03.11 22:10:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LightScribe Template Labeler
[2013.03.11 22:00:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LightScribe Diagnostic Utility
[2013.03.11 21:31:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2013.03.11 21:31:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2013.03.11 21:26:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2013.03.11 21:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2013.03.11 21:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2013.03.11 12:26:58 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Nero
[2013.03.11 12:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2013.03.11 11:46:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2013.03.10 16:39:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.03.10 15:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2013.03.09 15:35:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2013.03.09 15:04:01 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.03.09 15:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenOffice.org 3
[2013.03.09 14:59:46 | 000,000,000 | ---D | C] -- C:\Users\***\OpenOffice.org 3.4.1 (de) Installation Files
[2013.03.08 14:11:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.06 19:08:06 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.04.06 19:04:51 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.06 19:04:51 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.06 19:04:51 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.06 18:57:29 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.06 18:57:29 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.06 18:50:24 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.06 18:49:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.06 18:49:54 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.03 22:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.03 22:26:20 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.15 16:22:14 | 000,002,453 | ---- | M] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2013.03.15 16:14:22 | 000,001,044 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk
[2013.03.14 13:33:35 | 392,124,162 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.13 20:57:30 | 001,298,285 | ---- | M] () -- C:\Users\***\Documents\side by side.jpg
[2013.03.13 20:56:51 | 000,000,770 | ---- | M] () -- C:\Users\***\Documents\nokia side by side backup.reg
[2013.03.13 16:00:18 | 000,023,789 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2013.03.13 15:33:06 | 016,318,104 | ---- | M] () -- C:\Users\***\Documents\landscape.xcf
[2013.03.12 16:05:38 | 000,000,408 | ---- | M] () -- C:\Users\***\AppData\Roaming\CamShapes.ini
[2013.03.12 16:05:38 | 000,000,408 | ---- | M] () -- C:\Users\***\AppData\Roaming\CamLayout.ini
[2013.03.12 16:05:38 | 000,000,100 | ---- | M] () -- C:\Users\***\AppData\Roaming\Camdata.ini
[2013.03.12 15:43:16 | 000,004,416 | ---- | M] () -- C:\Users\***\AppData\Roaming\CamStudio.cfg
[2013.03.11 22:07:13 | 000,651,108 | ---- | M] () -- C:\Users\***\Documents\nero cover designer light scribe.jpg
[2013.03.10 14:48:36 | 000,000,000 | -H-- | M] () -- C:\Users\***\Documents\Default.rdp
[2013.03.09 17:08:58 | 000,294,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.09 15:35:51 | 000,001,235 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
 
========== Files Created - No Company Name ==========
 
[2013.04.06 19:08:06 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.03.15 16:22:14 | 000,002,453 | ---- | C] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2013.03.15 16:14:22 | 000,001,044 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk
[2013.03.13 21:10:32 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2013.03.13 20:57:30 | 001,298,285 | ---- | C] () -- C:\Users\***\Documents\side by side.jpg
[2013.03.13 20:56:51 | 000,000,770 | ---- | C] () -- C:\Users\***\Documents\nokia side by side backup.reg
[2013.03.13 16:00:18 | 000,023,789 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2013.03.13 15:33:06 | 016,318,104 | ---- | C] () -- C:\Users\***\Documents\landscape.xcf
[2013.03.12 13:52:57 | 000,000,408 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamShapes.ini
[2013.03.12 13:52:57 | 000,000,408 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamLayout.ini
[2013.03.12 13:52:57 | 000,000,100 | ---- | C] () -- C:\Users\***\AppData\Roaming\Camdata.ini
[2013.03.12 13:52:30 | 000,004,416 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamStudio.cfg
[2013.03.11 22:07:13 | 000,651,108 | ---- | C] () -- C:\Users\***\Documents\nero cover designer light scribe.jpg
[2013.03.10 14:48:36 | 000,000,000 | -H-- | C] () -- C:\Users\***\Documents\Default.rdp
[2013.03.09 15:35:51 | 000,001,235 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.03.01 13:38:10 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2013.03.01 13:29:36 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2013.02.27 19:24:20 | 000,348,160 | ---- | C] () -- C:\Windows\Adac-Luftrettung 3D Uninstall.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.04.06 18:50:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox
[2013.03.07 17:39:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2013.03.07 18:42:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\JAM Software
[2013.03.09 15:35:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org
[2013.03.13 21:10:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2013.03.11 12:14:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TrueCrypt
 
========== Purity Check ==========
 
 

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 06.04.2013 19:09:19 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = L:\
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 3,04 Gb Available Physical Memory | 76,10% Memory free
7,99 Gb Paging File | 6,78 Gb Available in Paging File | 84,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 775,38 Gb Free Space | 83,25% Space Free | Partition Type: NTFS
Drive D: | 686,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive L: | 7,62 Gb Total Space | 7,54 Gb Free Space | 98,99% Space Free | Partition Type: NTFS
 
Computer Name: **** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3828931173-708998927-2660071039-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C8FDDCC-8E15-4ABF-A2C6-18A19C801F8C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2DB14E80-315E-4D1D-B8E3-81FA07B29A68}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2E67C0D2-B262-429E-97D8-91FC66593C86}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5DCBE1A2-D0CA-41EA-8D62-BF762EFC6D2D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5FC01A0F-F696-4094-A5F4-77B1A80CF75D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{720AEE72-DB24-4C17-8FA3-F98AEE95F823}" = lport=445 | protocol=6 | dir=in | app=system | 
"{883FBF84-144F-4026-A64D-8541BE1CF984}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8D16048C-3032-4D8B-9A32-0ECB0B3F29BA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{96D9EED2-E708-45A9-9C2F-E9226F238381}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B44D856F-4B7B-4516-9FAE-9DD906F8B191}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D8275260-EF70-4D69-A5C4-40347FDE2266}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E5C0794D-C95C-4177-B843-DFE7A93490F3}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{39EBF40A-537F-45E1-B1B0-CF783F5E0692}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{46A86B38-3E0F-42BB-B231-7DC577D77D54}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{64D7695B-2689-4FFA-933B-201A9C12FBA1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6B8EF90E-85DA-4D16-9ED6-1744B995C3EE}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8B30128F-53B8-486E-8550-22388B2FBC30}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A332CBCA-F3C5-426D-9BBD-5047D9AEF69D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B78461B1-860F-48FA-808E-CDC61508AB2C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D3CC93B3-A64F-4DFD-89C8-C36E6E5A3779}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{12F74896-A54E-43F4-8636-9A6E3FABF26A}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{B20DDDBF-3122-47B6-843C-B89D56988B2D}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{2973634A-BBBB-4AE0-97EB-F0E9888F81A0}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{8C9BA50D-3063-4A05-9DDE-A6E34DC4DF50}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"GIMP-2_is1" = GIMP 2.8.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{35F59E66-CAA0-4585-8DC4-037A04717FCF}" = Nero CoverDesigner
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3DD8DC4E-B908-4CC6-9F42-ACEF950D8797}" = LightScribe Template Labeler
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4E52D627-F326-40DB-A74F-8C91BA6D88C6}" = Nero CoverDesigner
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{8F311E92-C29F-4DF9-8259-B739A1831669}_is1" = SUPER © v2012.build.54 (Nov 18, 2012) version v2012.build.54
"{90538B62-F392-4DE1-B886-7B48123866E9}" = LightScribe System Software
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C7C04AB-4B97-49DB-88A0-454795349008}" = Nero CoverDesigner Help (CHM)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{DB680033-BB0B-4EE5-B625-B4F6B130617A}" = LightScribe Diagnostic Utility
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ADACLuftrettung3D" = ADAC Luftrettung 3D
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"HDD Health_is1" = HDD Health v4.2
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 12.14.1738" = Opera 12.14
"TreeSize Free_is1" = TreeSize Free V2.7
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 2.0.5
"Winamp" = Winamp
"WinMerge_is1" = WinMerge 2.14.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3828931173-708998927-2660071039-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.03.2013 15:44:17 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Faulting application name: Nokia_Suite_webinstaller_ALL (1).exe, version:
 3.7.22.0, time stamp: 0x50642f2d  Faulting module name: Nokia_Suite_webinstaller_ALL
 (1).exe, version: 3.7.22.0, time stamp: 0x50642f2d  Exception code: 0xc0000005  Fault
 offset: 0x011ead7c  Faulting process id: 0xec8  Faulting application start time: 0x01ce202325a37391
Faulting
 application path: C:\Users\***\Downloads\Nokia_Suite_webinstaller_ALL (1).exe  Faulting
 module path: C:\Users\***\Downloads\Nokia_Suite_webinstaller_ALL (1).exe  Report 
Id: 63ff3a31-8c16-11e2-8f62-0021856a07e2
 
Error - 13.03.2013 15:49:28 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Faulting application name: Nokia_Suite_webinstaller_ALL.exe, version:
 3.7.22.0, time stamp: 0x50642f2d  Faulting module name: Nokia_Suite_webinstaller_ALL.exe,
 version: 3.7.22.0, time stamp: 0x50642f2d  Exception code: 0xc0000005  Fault offset:
 0x011ead7c  Faulting process id: 0x1398  Faulting application start time: 0x01ce2023de99e7ad
Faulting
 application path: C:\Users\***\Downloads\Nokia_Suite_webinstaller_ALL.exe  Faulting
 module path: C:\Users\***\Downloads\Nokia_Suite_webinstaller_ALL.exe  Report Id: 
1cf53ada-8c17-11e2-8f62-0021856a07e2
 
Error - 13.03.2013 15:49:36 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Faulting application name: Nokia_Suite_webinstaller_ALL (1).exe, version:
 3.7.22.0, time stamp: 0x50642f2d  Faulting module name: Nokia_Suite_webinstaller_ALL
 (1).exe, version: 3.7.22.0, time stamp: 0x50642f2d  Exception code: 0xc0000005  Fault
 offset: 0x011ead7c  Faulting process id: 0x74c  Faulting application start time: 0x01ce2023e4313426
Faulting
 application path: C:\Users\***\Downloads\Nokia_Suite_webinstaller_ALL (1).exe  Faulting
 module path: C:\Users\***\Downloads\Nokia_Suite_webinstaller_ALL (1).exe  Report 
Id: 21ff39dc-8c17-11e2-8f62-0021856a07e2
 
Error - 14.03.2013 12:11:54 | Computer Name = *** | Source = Microsoft-Windows-Backup | ID = 517
Description = The backup operation that started at '2013-03-14T14:41:42.473168900Z'
 has failed with following error code '2155348000' (%%2155348000). Please review
 the event details for a solution, and then rerun the backup operation once the 
issue is resolved.
 
Error - 14.03.2013 12:11:55 | Computer Name = *** | Source = Windows Backup | ID = 4104
Description = 
 
Error - 15.03.2013 10:07:32 | Computer Name = *** | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe_WinDefend, version: 6.1.7600.16385,
 time stamp: 0x4a5bc3c1  Faulting module name: mpengine.dll, version: 1.1.9203.0, 
time stamp: 0x51144572  Exception code: 0xc0000006  Fault offset: 0x000000000023e0d5
Faulting
 process id: 0xcb4  Faulting application start time: 0x01ce2185d9e0fd9d  Faulting application
 path: C:\Windows\System32\svchost.exe  Faulting module path: C:\ProgramData\Microsoft\Windows
 Defender\Definition Updates\{D03A10C2-3FC5-4F8C-B34C-FDDFD4D19646}\mpengine.dll
Report
 Id: ad4655f9-8d79-11e2-a504-0021856a07e2
 
Error - 15.03.2013 10:07:32 | Computer Name = *** | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\ProgramData\Microsoft\Windows Defender\Scans\mpcache-61C7BA79A3BCE214C40DDA935D501D44FC1C9BBC.bin.VE0
 for one of the following reasons:  there is a problem with the network connection,
 the disk that the file is stored on, or the storage  drivers installed on this computer;
 or the disk is missing.  Windows closed the program Host Process for Windows Services
 because of this error.    Program: Host Process for Windows Services  File: C:\ProgramData\Microsoft\Windows
 Defender\Scans\mpcache-61C7BA79A3BCE214C40DDA935D501D44FC1C9BBC.bin.VE0    The error
 value is listed in the Additional Data section.  User Action  1. Open the file again.
This
 situation might be a temporary problem that corrects itself when the program runs
 again.  2.  If the file still cannot be accessed and   - It is on the network,  your network
 administrator should verify that there is not a problem with the network and that
 the server can be contacted.   - It is on a removable disk, for example, a floppy 
disk or CD-ROM, verify that the disk is fully inserted into the computer.  3. Check
 and repair the file system by running CHKDSK. To run CHKDSK, click Start, click
 Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F, and then
 press ENTER.  4. If the problem persists, restore the file from a backup copy.  5. 
Determine whether other files on the same disk can be opened. If not, the disk might
 be damaged. If it is a hard disk, contact your administrator or computer hardware
 vendor for  further assistance.    Additional Data  Error value: C0000185  Disk type: 3
 
Error - 15.03.2013 10:22:46 | Computer Name = *** | Source = VSS | ID = 12305
Description = 
 
Error - 15.03.2013 10:22:47 | Computer Name = *** | Source = Avira Antivirus | ID = 4118
Description = AUSNAHMEFEHLER beim Aufruf der Funktion AVEPROC_TestFile() für die
 Datei  C:\Program Files (x86)\Seagate\SeaTools for Windows\SeaTools for Windows.en-US.pdf.

 [IN_PAGE_ERROR Exception!! EIP = 0x6495f4]   Bitte Avira informieren und die obige
 Datei übersenden!
 
Error - 03.04.2013 10:20:59 | Computer Name = *** | Source = Windows Backup | ID = 4103
Description = 
 
[ System Events ]
Error - 03.04.2013 10:19:41 | Computer Name = *** | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 03.04.2013 10:19:41 | Computer Name = *** | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 03.04.2013 10:19:41 | Computer Name = *** | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 03.04.2013 10:19:41 | Computer Name = *** | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 03.04.2013 10:19:41 | Computer Name = *** | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 03.04.2013 10:19:41 | Computer Name = *** | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 03.04.2013 10:19:41 | Computer Name = *** | Source = atapi | ID = 262155
Description = The driver detected a controller error on \Device\Ide\IdePort0.
 
Error - 03.04.2013 16:55:27 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Update Service Daemon service terminated unexpectedly. 
 It has done this 1 time(s).
 
Error - 03.04.2013 16:56:14 | Computer Name = *** | Source = Service Control Manager | ID = 7034
Description = The Adobe Acrobat Update Service service terminated unexpectedly. 
 It has done this 1 time(s).
 
Error - 06.04.2013 12:50:18 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the HDDHealth
 service to connect.
 
 
< End of report >

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-06 20:03:02
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HD103SI rev.1AG01118 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\***\AppData\Local\Temp\uwldypow.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                 0000000074e31465 2 bytes [E3, 74]
.text   C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1760] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                0000000074e314bb 2 bytes [E3, 74]
.text   ...                                                                                                                                      * 2
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000074e31465 2 bytes [E3, 74]
.text   C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[1556] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000074e314bb 2 bytes [E3, 74]
.text   ...                                                                                                                                      * 2

---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [2500:1448]                                                                                              000007fef1789688

---- EOF - GMER 2.1 ----

Vielen Dank schonmal im Voraus!

Grüße
Denkgeräusch

cosinus · 08.04.2013, 12:04

Hallo und

Zitat:

64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation

Warum hast du eine Professional-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?

Hast du noch weitere Logs (mit Funden)? Ist dein Virenscanner jemals fündig geworden?

Malwarebytes und/oder andere Virenscanner?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

denkgeräusch · 08.04.2013, 14:02

Hi!

Danke für Deine Antwort!

Ich nutze den PC als Heimanwender. Hat 64bit Win7Pro denn irgendwelche Nachteile?

Weitere Logs mit Funden habe ich leider nicht. Virenscanner (Avira Free Antivir) ist bislang nicht fündig geworden. Das System wurde ja auch erst vor einem Monat neu aufgesetzt und dann insgesamt eine gute Woche verwendet...
Auf dem alten System habe ich regelmäßig Scans mit Avira gemacht (stets ohne Funde), Malwarebytes kannte ich da leider noch nicht

Wie gesagt: ich werde das System sicherheitshalber so oder so neu aufsetzen und überlege auch gerade, zu Linux zu wechseln. Die Frage ist für mich vor allem, wie schlimm eine mögliche Infizierung diverser Dokumente/Fotos etc sein kann und ob meine Backups verseucht sind. Wenn das irgendwie auszuschließen ist, wird gesichert, formatiert und neu installiert. Aber ich fürchte eben, dass das nicht so einfach ist, ohne sich den Dreck aufs neue System gleich mitzunehmen...

cosinus · 08.04.2013, 14:40

Zitat:

Ich nutze den PC als Heimanwender. Hat 64bit Win7Pro denn irgendwelche Nachteile?

Darum geht es nicht, ich wollte wissen warum du ein Win7-Professionell installiert hast. SO ungewöhnlich ist diese Edition zwar nicht, aber für den Heimgebrauch reicht Home Premium, normalerweise ist auch eine Home-Edititon vorinstalliert. Deswegen taucht die Frage bei mir auf, warum du ein Professional Windows installiert hast.

denkgeräusch · 08.04.2013, 15:03

Achso, ok. Das ist von der Uni... :-)

edit:
Der Rechner ist schon ein bisschen älter - ursprünglich war mal win vista 32bit vorinstalliert...

cosinus · 08.04.2013, 15:49

Ok, danke für die Erklärung!

Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten

MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

denkgeräusch · 08.04.2013, 16:59

Hi!

Habe mich bemüht, alle Anweisungen genau zu befolgen.
Es folgen die drei erbetenen logs:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org

Database version: v2013.04.08.04

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: **** [administrator]

08.04.2013 17:22:08
mbar-log-2013-04-08 (17-22-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 28114
Time elapsed: 5 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Code:

ATTFilter

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-08 17:40:37
-----------------------------
17:40:37.775    OS Version: Windows x64 6.1.7600 
17:40:37.775    Number of processors: 2 586 0x1706
17:40:37.775    ComputerName: ****  UserName: ***
17:40:39.210    Initialize success
17:42:08.403    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
17:42:08.403    Disk 0 Vendor: SAMSUNG_HD103SI 1AG01118 Size: 953869MB BusType: 11
17:42:08.481    Disk 0 MBR read successfully
17:42:08.481    Disk 0 MBR scan
17:42:08.481    Disk 0 Windows 7 default MBR code
17:42:08.497    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
17:42:08.512    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       953767 MB offset 206848
17:42:08.512    Disk 0 scanning C:\Windows\system32\drivers
17:42:11.944    Service scanning
17:42:20.072    Modules scanning
17:42:20.072    Disk 0 trace - called modules:
17:42:20.103    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
17:42:20.103    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004938060]
17:42:20.119    3 CLASSPNP.SYS[fffff8800192543f] -> nt!IofCallDriver -> [0xfffffa80047dd170]
17:42:20.119    5 ACPI.sys[fffff88000f30781] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80047bc060]
17:42:20.134    Scan finished successfully
17:42:40.672    Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat"
17:42:40.687    The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt"

Code:

ATTFilter

17:44:00.0181 3680  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:44:00.0197 3680  ============================================================
17:44:00.0197 3680  Current date / time: 2013/04/08 17:44:00.0197
17:44:00.0197 3680  SystemInfo:
17:44:00.0197 3680  
17:44:00.0197 3680  OS Version: 6.1.7600 ServicePack: 0.0
17:44:00.0197 3680  Product type: Workstation
17:44:00.0197 3680  ComputerName: ****
17:44:00.0197 3680  UserName: ***
17:44:00.0197 3680  Windows directory: C:\Windows
17:44:00.0197 3680  System windows directory: C:\Windows
17:44:00.0197 3680  Running under WOW64
17:44:00.0197 3680  Processor architecture: Intel x64
17:44:00.0197 3680  Number of processors: 2
17:44:00.0197 3680  Page size: 0x1000
17:44:00.0197 3680  Boot type: Normal boot
17:44:00.0197 3680  ============================================================
17:44:01.0039 3680  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:44:01.0070 3680  Drive \Device\Harddisk4\DR5 - Size: 0x1E77FFC00 (7.62 Gb), SectorSize: 0x200, Cylinders: 0x3E2, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:44:01.0070 3680  ============================================================
17:44:01.0070 3680  \Device\Harddisk0\DR0:
17:44:01.0070 3680  MBR partitions:
17:44:01.0070 3680  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
17:44:01.0070 3680  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800
17:44:01.0070 3680  \Device\Harddisk4\DR5:
17:44:01.0070 3680  MBR partitions:
17:44:01.0070 3680  \Device\Harddisk4\DR5\Partition1: MBR, Type 0x7, StartLBA 0x20, BlocksNum 0xF3BFDE
17:44:01.0070 3680  ============================================================
17:44:01.0102 3680  C: <-> \Device\Harddisk0\DR0\Partition2
17:44:01.0102 3680  ============================================================
17:44:01.0102 3680  Initialize success
17:44:01.0102 3680  ============================================================
17:44:28.0729 4328  ============================================================
17:44:28.0729 4328  Scan started
17:44:28.0729 4328  Mode: Manual; SigCheck; TDLFS; 
17:44:28.0729 4328  ============================================================
17:44:29.0197 4328  ================ Scan system memory ========================
17:44:29.0197 4328  System memory - ok
17:44:29.0197 4328  ================ Scan services =============================
17:44:29.0338 4328  [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
17:44:29.0400 4328  1394ohci - ok
17:44:29.0416 4328  [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
17:44:29.0431 4328  ACPI - ok
17:44:29.0431 4328  [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
17:44:29.0478 4328  AcpiPmi - ok
17:44:29.0556 4328  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
17:44:29.0572 4328  AdobeARMservice - ok
17:44:29.0665 4328  [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:44:29.0681 4328  AdobeFlashPlayerUpdateSvc - ok
17:44:29.0696 4328  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
17:44:29.0712 4328  adp94xx - ok
17:44:29.0728 4328  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
17:44:29.0743 4328  adpahci - ok
17:44:29.0743 4328  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
17:44:29.0759 4328  adpu320 - ok
17:44:29.0806 4328  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
17:44:29.0899 4328  AeLookupSvc - ok
17:44:29.0946 4328  [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD             C:\Windows\system32\drivers\afd.sys
17:44:30.0008 4328  AFD - ok
17:44:30.0055 4328  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
17:44:30.0071 4328  agp440 - ok
17:44:30.0102 4328  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
17:44:30.0149 4328  ALG - ok
17:44:30.0164 4328  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
17:44:30.0180 4328  aliide - ok
17:44:30.0227 4328  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
17:44:30.0242 4328  amdide - ok
17:44:30.0242 4328  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
17:44:30.0258 4328  AmdK8 - ok
17:44:30.0274 4328  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
17:44:30.0320 4328  AmdPPM - ok
17:44:30.0352 4328  [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
17:44:30.0367 4328  amdsata - ok
17:44:30.0383 4328  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
17:44:30.0398 4328  amdsbs - ok
17:44:30.0414 4328  [ DB27766102C7BF7E95140A2AA81D042E ] amdxata         C:\Windows\system32\drivers\amdxata.sys
17:44:30.0430 4328  amdxata - ok
17:44:30.0523 4328  [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:44:30.0539 4328  AntiVirSchedulerService - ok
17:44:30.0554 4328  [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:44:30.0570 4328  AntiVirService - ok
17:44:30.0601 4328  [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID           C:\Windows\system32\drivers\appid.sys
17:44:30.0664 4328  AppID - ok
17:44:30.0695 4328  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
17:44:30.0757 4328  AppIDSvc - ok
17:44:30.0773 4328  [ D065BE66822847B7F127D1F90158376E ] Appinfo         C:\Windows\System32\appinfo.dll
17:44:30.0804 4328  Appinfo - ok
17:44:30.0851 4328  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
17:44:30.0882 4328  AppMgmt - ok
17:44:30.0898 4328  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
17:44:30.0913 4328  arc - ok
17:44:30.0913 4328  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
17:44:30.0929 4328  arcsas - ok
17:44:30.0976 4328  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
17:44:31.0022 4328  AsyncMac - ok
17:44:31.0038 4328  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
17:44:31.0054 4328  atapi - ok
17:44:31.0100 4328  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:44:31.0147 4328  AudioEndpointBuilder - ok
17:44:31.0163 4328  [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv        C:\Windows\System32\Audiosrv.dll
17:44:31.0194 4328  AudioSrv - ok
17:44:31.0241 4328  [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
17:44:31.0256 4328  avgntflt - ok
17:44:31.0288 4328  [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
17:44:31.0288 4328  avipbb - ok
17:44:31.0319 4328  [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
17:44:31.0350 4328  avkmgr - ok
17:44:31.0366 4328  [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
17:44:31.0397 4328  AxInstSV - ok
17:44:31.0412 4328  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
17:44:31.0444 4328  b06bdrv - ok
17:44:31.0475 4328  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
17:44:31.0490 4328  b57nd60a - ok
17:44:31.0537 4328  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
17:44:31.0553 4328  BDESVC - ok
17:44:31.0584 4328  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
17:44:31.0631 4328  Beep - ok
17:44:31.0693 4328  [ 4992C609A6315671463E30F6512BC022 ] BFE             C:\Windows\System32\bfe.dll
17:44:31.0756 4328  BFE - ok
17:44:31.0787 4328  [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS            C:\Windows\System32\qmgr.dll
17:44:31.0834 4328  BITS - ok
17:44:31.0865 4328  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
17:44:31.0880 4328  blbdrive - ok
17:44:31.0912 4328  [ 19D20159708E152267E53B66677A4995 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
17:44:31.0927 4328  bowser - ok
17:44:31.0943 4328  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:44:31.0974 4328  BrFiltLo - ok
17:44:31.0990 4328  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:44:32.0005 4328  BrFiltUp - ok
17:44:32.0068 4328  [ 6B054C67AAA87843504E8E3C09102009 ] Browser         C:\Windows\System32\browser.dll
17:44:32.0099 4328  Browser - ok
17:44:32.0130 4328  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
17:44:32.0192 4328  Brserid - ok
17:44:32.0192 4328  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
17:44:32.0208 4328  BrSerWdm - ok
17:44:32.0208 4328  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
17:44:32.0224 4328  BrUsbMdm - ok
17:44:32.0239 4328  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
17:44:32.0270 4328  BrUsbSer - ok
17:44:32.0270 4328  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
17:44:32.0302 4328  BTHMODEM - ok
17:44:32.0333 4328  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
17:44:32.0395 4328  bthserv - ok
17:44:32.0411 4328  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
17:44:32.0473 4328  cdfs - ok
17:44:32.0504 4328  [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
17:44:32.0551 4328  cdrom - ok
17:44:32.0582 4328  [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc     C:\Windows\System32\certprop.dll
17:44:32.0645 4328  CertPropSvc - ok
17:44:32.0676 4328  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
17:44:32.0707 4328  circlass - ok
17:44:32.0754 4328  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
17:44:32.0770 4328  CLFS - ok
17:44:32.0848 4328  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:44:32.0863 4328  clr_optimization_v2.0.50727_32 - ok
17:44:32.0879 4328  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:44:32.0894 4328  clr_optimization_v2.0.50727_64 - ok
17:44:32.0957 4328  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:44:32.0972 4328  clr_optimization_v4.0.30319_32 - ok
17:44:33.0004 4328  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:44:33.0004 4328  clr_optimization_v4.0.30319_64 - ok
17:44:33.0019 4328  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
17:44:33.0019 4328  CmBatt - ok
17:44:33.0035 4328  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
17:44:33.0050 4328  cmdide - ok
17:44:33.0082 4328  [ CA7720B73446FDDEC5C69519C1174C98 ] CNG             C:\Windows\system32\Drivers\cng.sys
17:44:33.0113 4328  CNG - ok
17:44:33.0113 4328  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
17:44:33.0128 4328  Compbatt - ok
17:44:33.0144 4328  [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
17:44:33.0160 4328  CompositeBus - ok
17:44:33.0160 4328  COMSysApp - ok
17:44:33.0175 4328  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
17:44:33.0191 4328  crcdisk - ok
17:44:33.0222 4328  [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc        C:\Windows\system32\cryptsvc.dll
17:44:33.0269 4328  CryptSvc - ok
17:44:33.0316 4328  [ 4A6173C2279B498CD8F57CAE504564CB ] CSC             C:\Windows\system32\drivers\csc.sys
17:44:33.0362 4328  CSC - ok
17:44:33.0378 4328  [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService      C:\Windows\System32\cscsvc.dll
17:44:33.0409 4328  CscService - ok
17:44:33.0440 4328  [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch      C:\Windows\system32\rpcss.dll
17:44:33.0503 4328  DcomLaunch - ok
17:44:33.0534 4328  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
17:44:33.0596 4328  defragsvc - ok
17:44:33.0628 4328  [ 9C253CE7311CA60FC11C774692A13208 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
17:44:33.0659 4328  DfsC - ok
17:44:33.0690 4328  [ CE3B9562D997F69B330D181A8875960F ] Dhcp            C:\Windows\system32\dhcpcore.dll
17:44:33.0706 4328  Dhcp - ok
17:44:33.0706 4328  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
17:44:33.0737 4328  discache - ok
17:44:33.0752 4328  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
17:44:33.0768 4328  Disk - ok
17:44:33.0799 4328  [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache        C:\Windows\System32\dnsrslvr.dll
17:44:33.0815 4328  Dnscache - ok
17:44:33.0846 4328  [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc         C:\Windows\System32\dot3svc.dll
17:44:33.0877 4328  dot3svc - ok
17:44:33.0877 4328  [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS             C:\Windows\system32\dps.dll
17:44:33.0924 4328  DPS - ok
17:44:33.0940 4328  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
17:44:33.0955 4328  drmkaud - ok
17:44:34.0002 4328  [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
17:44:34.0033 4328  DXGKrnl - ok
17:44:34.0064 4328  [ 416A2007878ED1D6FC5DDDB9E1F6DB3E ] e1express       C:\Windows\system32\DRIVERS\e1e6032e.sys
17:44:34.0080 4328  e1express - ok
17:44:34.0096 4328  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
17:44:34.0142 4328  EapHost - ok
17:44:34.0205 4328  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
17:44:34.0267 4328  ebdrv - ok
17:44:34.0283 4328  [ 156F6159457D0AA7E59B62681B56EB90 ] EFS             C:\Windows\System32\lsass.exe
17:44:34.0314 4328  EFS - ok
17:44:34.0361 4328  [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
17:44:34.0392 4328  ehRecvr - ok
17:44:34.0423 4328  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
17:44:34.0423 4328  ehSched - ok
17:44:34.0454 4328  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
17:44:34.0470 4328  elxstor - ok
17:44:34.0501 4328  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
17:44:34.0517 4328  ErrDev - ok
17:44:34.0548 4328  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
17:44:34.0595 4328  EventSystem - ok
17:44:34.0595 4328  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
17:44:34.0626 4328  exfat - ok
17:44:34.0626 4328  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
17:44:34.0673 4328  fastfat - ok
17:44:34.0720 4328  [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax             C:\Windows\system32\fxssvc.exe
17:44:34.0766 4328  Fax - ok
17:44:34.0766 4328  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
17:44:34.0782 4328  fdc - ok
17:44:34.0813 4328  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
17:44:34.0844 4328  fdPHost - ok
17:44:34.0860 4328  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
17:44:34.0891 4328  FDResPub - ok
17:44:34.0922 4328  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
17:44:34.0938 4328  FileInfo - ok
17:44:34.0938 4328  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
17:44:34.0969 4328  Filetrace - ok
17:44:34.0985 4328  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
17:44:34.0985 4328  flpydisk - ok
17:44:35.0000 4328  [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
17:44:35.0016 4328  FltMgr - ok
17:44:35.0047 4328  [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache       C:\Windows\system32\FntCache.dll
17:44:35.0094 4328  FontCache - ok
17:44:35.0156 4328  [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:44:35.0172 4328  FontCache3.0.0.0 - ok
17:44:35.0188 4328  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
17:44:35.0203 4328  FsDepends - ok
17:44:35.0219 4328  [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
17:44:35.0234 4328  Fs_Rec - ok
17:44:35.0266 4328  [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
17:44:35.0281 4328  fvevol - ok
17:44:35.0312 4328  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
17:44:35.0328 4328  gagp30kx - ok
17:44:35.0344 4328  [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc           C:\Windows\System32\gpsvc.dll
17:44:35.0359 4328  gpsvc - ok
17:44:35.0422 4328  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:44:35.0437 4328  gupdate - ok
17:44:35.0437 4328  [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
17:44:35.0453 4328  gupdatem - ok
17:44:35.0468 4328  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
17:44:35.0484 4328  hcw85cir - ok
17:44:35.0515 4328  [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:44:35.0546 4328  HdAudAddService - ok
17:44:35.0546 4328  [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
17:44:35.0562 4328  HDAudBus - ok
17:44:35.0609 4328  [ 354F7AC7AE454A1DAF85BF7C0FFEFD07 ] HDDHealth       C:\Program Files (x86)\HDD Health\HDDHealthService.exe
17:44:35.0624 4328  HDDHealth ( UnsignedFile.Multi.Generic ) - warning
17:44:35.0624 4328  HDDHealth - detected UnsignedFile.Multi.Generic (1)
17:44:35.0640 4328  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
17:44:35.0656 4328  HidBatt - ok
17:44:35.0656 4328  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
17:44:35.0671 4328  HidBth - ok
17:44:35.0687 4328  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
17:44:35.0734 4328  HidIr - ok
17:44:35.0734 4328  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
17:44:35.0780 4328  hidserv - ok
17:44:35.0812 4328  [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
17:44:35.0812 4328  HidUsb - ok
17:44:35.0843 4328  [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc          C:\Windows\system32\kmsvc.dll
17:44:35.0890 4328  hkmsvc - ok
17:44:35.0905 4328  [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:44:35.0921 4328  HomeGroupListener - ok
17:44:35.0952 4328  [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:44:35.0983 4328  HomeGroupProvider - ok
17:44:35.0999 4328  [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
17:44:36.0014 4328  HpSAMD - ok
17:44:36.0030 4328  [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
17:44:36.0061 4328  HTTP - ok
17:44:36.0061 4328  [ F17766A19145F111856378DF337A5D79 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
17:44:36.0077 4328  hwpolicy - ok
17:44:36.0092 4328  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
17:44:36.0108 4328  i8042prt - ok
17:44:36.0139 4328  [ B75E45C564E944A2657167D197AB29DA ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
17:44:36.0155 4328  iaStorV - ok
17:44:36.0202 4328  [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:44:36.0233 4328  idsvc - ok
17:44:36.0233 4328  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
17:44:36.0248 4328  iirsp - ok
17:44:36.0264 4328  [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT          C:\Windows\System32\ikeext.dll
17:44:36.0311 4328  IKEEXT - ok
17:44:36.0326 4328  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
17:44:36.0326 4328  intelide - ok
17:44:36.0342 4328  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
17:44:36.0373 4328  intelppm - ok
17:44:36.0373 4328  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
17:44:36.0420 4328  IPBusEnum - ok
17:44:36.0420 4328  [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:44:36.0451 4328  IpFilterDriver - ok
17:44:36.0482 4328  [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
17:44:36.0514 4328  iphlpsvc - ok
17:44:36.0514 4328  [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
17:44:36.0545 4328  IPMIDRV - ok
17:44:36.0545 4328  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
17:44:36.0592 4328  IPNAT - ok
17:44:36.0607 4328  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
17:44:36.0623 4328  IRENUM - ok
17:44:36.0623 4328  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
17:44:36.0638 4328  isapnp - ok
17:44:36.0654 4328  [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
17:44:36.0670 4328  iScsiPrt - ok
17:44:36.0685 4328  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
17:44:36.0685 4328  kbdclass - ok
17:44:36.0701 4328  [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
17:44:36.0716 4328  kbdhid - ok
17:44:36.0732 4328  [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso          C:\Windows\system32\lsass.exe
17:44:36.0748 4328  KeyIso - ok
17:44:36.0748 4328  [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
17:44:36.0763 4328  KSecDD - ok
17:44:36.0794 4328  [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
17:44:36.0810 4328  KSecPkg - ok
17:44:36.0826 4328  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
17:44:36.0857 4328  ksthunk - ok
17:44:36.0872 4328  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
17:44:36.0935 4328  KtmRm - ok
17:44:36.0982 4328  [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer    C:\Windows\system32\srvsvc.dll
17:44:37.0013 4328  LanmanServer - ok
17:44:37.0028 4328  [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:44:37.0091 4328  LanmanWorkstation - ok
17:44:37.0153 4328  [ EE963D96BFD97E54BA6CE6D2AC58DE35 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
17:44:37.0169 4328  LightScribeService ( UnsignedFile.Multi.Generic ) - warning
17:44:37.0169 4328  LightScribeService - detected UnsignedFile.Multi.Generic (1)
17:44:37.0200 4328  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
17:44:37.0247 4328  lltdio - ok
17:44:37.0262 4328  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
17:44:37.0294 4328  lltdsvc - ok
17:44:37.0325 4328  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
17:44:37.0372 4328  lmhosts - ok
17:44:37.0403 4328  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
17:44:37.0418 4328  LSI_FC - ok
17:44:37.0418 4328  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
17:44:37.0434 4328  LSI_SAS - ok
17:44:37.0450 4328  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:44:37.0450 4328  LSI_SAS2 - ok
17:44:37.0465 4328  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:44:37.0465 4328  LSI_SCSI - ok
17:44:37.0481 4328  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
17:44:37.0512 4328  luafv - ok
17:44:37.0543 4328  [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
17:44:37.0574 4328  Mcx2Svc - ok
17:44:37.0606 4328  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
17:44:37.0621 4328  megasas - ok
17:44:37.0637 4328  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
17:44:37.0652 4328  MegaSR - ok
17:44:37.0684 4328  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
17:44:37.0715 4328  MMCSS - ok
17:44:37.0730 4328  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
17:44:37.0762 4328  Modem - ok
17:44:37.0808 4328  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
17:44:37.0824 4328  monitor - ok
17:44:37.0840 4328  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
17:44:37.0840 4328  mouclass - ok
17:44:37.0855 4328  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
17:44:37.0871 4328  mouhid - ok
17:44:37.0871 4328  [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
17:44:37.0886 4328  mountmgr - ok
17:44:37.0933 4328  [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:44:37.0949 4328  MozillaMaintenance - ok
17:44:37.0964 4328  [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
17:44:37.0964 4328  mpio - ok
17:44:37.0980 4328  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
17:44:38.0011 4328  mpsdrv - ok
17:44:38.0042 4328  [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc          C:\Windows\system32\mpssvc.dll
17:44:38.0105 4328  MpsSvc - ok
17:44:38.0120 4328  [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
17:44:38.0152 4328  MRxDAV - ok
17:44:38.0183 4328  [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
17:44:38.0198 4328  mrxsmb - ok
17:44:38.0214 4328  [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:44:38.0245 4328  mrxsmb10 - ok
17:44:38.0261 4328  [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:44:38.0276 4328  mrxsmb20 - ok
17:44:38.0276 4328  [ 5C37497276E3B3A5488B23A326A754B7 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
17:44:38.0292 4328  msahci - ok
17:44:38.0308 4328  [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
17:44:38.0308 4328  msdsm - ok
17:44:38.0339 4328  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
17:44:38.0354 4328  MSDTC - ok
17:44:38.0386 4328  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
17:44:38.0417 4328  Msfs - ok
17:44:38.0432 4328  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
17:44:38.0479 4328  mshidkmdf - ok
17:44:38.0495 4328  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
17:44:38.0495 4328  msisadrv - ok
17:44:38.0526 4328  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
17:44:38.0588 4328  MSiSCSI - ok
17:44:38.0588 4328  msiserver - ok
17:44:38.0620 4328  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
17:44:38.0651 4328  MSKSSRV - ok
17:44:38.0666 4328  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
17:44:38.0713 4328  MSPCLOCK - ok
17:44:38.0729 4328  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
17:44:38.0760 4328  MSPQM - ok
17:44:38.0776 4328  [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
17:44:38.0791 4328  MsRPC - ok
17:44:38.0807 4328  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
17:44:38.0807 4328  mssmbios - ok
17:44:38.0822 4328  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
17:44:38.0854 4328  MSTEE - ok
17:44:38.0869 4328  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
17:44:38.0885 4328  MTConfig - ok
17:44:38.0900 4328  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
17:44:38.0900 4328  Mup - ok
17:44:38.0916 4328  [ 4987E079A4530FA737A128BE54B63B12 ] napagent        C:\Windows\system32\qagentRT.dll
17:44:38.0963 4328  napagent - ok
17:44:38.0994 4328  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
17:44:39.0041 4328  NativeWifiP - ok
17:44:39.0103 4328  [ E0E4A1F81A7D69C595A8A9DDAD084C19 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
17:44:39.0119 4328  NAUpdate - ok
17:44:39.0150 4328  [ CAD515DBD07D082BB317D9928CE8962C ] NDIS            C:\Windows\system32\drivers\ndis.sys
17:44:39.0181 4328  NDIS - ok
17:44:39.0197 4328  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
17:44:39.0228 4328  NdisCap - ok
17:44:39.0244 4328  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
17:44:39.0290 4328  NdisTapi - ok
17:44:39.0306 4328  [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
17:44:39.0337 4328  Ndisuio - ok
17:44:39.0337 4328  [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
17:44:39.0368 4328  NdisWan - ok
17:44:39.0368 4328  [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
17:44:39.0415 4328  NDProxy - ok
17:44:39.0415 4328  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
17:44:39.0446 4328  NetBIOS - ok
17:44:39.0462 4328  [ 9162B273A44AB9DCE5B44362731D062A ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
17:44:39.0493 4328  NetBT - ok
17:44:39.0524 4328  [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon        C:\Windows\system32\lsass.exe
17:44:39.0540 4328  Netlogon - ok
17:44:39.0587 4328  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
17:44:39.0634 4328  Netman - ok
17:44:39.0649 4328  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
17:44:39.0696 4328  netprofm - ok
17:44:39.0743 4328  [ C7D577CB6058454228C7693DA086EF51 ] netr28ux        C:\Windows\system32\DRIVERS\netr28ux.sys
17:44:39.0790 4328  netr28ux - ok
17:44:39.0805 4328  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:44:39.0821 4328  NetTcpPortSharing - ok
17:44:39.0836 4328  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
17:44:39.0852 4328  nfrd960 - ok
17:44:39.0868 4328  [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc          C:\Windows\System32\nlasvc.dll
17:44:39.0914 4328  NlaSvc - ok
17:44:39.0930 4328  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
17:44:39.0977 4328  Npfs - ok
17:44:39.0977 4328  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
17:44:40.0024 4328  nsi - ok
17:44:40.0024 4328  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
17:44:40.0070 4328  nsiproxy - ok
17:44:40.0117 4328  [ 184C189D4FC416978550FC599BB4EDDA ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
17:44:40.0164 4328  Ntfs - ok
17:44:40.0180 4328  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
17:44:40.0211 4328  Null - ok
17:44:40.0429 4328  [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:44:40.0663 4328  nvlddmkm - ok
17:44:40.0694 4328  [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
17:44:40.0710 4328  nvraid - ok
17:44:40.0741 4328  [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
17:44:40.0741 4328  nvstor - ok
17:44:40.0804 4328  [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc           C:\Windows\system32\nvvsvc.exe
17:44:40.0835 4328  nvsvc - ok
17:44:40.0882 4328  [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
17:44:40.0913 4328  nvUpdatusService - ok
17:44:40.0928 4328  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
17:44:40.0944 4328  nv_agp - ok
17:44:40.0960 4328  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
17:44:40.0975 4328  ohci1394 - ok
17:44:41.0006 4328  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
17:44:41.0022 4328  p2pimsvc - ok
17:44:41.0038 4328  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
17:44:41.0053 4328  p2psvc - ok
17:44:41.0069 4328  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
17:44:41.0084 4328  Parport - ok
17:44:41.0100 4328  [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr         C:\Windows\system32\drivers\partmgr.sys
17:44:41.0116 4328  partmgr - ok
17:44:41.0131 4328  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
17:44:41.0162 4328  PcaSvc - ok
17:44:41.0178 4328  [ F36F6504009F2FB0DFD1B17A116AD74B ] pci             C:\Windows\system32\DRIVERS\pci.sys
17:44:41.0178 4328  pci - ok
17:44:41.0209 4328  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
17:44:41.0209 4328  pciide - ok
17:44:41.0240 4328  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
17:44:41.0256 4328  pcmcia - ok
17:44:41.0256 4328  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
17:44:41.0272 4328  pcw - ok
17:44:41.0287 4328  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
17:44:41.0350 4328  PEAUTH - ok
17:44:41.0396 4328  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
17:44:41.0428 4328  PeerDistSvc - ok
17:44:41.0506 4328  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
17:44:41.0537 4328  PerfHost - ok
17:44:41.0584 4328  [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla             C:\Windows\system32\pla.dll
17:44:41.0646 4328  pla - ok
17:44:41.0677 4328  [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
17:44:41.0708 4328  PlugPlay - ok
17:44:41.0724 4328  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
17:44:41.0755 4328  PNRPAutoReg - ok
17:44:41.0771 4328  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
17:44:41.0786 4328  PNRPsvc - ok
17:44:41.0849 4328  [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
17:44:41.0896 4328  PolicyAgent - ok
17:44:41.0927 4328  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
17:44:41.0958 4328  Power - ok
17:44:42.0005 4328  [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
17:44:42.0052 4328  PptpMiniport - ok
17:44:42.0067 4328  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
17:44:42.0098 4328  Processor - ok
17:44:42.0114 4328  [ 97293447431311C06703368AD0F6C4BE ] ProfSvc         C:\Windows\system32\profsvc.dll
17:44:42.0130 4328  ProfSvc - ok
17:44:42.0145 4328  [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:44:42.0145 4328  ProtectedStorage - ok
17:44:42.0176 4328  [ EE992183BD8EAEFD9973F352E587A299 ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
17:44:42.0208 4328  Psched - ok
17:44:42.0239 4328  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
17:44:42.0286 4328  ql2300 - ok
17:44:42.0301 4328  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
17:44:42.0317 4328  ql40xx - ok
17:44:42.0332 4328  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
17:44:42.0348 4328  QWAVE - ok
17:44:42.0364 4328  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
17:44:42.0379 4328  QWAVEdrv - ok
17:44:42.0395 4328  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
17:44:42.0426 4328  RasAcd - ok
17:44:42.0442 4328  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
17:44:42.0473 4328  RasAgileVpn - ok
17:44:42.0488 4328  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
17:44:42.0520 4328  RasAuto - ok
17:44:42.0535 4328  [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
17:44:42.0566 4328  Rasl2tp - ok
17:44:42.0598 4328  [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan          C:\Windows\System32\rasmans.dll
17:44:42.0629 4328  RasMan - ok
17:44:42.0629 4328  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
17:44:42.0660 4328  RasPppoe - ok
17:44:42.0676 4328  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
17:44:42.0707 4328  RasSstp - ok
17:44:42.0722 4328  [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
17:44:42.0769 4328  rdbss - ok
17:44:42.0785 4328  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
17:44:42.0816 4328  rdpbus - ok
17:44:42.0832 4328  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
17:44:42.0863 4328  RDPCDD - ok
17:44:42.0878 4328  [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
17:44:42.0894 4328  RDPDR - ok
17:44:42.0910 4328  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
17:44:42.0972 4328  RDPENCDD - ok
17:44:43.0003 4328  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
17:44:43.0019 4328  RDPREFMP - ok
17:44:43.0050 4328  [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
17:44:43.0066 4328  RDPWD - ok
17:44:43.0066 4328  [ 634B9A2181D98F15941236886164EC8B ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
17:44:43.0081 4328  rdyboost - ok
17:44:43.0097 4328  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
17:44:43.0159 4328  RemoteAccess - ok
17:44:43.0159 4328  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
17:44:43.0206 4328  RemoteRegistry - ok
17:44:43.0237 4328  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
17:44:43.0268 4328  RpcEptMapper - ok
17:44:43.0300 4328  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
17:44:43.0331 4328  RpcLocator - ok
17:44:43.0346 4328  [ 7266972E86890E2B30C0C322E906B027 ] RpcSs           C:\Windows\system32\rpcss.dll
17:44:43.0378 4328  RpcSs - ok
17:44:43.0378 4328  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
17:44:43.0409 4328  rspndr - ok
17:44:43.0440 4328  [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap           C:\Windows\system32\DRIVERS\vms3cap.sys
17:44:43.0471 4328  s3cap - ok
17:44:43.0487 4328  [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs           C:\Windows\system32\lsass.exe
17:44:43.0502 4328  SamSs - ok
17:44:43.0502 4328  [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
17:44:43.0518 4328  sbp2port - ok
17:44:43.0534 4328  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
17:44:43.0565 4328  SCardSvr - ok
17:44:43.0580 4328  [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
17:44:43.0627 4328  scfilter - ok
17:44:43.0674 4328  [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule        C:\Windows\system32\schedsvc.dll
17:44:43.0690 4328  Schedule - ok
17:44:43.0721 4328  [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc     C:\Windows\System32\certprop.dll
17:44:43.0752 4328  SCPolicySvc - ok
17:44:43.0752 4328  [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
17:44:43.0768 4328  SDRSVC - ok
17:44:43.0783 4328  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
17:44:43.0814 4328  secdrv - ok
17:44:43.0830 4328  [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon        C:\Windows\system32\seclogon.dll
17:44:43.0861 4328  seclogon - ok
17:44:43.0877 4328  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
17:44:43.0908 4328  SENS - ok
17:44:43.0908 4328  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
17:44:43.0924 4328  SensrSvc - ok
17:44:43.0939 4328  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
17:44:43.0955 4328  Serenum - ok
17:44:43.0970 4328  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
17:44:43.0986 4328  Serial - ok
17:44:44.0002 4328  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
17:44:44.0017 4328  sermouse - ok
17:44:44.0033 4328  [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv      C:\Windows\system32\sessenv.dll
17:44:44.0064 4328  SessionEnv - ok
17:44:44.0080 4328  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
17:44:44.0111 4328  sffdisk - ok
17:44:44.0142 4328  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
17:44:44.0158 4328  sffp_mmc - ok
17:44:44.0189 4328  [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
17:44:44.0189 4328  sffp_sd - ok
17:44:44.0204 4328  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
17:44:44.0220 4328  sfloppy - ok
17:44:44.0236 4328  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
17:44:44.0282 4328  SharedAccess - ok
17:44:44.0298 4328  [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:44:44.0329 4328  ShellHWDetection - ok
17:44:44.0345 4328  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:44:44.0360 4328  SiSRaid2 - ok
17:44:44.0360 4328  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
17:44:44.0376 4328  SiSRaid4 - ok
17:44:44.0376 4328  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
17:44:44.0438 4328  Smb - ok
17:44:44.0454 4328  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
17:44:44.0470 4328  SNMPTRAP - ok
17:44:44.0485 4328  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
17:44:44.0485 4328  spldr - ok
17:44:44.0532 4328  [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler         C:\Windows\System32\spoolsv.exe
17:44:44.0548 4328  Spooler - ok
17:44:44.0610 4328  [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc          C:\Windows\system32\sppsvc.exe
17:44:44.0672 4328  sppsvc - ok
17:44:44.0688 4328  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
17:44:44.0719 4328  sppuinotify - ok
17:44:44.0735 4328  [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv             C:\Windows\system32\DRIVERS\srv.sys
17:44:44.0782 4328  srv - ok
17:44:44.0813 4328  [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
17:44:44.0844 4328  srv2 - ok
17:44:44.0875 4328  [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
17:44:44.0906 4328  srvnet - ok
17:44:44.0938 4328  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
17:44:44.0984 4328  SSDPSRV - ok
17:44:44.0984 4328  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
17:44:45.0031 4328  SstpSvc - ok
17:44:45.0062 4328  [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service  C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
17:44:45.0078 4328  Stereo Service - ok
17:44:45.0078 4328  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
17:44:45.0094 4328  stexstor - ok
17:44:45.0125 4328  [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc          C:\Windows\System32\wiaservc.dll
17:44:45.0156 4328  stisvc - ok
17:44:45.0172 4328  [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt         C:\Windows\system32\DRIVERS\vmstorfl.sys
17:44:45.0187 4328  storflt - ok
17:44:45.0203 4328  [ C40841817EF57D491F22EB103DA587CC ] StorSvc         C:\Windows\system32\storsvc.dll
17:44:45.0234 4328  StorSvc - ok
17:44:45.0250 4328  [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc         C:\Windows\system32\DRIVERS\storvsc.sys
17:44:45.0265 4328  storvsc - ok
17:44:45.0265 4328  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
17:44:45.0281 4328  swenum - ok
17:44:45.0312 4328  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
17:44:45.0343 4328  swprv - ok
17:44:45.0390 4328  [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain         C:\Windows\system32\sysmain.dll
17:44:45.0437 4328  SysMain - ok
17:44:45.0437 4328  [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:44:45.0468 4328  TabletInputService - ok
17:44:45.0484 4328  [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv         C:\Windows\System32\tapisrv.dll
17:44:45.0577 4328  TapiSrv - ok
17:44:45.0608 4328  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
17:44:45.0640 4328  TBS - ok
17:44:45.0702 4328  [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
17:44:45.0749 4328  Tcpip - ok
17:44:45.0780 4328  [ 5CFB7AB8F9524D1A1E14369DE63B83CC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
17:44:45.0811 4328  TCPIP6 - ok
17:44:45.0842 4328  [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
17:44:45.0874 4328  tcpipreg - ok
17:44:45.0889 4328  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
17:44:45.0905 4328  TDPIPE - ok
17:44:45.0920 4328  [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
17:44:45.0936 4328  TDTCP - ok
17:44:45.0967 4328  [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
17:44:45.0998 4328  tdx - ok
17:44:46.0014 4328  [ C448651339196C0E869A355171875522 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
17:44:46.0030 4328  TermDD - ok
17:44:46.0045 4328  [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService     C:\Windows\System32\termsrv.dll
17:44:46.0092 4328  TermService - ok
17:44:46.0108 4328  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
17:44:46.0139 4328  Themes - ok
17:44:46.0154 4328  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
17:44:46.0186 4328  THREADORDER - ok
17:44:46.0201 4328  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
17:44:46.0248 4328  TrkWks - ok
17:44:46.0279 4328  [ 370A6907DDF79532A39319492B1FA38A ] truecrypt       C:\Windows\system32\drivers\truecrypt.sys
17:44:46.0295 4328  truecrypt - ok
17:44:46.0342 4328  [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:44:46.0357 4328  TrustedInstaller - ok
17:44:46.0388 4328  [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
17:44:46.0435 4328  tssecsrv - ok
17:44:46.0466 4328  [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
17:44:46.0498 4328  tunnel - ok
17:44:46.0498 4328  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
17:44:46.0513 4328  uagp35 - ok
17:44:46.0529 4328  [ D47BAEAD86C65D4F4069D7CE0A4EDCEB ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
17:44:46.0576 4328  udfs - ok
17:44:46.0591 4328  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
17:44:46.0607 4328  UI0Detect - ok
17:44:46.0622 4328  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
17:44:46.0622 4328  uliagpkx - ok
17:44:46.0669 4328  [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
17:44:46.0685 4328  umbus - ok
17:44:46.0685 4328  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
17:44:46.0716 4328  UmPass - ok
17:44:46.0732 4328  [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService    C:\Windows\System32\umrdp.dll
17:44:46.0747 4328  UmRdpService - ok
17:44:46.0778 4328  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
17:44:46.0841 4328  upnphost - ok
17:44:46.0856 4328  [ 7B6A127C93EE590E4D79A5F2A76FE46F ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
17:44:46.0872 4328  usbccgp - ok
17:44:46.0888 4328  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
17:44:46.0903 4328  usbcir - ok
17:44:46.0919 4328  [ 92969BA5AC44E229C55A332864F79677 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
17:44:46.0934 4328  usbehci - ok
17:44:46.0950 4328  [ E7DF1CFD28CA86B35EF5ADD0735CEEF3 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
17:44:46.0966 4328  usbhub - ok
17:44:46.0981 4328  [ F1BB1E55F1E7A65C5839CCC7B36D773E ] usbohci         C:\Windows\system32\drivers\usbohci.sys
17:44:47.0012 4328  usbohci - ok
17:44:47.0028 4328  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
17:44:47.0044 4328  usbprint - ok
17:44:47.0075 4328  [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:44:47.0090 4328  USBSTOR - ok
17:44:47.0122 4328  [ BC3070350A491D84B518D7CCA9ABD36F ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
17:44:47.0137 4328  usbuhci - ok
17:44:47.0153 4328  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
17:44:47.0184 4328  UxSms - ok
17:44:47.0200 4328  [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc        C:\Windows\system32\lsass.exe
17:44:47.0200 4328  VaultSvc - ok
17:44:47.0215 4328  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
17:44:47.0231 4328  vdrvroot - ok
17:44:47.0246 4328  [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds             C:\Windows\System32\vds.exe
17:44:47.0278 4328  vds - ok
17:44:47.0278 4328  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
17:44:47.0293 4328  vga - ok
17:44:47.0309 4328  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
17:44:47.0356 4328  VgaSave - ok
17:44:47.0356 4328  [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
17:44:47.0371 4328  vhdmp - ok
17:44:47.0387 4328  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
17:44:47.0387 4328  viaide - ok
17:44:47.0418 4328  [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus           C:\Windows\system32\DRIVERS\vmbus.sys
17:44:47.0434 4328  vmbus - ok
17:44:47.0449 4328  [ AE10C35761889E65A6F7176937C5592C ] VMBusHID        C:\Windows\system32\DRIVERS\VMBusHID.sys
17:44:47.0465 4328  VMBusHID - ok
17:44:47.0480 4328  [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
17:44:47.0496 4328  volmgr - ok
17:44:47.0512 4328  [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
17:44:47.0527 4328  volmgrx - ok
17:44:47.0558 4328  [ 9E425AC5C9A5A973273D169F43B4F5E1 ] volsnap         C:\Windows\system32\DRIVERS\volsnap.sys
17:44:47.0590 4328  volsnap - ok
17:44:47.0605 4328  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
17:44:47.0621 4328  vsmraid - ok
17:44:47.0652 4328  [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS             C:\Windows\system32\vssvc.exe
17:44:47.0699 4328  VSS - ok
17:44:47.0714 4328  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
17:44:47.0746 4328  vwifibus - ok
17:44:47.0761 4328  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
17:44:47.0777 4328  vwififlt - ok
17:44:47.0792 4328  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
17:44:47.0824 4328  W32Time - ok
17:44:47.0855 4328  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
17:44:47.0886 4328  WacomPen - ok
17:44:47.0902 4328  [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
17:44:47.0948 4328  WANARP - ok
17:44:47.0948 4328  [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
17:44:47.0980 4328  Wanarpv6 - ok
17:44:48.0011 4328  [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine        C:\Windows\system32\wbengine.exe
17:44:48.0058 4328  wbengine - ok
17:44:48.0058 4328  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
17:44:48.0073 4328  WbioSrvc - ok
17:44:48.0104 4328  [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
17:44:48.0136 4328  wcncsvc - ok
17:44:48.0151 4328  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:44:48.0167 4328  WcsPlugInService - ok
17:44:48.0182 4328  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
17:44:48.0198 4328  Wd - ok
17:44:48.0229 4328  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
17:44:48.0260 4328  Wdf01000 - ok
17:44:48.0276 4328  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
17:44:48.0292 4328  WdiServiceHost - ok
17:44:48.0292 4328  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
17:44:48.0307 4328  WdiSystemHost - ok
17:44:48.0338 4328  [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient       C:\Windows\System32\webclnt.dll
17:44:48.0370 4328  WebClient - ok
17:44:48.0385 4328  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
17:44:48.0432 4328  Wecsvc - ok
17:44:48.0448 4328  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
17:44:48.0479 4328  wercplsupport - ok
17:44:48.0494 4328  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
17:44:48.0557 4328  WerSvc - ok
17:44:48.0572 4328  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
17:44:48.0604 4328  WfpLwf - ok
17:44:48.0619 4328  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
17:44:48.0619 4328  WIMMount - ok
17:44:48.0635 4328  WinDefend - ok
17:44:48.0635 4328  WinHttpAutoProxySvc - ok
17:44:48.0697 4328  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
17:44:48.0728 4328  Winmgmt - ok
17:44:48.0791 4328  [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM           C:\Windows\system32\WsmSvc.dll
17:44:48.0853 4328  WinRM - ok
17:44:48.0916 4328  [ 817EAFF5D38674EDD7713B9DFB8E9791 ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
17:44:48.0931 4328  WinUsb - ok
17:44:48.0962 4328  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
17:44:48.0994 4328  Wlansvc - ok
17:44:48.0994 4328  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
17:44:49.0025 4328  WmiAcpi - ok
17:44:49.0056 4328  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
17:44:49.0087 4328  wmiApSrv - ok
17:44:49.0103 4328  WMPNetworkSvc - ok
17:44:49.0118 4328  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
17:44:49.0118 4328  WPCSvc - ok
17:44:49.0134 4328  [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
17:44:49.0150 4328  WPDBusEnum - ok
17:44:49.0165 4328  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
17:44:49.0212 4328  ws2ifsl - ok
17:44:49.0228 4328  [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc          C:\Windows\System32\wscsvc.dll
17:44:49.0259 4328  wscsvc - ok
17:44:49.0259 4328  WSearch - ok
17:44:49.0321 4328  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
17:44:49.0384 4328  wuauserv - ok
17:44:49.0399 4328  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
17:44:49.0415 4328  WudfPf - ok
17:44:49.0430 4328  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
17:44:49.0462 4328  WUDFRd - ok
17:44:49.0493 4328  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
17:44:49.0508 4328  wudfsvc - ok
17:44:49.0524 4328  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc         C:\Windows\System32\wwansvc.dll
17:44:49.0555 4328  WwanSvc - ok
17:44:49.0586 4328  ================ Scan global ===============================
17:44:49.0602 4328  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:44:49.0633 4328  [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
17:44:49.0649 4328  [ 3FB74FF230B5D240A57AE1C4A3D0459D ] C:\Windows\system32\winsrv.dll
17:44:49.0664 4328  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:44:49.0680 4328  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:44:49.0680 4328  [Global] - ok
17:44:49.0680 4328  ================ Scan MBR ==================================
17:44:49.0696 4328  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:44:49.0898 4328  \Device\Harddisk0\DR0 - ok
17:44:49.0898 4328  [ DDAE9D649DB12F6AFF24483F2C298989 ] \Device\Harddisk4\DR5
17:44:49.0992 4328  \Device\Harddisk4\DR5 - ok
17:44:49.0992 4328  ================ Scan VBR ==================================
17:44:49.0992 4328  [ FB46899939103F609995AC93A27B784F ] \Device\Harddisk0\DR0\Partition1
17:44:50.0008 4328  \Device\Harddisk0\DR0\Partition1 - ok
17:44:50.0023 4328  [ 19A96E313F77781259037DA03DC974FC ] \Device\Harddisk0\DR0\Partition2
17:44:50.0023 4328  \Device\Harddisk0\DR0\Partition2 - ok
17:44:50.0039 4328  [ 6C370AB61EED2A7D22D135FF9BAEC883 ] \Device\Harddisk4\DR5\Partition1
17:44:50.0039 4328  \Device\Harddisk4\DR5\Partition1 - ok
17:44:50.0039 4328  ============================================================
17:44:50.0039 4328  Scan finished
17:44:50.0039 4328  ============================================================
17:44:50.0054 2560  Detected object count: 2
17:44:50.0054 2560  Actual detected object count: 2
17:45:54.0873 2560  HDDHealth ( UnsignedFile.Multi.Generic ) - skipped by user
17:45:54.0873 2560  HDDHealth ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:45:54.0873 2560  LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
17:45:54.0873 2560  LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip 
17:46:16.0510 3804  Deinitialize success

cosinus · 08.04.2013, 21:09

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

denkgeräusch · 08.04.2013, 23:24

Darf ich fragen, was Combofix macht und was Du bei meinem Problem bis jetzt für Vermutungen hast? Nachdem Du Mitleser extra vor einer unbedachten Verwendung warnst, klingt das für mich ein bisschen wie Chemotherapie für den PC... Welche Risiken gehe ich dabei ein?
Bitte nimm mir das nicht übel, ich versuche nur nachzuvollziehen, was ich tue.

Zitat:

Zitat von www.bleepingcomputer.com/download/combofix/

Please note that running this program without supervision can cause your computer to not operate correctly

Abgesehen davon schreibst Du, ich soll u.a. Malwarescanner deaktivieren. => Malwarebytes deinstallieren, oder nur nicht parallel öffnen?

für die Hilfe!

cosinus · 09.04.2013, 11:38

Ich vermute noch einiges an tiefsitzendere Malware, daher CF
Bei jeder Bereinigung kann etwas schiefgehen auch ohne CF und allgemein solltest du immer die wichtigsten Daten geischert haben, logischerweise auch dann wenn du keine Probleme mit dem PC hast, das ist Sinn und Zweck eines Backups - sollte man schonmal von gehört haben

Und Malwarebytes sollst du nicht deinstallieren, die Rede war von Virenscanner deaktivieren, also dein Hintergrundwächter von Avira

denkgeräusch · 09.04.2013, 12:19

Danke für Deine Erklärung.
Wie im Anfangspost beschrieben ist das Backup genau mein Sorgenkind, da ich mir nicht sicher bin, ob ich das alte saubere Backup voreilig bei der Warnung bzgl defekter Festplatte mit dem dreckigen Backup verschmutzt habe, das jetzt auf der gleichen Platte neben dem alten Backup liegt...

CF log:

Code:

ATTFilter

ComboFix 13-04-08.04 - *** 09.04.2013  13:24:31.1.2 - x64
Microsoft Windows 7 Professional   6.1.7600.0.1252.49.1033.18.4094.2837 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-09 bis 2013-04-09  ))))))))))))))))))))))))))))))
.
.
2013-04-09 11:27 . 2013-04-09 11:27	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2013-04-09 11:27 . 2013-04-09 11:27	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-09 11:27 . 2013-04-09 11:27	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{058BE9E3-4783-4BF3-B517-4309DE9B9719}\offreg.dll
2013-04-08 15:14 . 2013-03-15 06:28	9311288	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{058BE9E3-4783-4BF3-B517-4309DE9B9719}\mpengine.dll
2013-03-15 14:33 . 2013-03-15 14:33	--------	d-----w-	c:\users\***\AppData\Roaming\Malwarebytes
2013-03-15 14:33 . 2013-03-15 14:33	--------	d-----w-	c:\programdata\Malwarebytes
2013-03-15 14:33 . 2013-03-15 14:33	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2013-03-15 14:33 . 2012-12-14 15:49	24176	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-03-15 14:22 . 2013-03-15 14:22	--------	d-----w-	c:\program files (x86)\Seagate
2013-03-15 14:15 . 2013-03-15 14:15	--------	d-----w-	c:\program files (x86)\Common Files\Wise Installation Wizard
2013-03-15 14:14 . 2013-03-15 14:14	--------	d-----w-	c:\program files (x86)\HDD Health
2013-03-13 19:48 . 2013-03-13 19:48	--------	d-----w-	c:\program files\Microsoft Games
2013-03-13 19:10 . 2013-03-13 19:10	--------	d-----w-	c:\users\***\AppData\Local\Opera
2013-03-13 19:10 . 2013-03-13 19:10	--------	d-----w-	c:\program files (x86)\Opera
2013-03-11 20:10 . 2013-03-11 20:10	--------	d-----w-	c:\program files (x86)\LightScribe Template Labeler
2013-03-11 20:00 . 2013-03-11 20:00	--------	d-----w-	c:\program files (x86)\LightScribe Diagnostic Utility
2013-03-11 19:31 . 2013-03-11 19:31	--------	d-----w-	c:\program files (x86)\Common Files\LightScribe
2013-03-11 19:26 . 2013-03-11 19:26	--------	d-----w-	c:\program files (x86)\Common Files\Nero
2013-03-11 19:25 . 2013-03-11 19:27	--------	d-----w-	c:\program files (x86)\Nero
2013-03-11 10:47 . 2013-01-09 01:10	996352	----a-w-	c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-11 10:47 . 2013-01-08 22:01	768000	----a-w-	c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-03-11 10:22 . 2013-03-11 19:26	--------	d-----w-	c:\programdata\Nero
2013-03-11 09:46 . 2013-03-11 10:14	--------	d-----w-	c:\users\***\AppData\Roaming\TrueCrypt
2013-03-10 14:39 . 2013-03-10 14:39	--------	d-----w-	c:\windows\system32\appmgmt
2013-03-10 13:19 . 2013-03-10 13:19	--------	d-----w-	c:\programdata\LightScribe
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-12 23:37 . 2013-02-27 11:44	73432	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-12 23:37 . 2013-02-27 11:44	693976	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-03-11 23:10 . 2013-02-25 23:47	282744	------w-	c:\windows\system32\MpSigStub.exe
2013-03-04 16:41 . 2013-03-04 16:41	231376	----a-w-	c:\windows\system32\drivers\truecrypt.sys
2013-03-01 10:52 . 2013-03-01 10:52	86528	----a-w-	c:\windows\SysWow64\iesysprep.dll
2013-03-01 10:52 . 2013-03-01 10:52	76800	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-01 10:52 . 2013-03-01 10:52	74752	----a-w-	c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-03-01 10:52 . 2013-03-01 10:52	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-03-01 10:52 . 2013-03-01 10:52	1797632	----a-w-	c:\windows\SysWow64\jscript9.dll
2013-03-01 10:52 . 2013-03-01 10:52	161792	----a-w-	c:\windows\SysWow64\msls31.dll
2013-03-01 10:52 . 2013-03-01 10:52	1126912	----a-w-	c:\windows\SysWow64\wininet.dll
2013-03-01 10:52 . 2013-03-01 10:52	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-03-01 10:52 . 2013-03-01 10:52	89088	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2013-03-01 10:52 . 2013-03-01 10:52	85504	----a-w-	c:\windows\system32\jsproxy.dll
2013-03-01 10:52 . 2013-03-01 10:52	818176	----a-w-	c:\windows\system32\jscript.dll
2013-03-01 10:52 . 2013-03-01 10:52	74752	----a-w-	c:\windows\SysWow64\iesetup.dll
2013-03-01 10:52 . 2013-03-01 10:52	65024	----a-w-	c:\windows\system32\pngfilt.dll
2013-03-01 10:52 . 2013-03-01 10:52	63488	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-03-01 10:52 . 2013-03-01 10:52	55296	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-03-01 10:52 . 2013-03-01 10:52	49664	----a-w-	c:\windows\system32\imgutil.dll
2013-03-01 10:52 . 2013-03-01 10:52	420864	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-03-01 10:52 . 2013-03-01 10:52	367104	----a-w-	c:\windows\SysWow64\html.iec
2013-03-01 10:52 . 2013-03-01 10:52	35840	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-03-01 10:52 . 2013-03-01 10:52	267776	----a-w-	c:\windows\system32\ieaksie.dll
2013-03-01 10:52 . 2013-03-01 10:52	2382848	----a-w-	c:\windows\SysWow64\mshtml.tlb
2013-03-01 10:52 . 2013-03-01 10:52	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2013-03-01 10:52 . 2013-03-01 10:52	23552	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-03-01 10:52 . 2013-03-01 10:52	2303488	----a-w-	c:\windows\system32\jscript9.dll
2013-03-01 10:52 . 2013-03-01 10:52	222208	----a-w-	c:\windows\system32\msls31.dll
2013-03-01 10:52 . 2013-03-01 10:52	2136064	----a-w-	c:\windows\system32\iertutil.dll
2013-03-01 10:52 . 2013-03-01 10:52	197120	----a-w-	c:\windows\system32\msrating.dll
2013-03-01 10:52 . 2013-03-01 10:52	17773056	----a-w-	c:\windows\system32\mshtml.dll
2013-03-01 10:52 . 2013-03-01 10:52	173056	----a-w-	c:\windows\system32\ieUnatt.exe
2013-03-01 10:52 . 2013-03-01 10:52	163840	----a-w-	c:\windows\system32\ieakui.dll
2013-03-01 10:52 . 2013-03-01 10:52	152064	----a-w-	c:\windows\SysWow64\wextract.exe
2013-03-01 10:52 . 2013-03-01 10:52	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-03-01 10:52 . 2013-03-01 10:52	149504	----a-w-	c:\windows\system32\occache.dll
2013-03-01 10:52 . 2013-03-01 10:52	145920	----a-w-	c:\windows\system32\iepeers.dll
2013-03-01 10:52 . 2013-03-01 10:52	142848	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-03-01 10:52 . 2013-03-01 10:52	1427456	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-03-01 10:52 . 2013-03-01 10:52	1389056	----a-w-	c:\windows\system32\wininet.dll
2013-03-01 10:52 . 2013-03-01 10:52	135168	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-03-01 10:52 . 2013-03-01 10:52	1344000	----a-w-	c:\windows\system32\urlmon.dll
2013-03-01 10:52 . 2013-03-01 10:52	12288	----a-w-	c:\windows\system32\mshta.exe
2013-03-01 10:52 . 2013-03-01 10:52	11776	----a-w-	c:\windows\SysWow64\mshta.exe
2013-03-01 10:52 . 2013-03-01 10:52	114176	----a-w-	c:\windows\system32\admparse.dll
2013-03-01 10:52 . 2013-03-01 10:52	10752	----a-w-	c:\windows\system32\msfeedssync.exe
2013-03-01 10:52 . 2013-03-01 10:52	101888	----a-w-	c:\windows\SysWow64\admparse.dll
2013-03-01 10:52 . 2013-03-01 10:52	96256	----a-w-	c:\windows\system32\mshtmled.dll
2013-03-01 10:52 . 2013-03-01 10:52	91648	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-03-01 10:52 . 2013-03-01 10:52	89088	----a-w-	c:\windows\system32\ie4uinit.exe
2013-03-01 10:52 . 2013-03-01 10:52	85504	----a-w-	c:\windows\system32\iesetup.dll
2013-03-01 10:52 . 2013-03-01 10:52	82432	----a-w-	c:\windows\system32\icardie.dll
2013-03-01 10:52 . 2013-03-01 10:52	76800	----a-w-	c:\windows\system32\tdc.ocx
2013-03-01 10:52 . 2013-03-01 10:52	697344	----a-w-	c:\windows\system32\msfeeds.dll
2013-03-01 10:52 . 2013-03-01 10:52	603648	----a-w-	c:\windows\system32\vbscript.dll
2013-03-01 10:52 . 2013-03-01 10:52	534528	----a-w-	c:\windows\system32\ieapfltr.dll
2013-03-01 10:52 . 2013-03-01 10:52	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-03-01 10:52 . 2013-03-01 10:52	452608	----a-w-	c:\windows\system32\dxtmsft.dll
2013-03-01 10:52 . 2013-03-01 10:52	448512	----a-w-	c:\windows\system32\html.iec
2013-03-01 10:52 . 2013-03-01 10:52	403248	----a-w-	c:\windows\system32\iedkcs32.dll
2013-03-01 10:52 . 2013-03-01 10:52	39936	----a-w-	c:\windows\system32\iernonce.dll
2013-03-01 10:52 . 2013-03-01 10:52	3695416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-03-01 10:52 . 2013-03-01 10:52	30720	----a-w-	c:\windows\system32\licmgr10.dll
2013-03-01 10:52 . 2013-03-01 10:52	282112	----a-w-	c:\windows\system32\dxtrans.dll
2013-03-01 10:52 . 2013-03-01 10:52	249344	----a-w-	c:\windows\system32\webcheck.dll
2013-03-01 10:52 . 2013-03-01 10:52	248320	----a-w-	c:\windows\system32\ieui.dll
2013-03-01 10:52 . 2013-03-01 10:52	236544	----a-w-	c:\windows\system32\url.dll
2013-03-01 10:52 . 2013-03-01 10:52	165888	----a-w-	c:\windows\system32\iexpress.exe
2013-03-01 10:52 . 2013-03-01 10:52	160256	----a-w-	c:\windows\system32\wextract.exe
2013-03-01 10:52 . 2013-03-01 10:52	160256	----a-w-	c:\windows\system32\ieakeng.dll
2013-03-01 10:52 . 2013-03-01 10:52	1492992	----a-w-	c:\windows\system32\inetcpl.cpl
2013-03-01 10:52 . 2013-03-01 10:52	111616	----a-w-	c:\windows\system32\iesysprep.dll
2013-03-01 10:52 . 2013-03-01 10:52	10884096	----a-w-	c:\windows\system32\ieframe.dll
2013-03-01 10:52 . 2013-03-01 10:52	103936	----a-w-	c:\windows\system32\inseng.dll
2013-02-27 17:24 . 2013-02-27 17:24	4067328	----a-w-	c:\windows\Adac-Luftrettung 3D.scr
2013-02-27 17:24 . 2013-02-27 17:24	348160	----a-w-	c:\windows\Adac-Luftrettung 3D Uninstall.exe
2013-02-27 11:19 . 2013-02-27 11:20	99912	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2013-02-27 11:19 . 2013-02-27 11:20	27800	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2013-02-27 11:19 . 2013-02-27 11:20	129216	----a-w-	c:\windows\system32\drivers\avipbb.sys
2013-02-07 11:42 . 2013-02-07 11:42	333856	----a-w-	c:\windows\system32\RaCoInstx.dll
2013-02-07 11:42 . 2013-02-07 11:42	2201120	----a-w-	c:\windows\system32\drivers\netr28ux.sys
2013-02-04 21:49 . 2013-02-27 12:19	70004024	----a-w-	c:\windows\system32\MRT.exe
2006-05-03 10:06	163328	--sha-r-	c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47	31232	--sha-r-	c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30	216064	--sha-r-	c:\windows\SysWOW64\nbDX.dll
2010-01-06 23:00	107520	--sha-r-	c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hddhealth"="c:\program files (x86)\HDD Health\hddhealth.exe" [2012-06-07 1987520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-02-27 385248]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
.
c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-2-15 29428904]
OpenOffice.org 3.4.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HDDHealth.lnk - c:\program files (x86)\HDD Health\hddhealth.exe [2013-3-15 1987520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HDDHealth;HDDHealth;c:\program files (x86)\HDD Health\HDDHealthService.exe [2012-06-07 72640]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-02-27 27800]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-02-27 86752]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2012-07-13 769432]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2012-07-02 14:40	453736	----a-w-	c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-27 23:37]
.
2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-04 16:21]
.
2013-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-03-04 16:21]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	162552	----a-w-	c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (de)
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?sk=bd
FF - prefs.js: network.proxy.ftp - 83.137.26.25
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - 83.137.26.25
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - 83.137.26.25
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - 83.137.26.25
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - 83.137.26.25
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-02-27 17:12; {45d8ff86-d909-11db-9705-005056c00008}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi
FF - ExtSQL: 2013-02-27 17:38; {d91a2be6-3b56-4dfb-97f5-5e48fe3ed473}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473}
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-09  13:29:30
ComboFix-quarantined-files.txt  2013-04-09 11:29
.
Vor Suchlauf: 831.052.832.768 bytes free
Nach Suchlauf: 839.601.295.360 bytes free
.
- - End Of File - - 4C162678F01B0984D9595EBF25BB8AA7

cosinus · 09.04.2013, 12:40

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

denkgeräusch · 09.04.2013, 14:14

Scans mit folgenden Ergebnissen durchgeführt: (siehe unten)

Zwischendurch ist mir etwas aufgefallen: Ich wollte die heruntergeladenen Installationsateien von JRT und adwCleaner per Drag and Drop auf den Desktop ziehen, wobei aber der durchgestrichene Kreis anstelle meines Cursers erschien - so, als sei eine durchsichtige Ebene über dem Desktop, die das Ablegen der Dateien verhindert. Über den Windows Explorer funktionierte es aber einwandfrei. Inzwischen hat sich das auch wieder erübrigt. Ich wollte es nur erwähnen, falls es relevant sein sollte.

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 7 Professional x64
Ran by *** on 09.04.2013 at 14:33:46,45
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\gwojyt5i.default\minidumps [300 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.04.2013 at 14:40:10,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Code:

ATTFilter

# AdwCleaner v2.200 - Logfile created 04/09/2013 at 14:50:51
# Updated 02/04/2013 by Xplode
# Operating system : Windows 7 Professional  (64 bits)
# User : *** - ****
# Boot Mode : Normal
# Running from : C:\Users\***\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0.2 (de)

File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\prefs.js

[OK] File is clean.

File : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\prefs.js

[OK] File is clean.

-\\ Opera v12.14.1738.0

File : C:\Users\***\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [880 octets] - [09/04/2013 14:50:51]

########## EOF - C:\AdwCleaner[S1].txt - [939 octets] ##########

Code:

ATTFilter

OTL logfile created on: 09.04.2013 14:58:09 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 64,88% Memory free
7,99 Gb Paging File | 6,59 Gb Available in Paging File | 82,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 781,95 Gb Free Space | 83,95% Space Free | Partition Type: NTFS
Drive D: | 686,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive L: | 7,62 Gb Total Space | 7,53 Gb Free Space | 98,83% Space Free | Partition Type: NTFS
 
Computer Name: **** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\HDD Health\hddhealth.exe (PANTERASoft)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (HDDHealth) -- C:\Program Files (x86)\HDD Health\HDDHealthService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (truecrypt) -- C:\Windows\SysNative\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (e1express) -- C:\Windows\SysNative\drivers\e1e6032e.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BB 3D BA 98 1F 20 CE 01  [binary data]
IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-3828931173-708998927-2660071039-1001\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.startup.homepage: "hxxp://www.facebook.com/home.php?sk=bd"
FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: %7B152455DE-7B40-4bcf-B5B4-C68A1BE85A91%7D:2.7
FF - prefs.js..extensions.enabledAddons: %7B4568ed01-8341-4961-b3d5-98ab068ce4c0%7D:1.0.1.6
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14
FF - prefs.js..extensions.enabledAddons: %7B45d8ff86-d909-11db-9705-005056c00008%7D:1.1.0
FF - prefs.js..extensions.enabledAddons: %7Bd91a2be6-3b56-4dfb-97f5-5e48fe3ed473%7D:1.0
FF - prefs.js..extensions.enabledAddons: personas%40christopher.beard:1.6.5
FF - prefs.js..extensions.enabledAddons: addon%40snip-me.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: en-GB@dictionaries.addons.mozilla.org:1.19.1
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5
FF - prefs.js..extensions.enabledItems: {4568ed01-8341-4961-b3d5-98ab068ce4c0}:1.0.1.6
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {152455DE-7B40-4bcf-B5B4-C68A1BE85A91}:2.6.9
FF - prefs.js..extensions.enabledItems: {D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}:0.9.8
FF - prefs.js..extensions.enabledItems: {336f36f7-72b2-4314-984a-ae7cac4b7328}:0.9
FF - prefs.js..extensions.enabledItems: {a7c6cf7f-112c-4500-a7ea-39801a327e5f}:1.0.10
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {de1b245c-de57-11da-ba2d-0050c2490048}:1.0.8
FF - prefs.js..extensions.enabledItems: maps@ovi.com:4.0.12.12
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.2
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.3
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.81
FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9
FF - prefs.js..extensions.enabledItems: de_DE@dicts.j3e.de:20110321
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..extensions.enabledItems: {FFB96CC1-7EB3-449D-B827-DB661701C6BB}:1.5.232.0
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.99
FF - prefs.js..network.proxy.backup.ftp: ""
FF - prefs.js..network.proxy.backup.ftp_port: 0
FF - prefs.js..network.proxy.backup.gopher: ""
FF - prefs.js..network.proxy.backup.gopher_port: 0
FF - prefs.js..network.proxy.backup.socks: ""
FF - prefs.js..network.proxy.backup.socks_port: 0
FF - prefs.js..network.proxy.backup.ssl: ""
FF - prefs.js..network.proxy.backup.ssl_port: 0
FF - prefs.js..network.proxy.ftp: "83.137.26.25"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.gopher: "83.137.26.25"
FF - prefs.js..network.proxy.gopher_port: 8080
FF - prefs.js..network.proxy.http: "83.137.26.25"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "83.137.26.25"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "83.137.26.25"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 14:12:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 14:12:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 14:12:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 14:12:00 | 000,000,000 | ---D | M]
 
[2013.02.27 13:13:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Extensions
[2013.03.08 13:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions
[2013.02.27 13:15:26 | 000,000,000 | ---D | M] (Domain Details) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91}
[2013.02.27 13:15:26 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.02.27 13:15:26 | 000,000,000 | ---D | M] (MinimizeToTray) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{31513E58-F253-47ad-86DB-D5F21E905429}
[2013.02.27 13:15:26 | 000,000,000 | ---D | M] (Extended Cookie Manager) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{336f36f7-72b2-4314-984a-ae7cac4b7328}
[2013.02.27 13:15:26 | 000,000,000 | ---D | M] ("Cookie Manager Button") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{4568ed01-8341-4961-b3d5-98ab068ce4c0}
[2013.02.27 13:15:26 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2013.02.27 13:15:27 | 000,000,000 | ---D | M] (Boss Key) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{A2049DEF-A235-488f-878C-B41F8071FA9C}
[2013.02.27 13:15:27 | 000,000,000 | ---D | M] (Skype Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2013.02.27 13:15:28 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.02.27 18:38:49 | 000,000,000 | ---D | M] (CSHelper) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473}
[2013.02.27 13:15:29 | 000,000,000 | ---D | M] (MinimizeToTray Plus) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
[2013.02.27 13:15:29 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2013.02.27 13:15:29 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2013.02.27 13:15:23 | 000,000,000 | ---D | M] ("Astroburn Toolbar") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\AstroToolbar@toolbarnet.com
[2013.02.27 13:15:24 | 000,000,000 | ---D | M] (WÃ¶rterbuch Deutsch (de-DE), Hunspell-unterstÃ¼tzt) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\de_DE@dicts.j3e.de
[2013.02.27 13:15:24 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2013.02.27 13:15:24 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\en-GB@dictionaries.addons.mozilla.org
[2013.02.27 13:15:24 | 000,000,000 | ---D | M] (Ovi maps browser plugin) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\maps@ovi.com
[2013.02.27 13:15:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\nostmp
[2013.02.27 13:15:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions
[2013.02.27 13:15:36 | 000,000,000 | ---D | M] (Domain Details) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\{152455DE-7B40-4bcf-B5B4-C68A1BE85A91}
[2013.02.27 13:15:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013.02.27 13:15:36 | 000,000,000 | ---D | M] (MinimizeToTray) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\{31513E58-F253-47ad-86DB-D5F21E905429}
[2013.02.27 13:15:36 | 000,000,000 | ---D | M] (Extended Cookie Manager) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\{336f36f7-72b2-4314-984a-ae7cac4b7328}
[2013.02.27 13:15:37 | 000,000,000 | ---D | M] ("Cookie Manager Button") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\{4568ed01-8341-4961-b3d5-98ab068ce4c0}
[2013.02.27 13:15:37 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2013.02.27 13:15:37 | 000,000,000 | ---D | M] (Boss Key) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\{A2049DEF-A235-488f-878C-B41F8071FA9C}
[2013.02.27 13:15:37 | 000,000,000 | ---D | M] (FireFTP) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
[2013.02.27 13:15:38 | 000,000,000 | ---D | M] ("StumbleUpon") -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2013.02.27 13:15:38 | 000,000,000 | ---D | M] (Skype Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}
[2013.02.27 13:15:38 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
[2013.02.27 13:15:38 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2013.02.27 13:15:39 | 000,000,000 | ---D | M] (Download Statusbar) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}
[2013.02.27 13:15:39 | 000,000,000 | ---D | M] (MinimizeToTray Plus) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\{de1b245c-de57-11da-ba2d-0050c2490048}
[2011.11.23 21:29:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2013.02.27 13:15:39 | 000,000,000 | ---D | M] (Page Speed) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2013.02.27 13:15:34 | 000,000,000 | ---D | M] (WÃ¶rterbuch Deutsch (de-DE), Hunspell-unterstÃ¼tzt) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\de_DE@dicts.j3e.de
[2013.02.27 13:15:34 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\de-DE@dictionaries.addons.mozilla.org
[2013.02.27 13:15:34 | 000,000,000 | ---D | M] (British English Dictionary) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\en-GB@dictionaries.addons.mozilla.org
[2013.02.27 13:15:34 | 000,000,000 | ---D | M] (Ovi maps browser plugin) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\maps@ovi.com
[2013.02.27 13:15:35 | 000,000,000 | ---D | M] (Personas) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default - Copy\extensions\personas@christopher.beard
[2013.03.08 13:00:34 | 000,014,855 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\addon@snip-me.de.xpi
[2012.09.29 16:35:08 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\amznUWL2@amazon.com.xpi
[2013.02.27 13:34:36 | 002,163,784 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\firebug@software.joehewitt.com.xpi
[2013.03.06 19:32:28 | 000,386,363 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\personas@christopher.beard.xpi
[2011.08.15 13:10:19 | 000,008,001 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\tineye@ideeinc.com.xpi
[2013.02.27 18:12:25 | 000,060,243 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi
[2013.03.04 10:45:11 | 000,872,587 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012.12.30 14:44:40 | 000,377,738 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}.xpi
[2012.09.07 11:31:59 | 001,268,546 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi
[2013.02.18 01:16:30 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.11.09 16:29:30 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\gwojyt5i.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2013.03.08 14:12:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.03.08 14:12:02 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 17:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2013.02.16 06:15:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.16 06:15:47 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.16 06:15:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.16 06:15:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.16 06:15:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.16 06:15:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.04.09 13:28:01 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-3828931173-708998927-2660071039-1000..\Run: [hddhealth] C:\Program Files (x86)\HDD Health\hddhealth.exe (PANTERASoft)
O4 - HKU\S-1-5-21-3828931173-708998927-2660071039-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3828931173-708998927-2660071039-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3828931173-708998927-2660071039-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3828931173-708998927-2660071039-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8DB17104-5A8D-4368-82C9-AAEFAA7E6FB1}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9D9FD9D6-7659-4DE0-B48B-723F23AA1821}: DhcpNameServer = 192.168.0.1
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004.01.14 16:18:53 | 000,000,000 | ---D | M] - D:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2002.09.10 01:01:35 | 000,151,552 | R--- | M] () - D:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2002.08.29 03:14:48 | 000,000,051 | R--- | M] () - D:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.09 14:57:03 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.04.09 14:34:57 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.09 14:33:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.09 14:33:14 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.09 14:30:36 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe
[2013.04.09 13:29:32 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.09 13:23:33 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.09 13:23:33 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.09 13:23:33 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.09 13:23:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.09 13:23:17 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.09 13:20:59 | 005,049,517 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2013.04.08 17:07:37 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar
[2013.04.08 17:05:20 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2013.04.08 17:05:17 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2013.03.15 16:33:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2013.03.15 16:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.15 16:33:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.15 16:33:49 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.15 16:33:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.15 16:22:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
[2013.03.15 16:22:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Seagate
[2013.03.15 16:15:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.03.15 16:14:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HDD Health
[2013.03.15 16:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HDD Health
[2013.03.13 21:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Games
[2013.03.13 21:10:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Opera
[2013.03.13 21:10:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Opera
[2013.03.13 21:10:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Opera
[2013.03.11 22:10:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LightScribe Template Labeler
[2013.03.11 22:00:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LightScribe Diagnostic Utility
[2013.03.11 21:31:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2013.03.11 21:31:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2013.03.11 21:26:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nero
[2013.03.11 21:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
[2013.03.11 21:25:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nero
[2013.03.11 12:26:58 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Nero
[2013.03.11 12:22:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Nero
[2013.03.11 11:46:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TrueCrypt
[2013.03.10 16:39:21 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.03.10 15:19:23 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.09 15:00:01 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.09 15:00:01 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.09 14:57:12 | 000,726,316 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.09 14:57:12 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.09 14:57:12 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.09 14:53:51 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.09 14:52:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.09 14:52:26 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.09 14:37:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.09 14:30:09 | 000,613,083 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.04.09 14:29:56 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe
[2013.04.09 14:26:10 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.09 13:28:01 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.09 13:20:49 | 005,049,517 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe
[2013.04.08 17:42:40 | 000,000,512 | ---- | M] () -- C:\Users\***\Desktop\MBR.dat
[2013.04.08 17:04:19 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe
[2013.04.08 17:02:53 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe
[2013.04.06 20:18:24 | 782,625,138 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.06 19:08:06 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.04.05 15:06:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2013.03.15 16:22:14 | 000,002,453 | ---- | M] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2013.03.15 16:14:22 | 000,001,044 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk
[2013.03.13 20:57:30 | 001,298,285 | ---- | M] () -- C:\Users\***\Documents\side by side.jpg
[2013.03.13 20:56:51 | 000,000,770 | ---- | M] () -- C:\Users\***\Documents\nokia side by side backup.reg
[2013.03.13 16:00:18 | 000,023,789 | ---- | M] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2013.03.13 15:33:06 | 016,318,104 | ---- | M] () -- C:\Users\***\Documents\landscape.xcf
[2013.03.13 01:37:19 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.13 01:37:19 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.12 16:05:38 | 000,000,408 | ---- | M] () -- C:\Users\***\AppData\Roaming\CamShapes.ini
[2013.03.12 16:05:38 | 000,000,408 | ---- | M] () -- C:\Users\***\AppData\Roaming\CamLayout.ini
[2013.03.12 16:05:38 | 000,000,100 | ---- | M] () -- C:\Users\***\AppData\Roaming\Camdata.ini
[2013.03.12 15:43:16 | 000,004,416 | ---- | M] () -- C:\Users\***\AppData\Roaming\CamStudio.cfg
[2013.03.11 22:07:13 | 000,651,108 | ---- | M] () -- C:\Users\***\Documents\nero cover designer light scribe.jpg
 
========== Files Created - No Company Name ==========
 
[2013.04.09 14:30:35 | 000,613,083 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.04.09 13:23:33 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.09 13:23:33 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.09 13:23:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.09 13:23:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.09 13:23:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.08 17:42:40 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBR.dat
[2013.04.06 19:08:06 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.03.15 16:22:14 | 000,002,453 | ---- | C] () -- C:\Users\Public\Desktop\SeaTools for Windows.lnk
[2013.03.15 16:14:22 | 000,001,044 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HDDHealth.lnk
[2013.03.13 21:10:32 | 000,001,841 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2013.03.13 20:57:30 | 001,298,285 | ---- | C] () -- C:\Users\***\Documents\side by side.jpg
[2013.03.13 20:56:51 | 000,000,770 | ---- | C] () -- C:\Users\***\Documents\nokia side by side backup.reg
[2013.03.13 16:00:18 | 000,023,789 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel
[2013.03.13 15:33:06 | 016,318,104 | ---- | C] () -- C:\Users\***\Documents\landscape.xcf
[2013.03.12 13:52:57 | 000,000,408 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamShapes.ini
[2013.03.12 13:52:57 | 000,000,408 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamLayout.ini
[2013.03.12 13:52:57 | 000,000,100 | ---- | C] () -- C:\Users\***\AppData\Roaming\Camdata.ini
[2013.03.12 13:52:30 | 000,004,416 | ---- | C] () -- C:\Users\***\AppData\Roaming\CamStudio.cfg
[2013.03.11 22:07:13 | 000,651,108 | ---- | C] () -- C:\Users\***\Documents\nero cover designer light scribe.jpg
[2013.03.01 13:38:10 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2013.03.01 13:29:36 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2013.02.27 19:24:20 | 000,348,160 | ---- | C] () -- C:\Windows\Adac-Luftrettung 3D Uninstall.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >

Code:

ATTFilter

OTL Extras logfile created on: 09.04.2013 14:58:09 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,59 Gb Available Physical Memory | 64,88% Memory free
7,99 Gb Paging File | 6,59 Gb Available in Paging File | 82,48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 781,95 Gb Free Space | 83,95% Space Free | Partition Type: NTFS
Drive D: | 686,50 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive L: | 7,62 Gb Total Space | 7,53 Gb Free Space | 98,83% Space Free | Partition Type: NTFS
 
Computer Name: **** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-3828931173-708998927-2660071039-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C8FDDCC-8E15-4ABF-A2C6-18A19C801F8C}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2DB14E80-315E-4D1D-B8E3-81FA07B29A68}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2E67C0D2-B262-429E-97D8-91FC66593C86}" = rport=139 | protocol=6 | dir=out | app=system | 
"{5DCBE1A2-D0CA-41EA-8D62-BF762EFC6D2D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{5FC01A0F-F696-4094-A5F4-77B1A80CF75D}" = lport=138 | protocol=17 | dir=in | app=system | 
"{720AEE72-DB24-4C17-8FA3-F98AEE95F823}" = lport=445 | protocol=6 | dir=in | app=system | 
"{883FBF84-144F-4026-A64D-8541BE1CF984}" = rport=138 | protocol=17 | dir=out | app=system | 
"{8D16048C-3032-4D8B-9A32-0ECB0B3F29BA}" = rport=137 | protocol=17 | dir=out | app=system | 
"{96D9EED2-E708-45A9-9C2F-E9226F238381}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B44D856F-4B7B-4516-9FAE-9DD906F8B191}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D8275260-EF70-4D69-A5C4-40347FDE2266}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E5C0794D-C95C-4177-B843-DFE7A93490F3}" = lport=137 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{39EBF40A-537F-45E1-B1B0-CF783F5E0692}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{46A86B38-3E0F-42BB-B231-7DC577D77D54}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{64D7695B-2689-4FFA-933B-201A9C12FBA1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{6B8EF90E-85DA-4D16-9ED6-1744B995C3EE}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"{8B30128F-53B8-486E-8550-22388B2FBC30}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A332CBCA-F3C5-426D-9BBD-5047D9AEF69D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{B78461B1-860F-48FA-808E-CDC61508AB2C}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{D3CC93B3-A64F-4DFD-89C8-C36E6E5A3779}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{12F74896-A54E-43F4-8636-9A6E3FABF26A}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{B20DDDBF-3122-47B6-843C-B89D56988B2D}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{2973634A-BBBB-4AE0-97EB-F0E9888F81A0}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{8C9BA50D-3063-4A05-9DDE-A6E34DC4DF50}C:\users\***\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"GIMP-2_is1" = GIMP 2.8.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{35F59E66-CAA0-4585-8DC4-037A04717FCF}" = Nero CoverDesigner
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3DD8DC4E-B908-4CC6-9F42-ACEF950D8797}" = LightScribe Template Labeler
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4E52D627-F326-40DB-A74F-8C91BA6D88C6}" = Nero CoverDesigner
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{8F311E92-C29F-4DF9-8259-B739A1831669}_is1" = SUPER © v2012.build.54 (Nov 18, 2012) version v2012.build.54
"{90538B62-F392-4DE1-B886-7B48123866E9}" = LightScribe System Software
"{98613C99-1399-416C-A07C-1EE1C585D872}" = SeaTools for Windows
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C7C04AB-4B97-49DB-88A0-454795349008}" = Nero CoverDesigner Help (CHM)
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{DB680033-BB0B-4EE5-B625-B4F6B130617A}" = LightScribe Diagnostic Utility
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ADACLuftrettung3D" = ADAC Luftrettung 3D
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"HDD Health_is1" = HDD Health v4.2
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.70.0.1100
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 12.14.1738" = Opera 12.14
"TreeSize Free_is1" = TreeSize Free V2.7
"TrueCrypt" = TrueCrypt
"VLC media player" = VLC media player 2.0.5
"Winamp" = Winamp
"WinMerge_is1" = WinMerge 2.14.0
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3828931173-708998927-2660071039-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Winamp Detect" = Winamp Detector Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ System Events ]
Error - 09.04.2013 08:52:48 | Computer Name = **** | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the HDDHealth
 service to connect.
 
 
< End of report >

cosinus · 09.04.2013, 16:00

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

denkgeräusch · 09.04.2013, 19:38

Malwarebytes hat nichts gefunden.

ESET Onlinescanner lies sich leider zunächst nicht installieren (gleiches Problem wie ganz am Anfang. Habe testweise mal wieder versucht, die NokiaSuite zu installieren; kein Erfolg. Ich habe die Installationsdatei ganz normal gestartet, ein paar Sekunden wurde dann die Ladeanimation am Curser angezeigt - und aus.)
Nun habe ich den ESET Onlinescanner (wie auch schon zuvor die anderen Programme) über einen zweiten Rechner runtergeladen und mit einen USB-Stick, den ich jedesmal gescannt habe auf den Problemrechner gebracht. So lässt sich ESET einwandfrei installieren.

Der Scan wird wohl noch eine Zeitlang brauchen - Läuft schon seit fast 2h, log folgt.
Bislang Seven Infected Files:
PHP/Obfuscated.F application 3x
Win32/OpenCandy application 2x
a variant of Win32/Bundled.Toolbar.Ask application 2x

eset log:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=fe2517ff5f7eaa418ceecdfeab67c983
# engine=13583
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-04-09 07:16:08
# local_time=2013-04-09 09:16:08 (+0100, W. Europe Daylight Time)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1799 16775165 100 96 2178928 3574683 2171513 0
# compatibility_mode=5893 16776573 100 94 9378 117985101 0 0
# scanned=522452
# found=10
# cleaned=0
# scan_time=8812
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=8193F65601B85D34051C4A7378B3681517665488 ft=1 fh=156cd8ecd2fe6ec0 vn="Win32/OpenCandy application" ac=I fn="C:\Users\***\Downloads\winamp563_full_emusic-7plus_de-de.exe"
sh=5483FF56F29297E1531E47307B1937EE77F2C27A ft=1 fh=e4aa479a6b6912b2 vn="Win32/OpenCandy application" ac=I fn="J:\Daten von *** Laptop\downloads\SUPERsetup.exe"
sh=6C8520A67D42788DEDDBC011A4E4D25DCB90F47F ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F application" ac=I fn="J:\Daten von *** Laptop\webdesign\gbook17.zip"
sh=E39F42A4A191F2955DA82FC74042C0223F690BF2 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F application" ac=I fn="J:\Daten von *** Laptop\webdesign\gbook17\gbook.php"
sh=E39F42A4A191F2955DA82FC74042C0223F690BF2 ft=0 fh=0000000000000000 vn="PHP/Obfuscated.F application" ac=I fn="J:\Daten von *** Laptop\webdesign\***\center\gaestebuch\gbook.php"
sh=C89865B729E1F6027A461E7B48CFA68A54590A2D ft=1 fh=30a236b0a4800cbe vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="J:\Program Files (x86)\Avira\AntiVir Desktop\apnic.dll"
sh=085E2EFA6A258EEC88044241035A37DFF3DE3AE9 ft=1 fh=561b7be0126badba vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="J:\Program Files (x86)\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=8193F65601B85D34051C4A7378B3681517665488 ft=1 fh=156cd8ecd2fe6ec0 vn="Win32/OpenCandy application" ac=I fn="J:\Program Files (x86)\Winamp\Skins\winamp563_full_emusic-7plus_de-de.exe"

Um Deiner Frage vorzugreifen: Dieses guestbook ist ein php Script, das ich für eine Website heruntergeladen hatte, an der ich gearbeitet habe. War wohl nicht so K-L-U-K

Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglich

Log-Analyse und Auswertung: Start_ShowMyComputer (PUM.Hijack.StartMenu) || Fehlermeldung Festplatte defekt || Programme installieren meist nicht möglich