Zitat:

23:08:38.0097 6284 Scan started
23:08:38.0097 6284 Mode: Manual;

Der tdsskiller wurde auch falsch eingestellt, bitte nochmal richtig machen.

Code: Alles auswählenAufklappen

ATTFilter

23:54:14.0046 4100  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:54:14.0452 4100  ============================================================
23:54:14.0452 4100  Current date / time: 2013/04/22 23:54:14.0452
23:54:14.0452 4100  SystemInfo:
23:54:14.0452 4100  
23:54:14.0452 4100  OS Version: 6.1.7600 ServicePack: 0.0
23:54:14.0452 4100  Product type: Workstation
23:54:14.0452 4100  ComputerName: 
23:54:14.0452 4100  UserName: XYZ
23:54:14.0452 4100  Windows directory: C:\Windows
23:54:14.0452 4100  System windows directory: C:\Windows
23:54:14.0452 4100  Processor architecture: Intel x86
23:54:14.0452 4100  Number of processors: 2
23:54:14.0452 4100  Page size: 0x1000
23:54:14.0452 4100  Boot type: Normal boot
23:54:14.0452 4100  ============================================================
23:54:15.0107 4100  Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:54:15.0200 4100  ============================================================
23:54:15.0200 4100  \Device\Harddisk0\DR0:
23:54:15.0200 4100  MBR partitions:
23:54:15.0200 4100  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
23:54:15.0200 4100  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x6F4D3000
23:54:15.0200 4100  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x6F505800, BlocksNum 0x5000000
23:54:15.0200 4100  ============================================================
23:54:15.0232 4100  C: <-> \Device\Harddisk0\DR0\Partition2
23:54:15.0294 4100  D: <-> \Device\Harddisk0\DR0\Partition3
23:54:15.0325 4100  ============================================================
23:54:15.0325 4100  Initialize success
23:54:15.0325 4100  ============================================================
23:55:27.0917 6136  ============================================================
23:55:27.0917 6136  Scan started
23:55:27.0917 6136  Mode: Manual; SigCheck; TDLFS; 
23:55:27.0917 6136  ============================================================
23:55:29.0836 6136  ================ Scan system memory ========================
23:55:29.0836 6136  System memory - ok
23:55:29.0836 6136  ================ Scan services =============================
23:55:30.0039 6136  [ 6D2ACA41739BFE8CB86EE8E85F29697D ] 1394ohci        C:\Windows\system32\DRIVERS\1394ohci.sys
23:55:30.0210 6136  1394ohci - ok
23:55:30.0288 6136  [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon        C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
23:55:30.0320 6136  ACDaemon - ok
23:55:30.0366 6136  [ F0E07D144C8685B8774BC32FC8DA4DF0 ] ACPI            C:\Windows\system32\DRIVERS\ACPI.sys
23:55:30.0382 6136  ACPI - ok
23:55:30.0413 6136  [ 98D81CA942D19F7D9153B095162AC013 ] AcpiPmi         C:\Windows\system32\DRIVERS\acpipmi.sys
23:55:30.0444 6136  AcpiPmi - ok
23:55:30.0476 6136  [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
23:55:30.0491 6136  adp94xx - ok
23:55:30.0507 6136  [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
23:55:30.0538 6136  adpahci - ok
23:55:30.0569 6136  [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
23:55:30.0585 6136  adpu320 - ok
23:55:30.0600 6136  [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
23:55:30.0632 6136  AeLookupSvc - ok
23:55:30.0678 6136  [ 0DB7A48388D54D154EBEC120461A0FCD ] AFD             C:\Windows\system32\drivers\afd.sys
23:55:30.0756 6136  AFD - ok
23:55:30.0788 6136  [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440          C:\Windows\system32\DRIVERS\agp440.sys
23:55:30.0803 6136  agp440 - ok
23:55:30.0834 6136  [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx         C:\Windows\system32\DRIVERS\djsvs.sys
23:55:30.0850 6136  aic78xx - ok
23:55:30.0866 6136  [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG             C:\Windows\System32\alg.exe
23:55:30.0912 6136  ALG - ok
23:55:30.0928 6136  [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide          C:\Windows\system32\DRIVERS\aliide.sys
23:55:30.0928 6136  aliide - ok
23:55:30.0959 6136  [ 60201AD353105D8C6796C1B69E6C49F0 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
23:55:31.0006 6136  AMD External Events Utility - ok
23:55:31.0022 6136  [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp          C:\Windows\system32\DRIVERS\amdagp.sys
23:55:31.0037 6136  amdagp - ok
23:55:31.0053 6136  [ CD5914170297126B6266860198D1D4F0 ] amdide          C:\Windows\system32\DRIVERS\amdide.sys
23:55:31.0068 6136  amdide - ok
23:55:31.0084 6136  [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
23:55:31.0115 6136  AmdK8 - ok
23:55:31.0240 6136  [ 51610B74A9A1D84DC86FCE1019BEAFF4 ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
23:55:31.0365 6136  amdkmdag - ok
23:55:31.0380 6136  [ CD1D86AB81EECE67D7BD6F7EF9786CCC ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
23:55:31.0427 6136  amdkmdap - ok
23:55:31.0443 6136  [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
23:55:31.0474 6136  AmdPPM - ok
23:55:31.0490 6136  [ 19CE906B4CDC11FC4FEF5745F33A63B6 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
23:55:31.0505 6136  amdsata - ok
23:55:31.0521 6136  [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
23:55:31.0536 6136  amdsbs - ok
23:55:31.0552 6136  [ 869E67D66BE326A5A9159FBA8746FA70 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
23:55:31.0568 6136  amdxata - ok
23:55:31.0583 6136  [ FEB834C02CE1E84B6A38F953CA067706 ] AppID           C:\Windows\system32\drivers\appid.sys
23:55:31.0614 6136  AppID - ok
23:55:31.0646 6136  [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
23:55:31.0755 6136  AppIDSvc - ok
23:55:31.0770 6136  [ 7DEAD9E3F65DCB2794F2711003BBF650 ] Appinfo         C:\Windows\System32\appinfo.dll
23:55:31.0802 6136  Appinfo - ok
23:55:31.0864 6136  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:55:31.0895 6136  Apple Mobile Device - ok
23:55:31.0989 6136  [ 5234837DFEC4092E235594B25CF02865 ] Application Updater C:\Program Files\Application Updater\ApplicationUpdater.exe
23:55:32.0020 6136  Application Updater - ok
23:55:32.0051 6136  [ 2932004F49677BD84DBC72EDB754FFB3 ] arc             C:\Windows\system32\DRIVERS\arc.sys
23:55:32.0067 6136  arc - ok
23:55:32.0082 6136  [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
23:55:32.0082 6136  arcsas - ok
23:55:32.0098 6136  [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:55:32.0129 6136  AsyncMac - ok
23:55:32.0145 6136  [ 338C86357871C167A96AB976519BF59E ] atapi           C:\Windows\system32\DRIVERS\atapi.sys
23:55:32.0160 6136  atapi - ok
23:55:32.0207 6136  [ 8DF873D0587596C1D35A9CECECC61DA1 ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
23:55:32.0223 6136  AtiHdmiService - ok
23:55:32.0238 6136  [ 510C873BFA135AA829F4180352772734 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:55:32.0285 6136  AudioEndpointBuilder - ok
23:55:32.0285 6136  [ 510C873BFA135AA829F4180352772734 ] Audiosrv        C:\Windows\System32\Audiosrv.dll
23:55:32.0316 6136  Audiosrv - ok
23:55:32.0348 6136  AVP - ok
23:55:32.0379 6136  [ DD6A431B43E34B91A767D1CE33728175 ] AxInstSV        C:\Windows\System32\AxInstSV.dll
23:55:32.0457 6136  AxInstSV - ok
23:55:32.0488 6136  [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbdx.sys
23:55:32.0582 6136  b06bdrv - ok
23:55:32.0597 6136  [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x        C:\Windows\system32\DRIVERS\b57nd60x.sys
23:55:32.0613 6136  b57nd60x - ok
23:55:32.0644 6136  [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC          C:\Windows\System32\bdesvc.dll
23:55:32.0691 6136  BDESVC - ok
23:55:32.0706 6136  [ 505506526A9D467307B3C393DEDAF858 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:55:32.0738 6136  Beep - ok
23:55:32.0753 6136  [ 85AC71C045CEB054ED48A7841AAE0C11 ] BFE             C:\Windows\System32\bfe.dll
23:55:32.0800 6136  BFE - ok
23:55:32.0831 6136  [ 53F476476F55A27F580661BDE09C4EC4 ] BITS            C:\Windows\System32\qmgr.dll
23:55:32.0878 6136  BITS - ok
23:55:32.0894 6136  [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
23:55:32.0909 6136  blbdrive - ok
23:55:32.0972 6136  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:55:33.0034 6136  Bonjour Service - ok
23:55:33.0050 6136  [ 9A5C671B7FBAE4865149BB11F59B91B2 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:55:33.0081 6136  bowser - ok
23:55:33.0096 6136  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:55:33.0128 6136  BrFiltLo - ok
23:55:33.0143 6136  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:55:33.0174 6136  BrFiltUp - ok
23:55:33.0206 6136  [ A0E691DC6589D4D2CBE373171D1A49E5 ] Browser         C:\Windows\System32\browser.dll
23:55:33.0221 6136  Browser - ok
23:55:33.0237 6136  [ 845B8CE732E67F3B4133164868C666EA ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
23:55:33.0284 6136  Brserid - ok
23:55:33.0299 6136  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
23:55:33.0330 6136  BrSerWdm - ok
23:55:33.0346 6136  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
23:55:33.0377 6136  BrUsbMdm - ok
23:55:33.0393 6136  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
23:55:33.0424 6136  BrUsbSer - ok
23:55:33.0440 6136  [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
23:55:33.0471 6136  BTHMODEM - ok
23:55:33.0486 6136  [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv         C:\Windows\system32\bthserv.dll
23:55:33.0518 6136  bthserv - ok
23:55:33.0564 6136  [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:55:33.0596 6136  cdfs - ok
23:55:33.0611 6136  [ BA6E70AA0E6091BC39DE29477D866A77 ] cdrom           C:\Windows\system32\DRIVERS\cdrom.sys
23:55:33.0642 6136  cdrom - ok
23:55:33.0658 6136  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] CertPropSvc     C:\Windows\System32\certprop.dll
23:55:33.0689 6136  CertPropSvc - ok
23:55:33.0705 6136  [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
23:55:33.0720 6136  circlass - ok
23:55:33.0736 6136  [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS            C:\Windows\system32\CLFS.sys
23:55:33.0752 6136  CLFS - ok
23:55:33.0798 6136  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:55:33.0814 6136  clr_optimization_v2.0.50727_32 - ok
23:55:33.0861 6136  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:55:33.0892 6136  clr_optimization_v4.0.30319_32 - ok
23:55:33.0923 6136  [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:55:33.0939 6136  CmBatt - ok
23:55:33.0970 6136  [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide          C:\Windows\system32\DRIVERS\cmdide.sys
23:55:33.0986 6136  cmdide - ok
23:55:34.0017 6136  [ DB5E008B3744DD60C8498CBBF2A1CFA6 ] CNG             C:\Windows\system32\Drivers\cng.sys
23:55:34.0048 6136  CNG - ok
23:55:34.0064 6136  [ A6023D3823C37043986713F118A89BEE ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:55:34.0064 6136  Compbatt - ok
23:55:34.0110 6136  [ F1724BA27E97D627F808FB0BA77A28A6 ] CompositeBus    C:\Windows\system32\DRIVERS\CompositeBus.sys
23:55:34.0126 6136  CompositeBus - ok
23:55:34.0142 6136  COMSysApp - ok
23:55:34.0157 6136  [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
23:55:34.0173 6136  crcdisk - ok
23:55:34.0204 6136  [ F2FDE6C8DBAAD44CC58D1E07E4AF4EED ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:55:34.0235 6136  CryptSvc - ok
23:55:34.0313 6136  [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc          C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:55:34.0360 6136  cvhsvc - ok
23:55:34.0407 6136  [ B82CD39E336973359D7C9BF911E8E84F ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:55:34.0438 6136  DcomLaunch - ok
23:55:34.0454 6136  [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc       C:\Windows\System32\defragsvc.dll
23:55:34.0500 6136  defragsvc - ok
23:55:34.0547 6136  [ 83D1ECEA8FAAE75604C0FA49AC7AD996 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:55:34.0594 6136  DfsC - ok
23:55:34.0625 6136  [ C56495FBD770712367CAD35E5DE72DA6 ] Dhcp            C:\Windows\system32\dhcpcore.dll
23:55:34.0656 6136  Dhcp - ok
23:55:34.0688 6136  [ 1A050B0274BFB3890703D490F330C0DA ] discache        C:\Windows\system32\drivers\discache.sys
23:55:34.0750 6136  discache - ok
23:55:34.0766 6136  [ 565003F326F99802E68CA78F2A68E9FF ] Disk            C:\Windows\system32\DRIVERS\disk.sys
23:55:34.0781 6136  Disk - ok
23:55:34.0812 6136  [ B15BE77A2BACF9C3177D27518AFE26A9 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:55:34.0844 6136  Dnscache - ok
23:55:34.0875 6136  [ 4408C85C21EEA48EB0CE486BAEEF0502 ] dot3svc         C:\Windows\System32\dot3svc.dll
23:55:34.0906 6136  dot3svc - ok
23:55:34.0922 6136  [ 7FA81C6E11CAA594ADB52084DA73A1E5 ] DPS             C:\Windows\system32\dps.dll
23:55:34.0953 6136  DPS - ok
23:55:34.0984 6136  [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
23:55:35.0015 6136  drmkaud - ok
23:55:35.0046 6136  [ 1679A4669326CB1A67CC95658D273234 ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
23:55:35.0062 6136  DXGKrnl - ok
23:55:35.0078 6136  [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost         C:\Windows\System32\eapsvc.dll
23:55:35.0124 6136  EapHost - ok
23:55:35.0234 6136  [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv           C:\Windows\system32\DRIVERS\evbdx.sys
23:55:35.0280 6136  ebdrv - ok
23:55:35.0296 6136  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] EFS             C:\Windows\System32\lsass.exe
23:55:35.0327 6136  EFS - ok
23:55:35.0374 6136  [ 1697C39978CD69F6FBC15302EDCECE1F ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
23:55:35.0405 6136  ehRecvr - ok
23:55:35.0436 6136  [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched         C:\Windows\ehome\ehsched.exe
23:55:35.0468 6136  ehSched - ok
23:55:35.0499 6136  [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
23:55:35.0530 6136  elxstor - ok
23:55:35.0546 6136  [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev          C:\Windows\system32\DRIVERS\errdev.sys
23:55:35.0577 6136  ErrDev - ok
23:55:35.0608 6136  [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem     C:\Windows\system32\es.dll
23:55:35.0655 6136  EventSystem - ok
23:55:35.0670 6136  [ 2DC9108D74081149CC8B651D3A26207F ] exfat           C:\Windows\system32\drivers\exfat.sys
23:55:35.0702 6136  exfat - ok
23:55:35.0717 6136  [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat         C:\Windows\system32\drivers\fastfat.sys
23:55:35.0748 6136  fastfat - ok
23:55:35.0780 6136  [ F7EA23CC5E6BF2181F3F399D54F6EFC1 ] Fax             C:\Windows\system32\fxssvc.exe
23:55:35.0811 6136  Fax - ok
23:55:35.0842 6136  [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
23:55:35.0858 6136  fdc - ok
23:55:35.0889 6136  [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost         C:\Windows\system32\fdPHost.dll
23:55:35.0920 6136  fdPHost - ok
23:55:35.0936 6136  [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub        C:\Windows\system32\fdrespub.dll
23:55:35.0951 6136  FDResPub - ok
23:55:35.0982 6136  [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:55:35.0998 6136  FileInfo - ok
23:55:35.0998 6136  [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
23:55:36.0029 6136  Filetrace - ok
23:55:36.0060 6136  [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:55:36.0092 6136  flpydisk - ok
23:55:36.0107 6136  [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:55:36.0138 6136  FltMgr - ok
23:55:36.0170 6136  [ 7FE4995528A7529A761875151EE3D512 ] FontCache       C:\Windows\system32\FntCache.dll
23:55:36.0232 6136  FontCache - ok
23:55:36.0263 6136  [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:55:36.0294 6136  FontCache3.0.0.0 - ok
23:55:36.0310 6136  [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
23:55:36.0326 6136  FsDepends - ok
23:55:36.0388 6136  [ 500A9814FD9446A8126858A5A7F7D273 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:55:36.0419 6136  Fs_Rec - ok
23:55:36.0450 6136  [ 4732E596BB1C50D9F9188C5074EE7782 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
23:55:36.0482 6136  fvevol - ok
23:55:36.0513 6136  [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
23:55:36.0528 6136  gagp30kx - ok
23:55:36.0560 6136  [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM     C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:55:36.0575 6136  GEARAspiWDM - ok
23:55:36.0606 6136  [ 8BA3C04702BF8F927AB36AE8313CA4EE ] gpsvc           C:\Windows\System32\gpsvc.dll
23:55:36.0638 6136  gpsvc - ok
23:55:36.0684 6136  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
23:55:36.0700 6136  gupdate - ok
23:55:36.0716 6136  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
23:55:36.0731 6136  gupdatem - ok
23:55:36.0747 6136  [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
23:55:36.0762 6136  gusvc - ok
23:55:36.0778 6136  [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
23:55:36.0840 6136  hcw85cir - ok
23:55:36.0856 6136  [ 3530CAD25DEBA7DC7DE8BB51632CBC5F ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:55:36.0887 6136  HdAudAddService - ok
23:55:36.0918 6136  [ 717A2207FD6F13AD3E664C7D5A43C7BF ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:55:36.0950 6136  HDAudBus - ok
23:55:36.0965 6136  [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
23:55:36.0981 6136  HidBatt - ok
23:55:36.0996 6136  [ 89448F40E6DF260C206A193A4683BA78 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
23:55:37.0012 6136  HidBth - ok
23:55:37.0028 6136  [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
23:55:37.0059 6136  HidIr - ok
23:55:37.0074 6136  [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv         C:\Windows\system32\hidserv.dll
23:55:37.0106 6136  hidserv - ok
23:55:37.0121 6136  [ 25072FB35AC90B25F9E4E3BACF774102 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:55:37.0137 6136  HidUsb - ok
23:55:37.0168 6136  [ 741C2A45CA8407E374AABA3E330B7872 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:55:37.0199 6136  hkmsvc - ok
23:55:37.0199 6136  [ A768CA158BB06782A2835B907F4873C3 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:55:37.0230 6136  HomeGroupListener - ok
23:55:37.0262 6136  [ FB08DEC5EF43D0C66D83B8E9694E7549 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:55:37.0277 6136  HomeGroupProvider - ok
23:55:37.0293 6136  [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD          C:\Windows\system32\DRIVERS\HpSAMD.sys
23:55:37.0308 6136  HpSAMD - ok
23:55:37.0340 6136  [ C531C7FD9E8B62021112787C4E2C5A5A ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:55:37.0386 6136  HTTP - ok
23:55:37.0386 6136  [ 8305F33CDE89AD6C7A0763ED0B5A8D42 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
23:55:37.0402 6136  hwpolicy - ok
23:55:37.0449 6136  [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:55:37.0480 6136  i8042prt - ok
23:55:37.0496 6136  [ 26541A068572F650A2FA490726FE81BE ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
23:55:37.0511 6136  iaStor - ok
23:55:37.0542 6136  [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
23:55:37.0542 6136  IAStorDataMgrSvc - ok
23:55:37.0589 6136  [ 71F1A494FEDF4B33C02C4A6A28D6D9E9 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
23:55:37.0605 6136  iaStorV - ok
23:55:37.0667 6136  [ B1A28FA1AFDE10B95FF9354B15701D70 ] ICQ Service     C:\Program Files\ICQ6Toolbar\ICQ Service.exe
23:55:37.0699 6136  ICQ Service - ok
23:55:37.0745 6136  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:55:37.0777 6136  IDriverT ( UnsignedFile.Multi.Generic ) - warning
23:55:37.0777 6136  IDriverT - detected UnsignedFile.Multi.Generic (1)
23:55:37.0823 6136  [ 5AF815EB5BC9802E5A064E2BA62BFC0C ] idsvc           C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:55:37.0870 6136  idsvc - ok
23:55:37.0964 6136  [ AD626F6964F4D364D226C39E06872DD3 ] igfx            C:\Windows\system32\DRIVERS\igdkmd32.sys
23:55:38.0073 6136  igfx - ok
23:55:38.0104 6136  [ 4173FF5708F3236CF25195FECD742915 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
23:55:38.0104 6136  iirsp - ok
23:55:38.0151 6136  [ FAC0EE6562B121B1399D6E855583F7A5 ] IKEEXT          C:\Windows\System32\ikeext.dll
23:55:38.0182 6136  IKEEXT - ok
23:55:38.0291 6136  [ F4427E5DF32CDE359B2E2E5512D18001 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:55:38.0416 6136  IntcAzAudAddService - ok
23:55:38.0447 6136  [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide        C:\Windows\system32\DRIVERS\intelide.sys
23:55:38.0463 6136  intelide - ok
23:55:38.0494 6136  [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:55:38.0510 6136  intelppm - ok
23:55:38.0525 6136  [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
23:55:38.0572 6136  IPBusEnum - ok
23:55:38.0588 6136  [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:55:38.0619 6136  IpFilterDriver - ok
23:55:38.0635 6136  [ 477397B432A256A50EE7E4339EB9EA14 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:55:38.0666 6136  iphlpsvc - ok
23:55:38.0681 6136  [ E4454B6C37D7FFD5649611F6496308A7 ] IPMIDRV         C:\Windows\system32\DRIVERS\IPMIDrv.sys
23:55:38.0697 6136  IPMIDRV - ok
23:55:38.0713 6136  [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
23:55:38.0759 6136  IPNAT - ok
23:55:38.0806 6136  [ E46B17060D3962A384AE484094614788 ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:55:38.0822 6136  iPod Service - ok
23:55:38.0837 6136  [ 42996CFF20A3084A56017B7902307E9F ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:55:38.0853 6136  IRENUM - ok
23:55:38.0869 6136  [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp          C:\Windows\system32\DRIVERS\isapnp.sys
23:55:38.0884 6136  isapnp - ok
23:55:38.0900 6136  [ ED46C223AE46C6866AB77CDC41C404B7 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
23:55:38.0915 6136  iScsiPrt - ok
23:55:38.0947 6136  [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:55:38.0962 6136  kbdclass - ok
23:55:38.0978 6136  [ 3D9F0EBF350EDCFD6498057301455964 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:55:39.0009 6136  kbdhid - ok
23:55:39.0025 6136  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] KeyIso          C:\Windows\system32\lsass.exe
23:55:39.0040 6136  KeyIso - ok
23:55:39.0087 6136  [ 186B54479D98E48AEE0E9ADA4B3C4D31 ] KL1             C:\Windows\system32\DRIVERS\kl1.sys
23:55:39.0087 6136  KL1 - ok
23:55:39.0103 6136  [ BF485BFBA13C0AB116701FD9C55324D0 ] kl2             C:\Windows\system32\DRIVERS\kl2.sys
23:55:39.0118 6136  kl2 - ok
23:55:39.0149 6136  [ D4C57824767D3ECBD89883A33F4FD87A ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
23:55:39.0165 6136  KLIF - ok
23:55:39.0212 6136  [ 6295A19003F935ECC6CCBE9E2376427B ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
23:55:39.0227 6136  KLIM6 - ok
23:55:39.0227 6136  [ 3DE1771C135328420315E21DDE229BBA ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
23:55:39.0243 6136  klmouflt - ok
23:55:39.0274 6136  [ 52FC17C8589F11747D01D3CF592673D0 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:55:39.0290 6136  KSecDD - ok
23:55:39.0290 6136  [ 3E5474B03568CFAB834DA3C38E8C9EFA ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
23:55:39.0305 6136  KSecPkg - ok
23:55:39.0337 6136  [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm           C:\Windows\system32\msdtckrm.dll
23:55:39.0383 6136  KtmRm - ok
23:55:39.0415 6136  [ 8F6BF790D3168224C16F2AF68A84438C ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:55:39.0446 6136  LanmanServer - ok
23:55:39.0461 6136  [ B9891F885DCF1F0513A51CB58493CB1F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:55:39.0493 6136  LanmanWorkstation - ok
23:55:39.0539 6136  [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:55:39.0586 6136  lltdio - ok
23:55:39.0602 6136  [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc         C:\Windows\System32\lltdsvc.dll
23:55:39.0633 6136  lltdsvc - ok
23:55:39.0649 6136  [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts         C:\Windows\System32\lmhsvc.dll
23:55:39.0695 6136  lmhosts - ok
23:55:39.0711 6136  [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
23:55:39.0727 6136  LSI_FC - ok
23:55:39.0758 6136  [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
23:55:39.0789 6136  LSI_SAS - ok
23:55:39.0805 6136  [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:55:39.0805 6136  LSI_SAS2 - ok
23:55:39.0836 6136  [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:55:39.0851 6136  LSI_SCSI - ok
23:55:39.0867 6136  [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv           C:\Windows\system32\drivers\luafv.sys
23:55:39.0883 6136  luafv - ok
23:55:39.0914 6136  [ E2B0887816ED336685954E3D8FDAA51D ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
23:55:39.0945 6136  Mcx2Svc - ok
23:55:39.0945 6136  [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
23:55:39.0961 6136  megasas - ok
23:55:39.0992 6136  [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
23:55:40.0007 6136  MegaSR - ok
23:55:40.0023 6136  [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS           C:\Windows\system32\mmcss.dll
23:55:40.0054 6136  MMCSS - ok
23:55:40.0070 6136  [ F001861E5700EE84E2D4E52C712F4964 ] Modem           C:\Windows\system32\drivers\modem.sys
23:55:40.0101 6136  Modem - ok
23:55:40.0132 6136  [ 79D10964DE86B292320E9DFE02282A23 ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
23:55:40.0148 6136  monitor - ok
23:55:40.0179 6136  [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:55:40.0195 6136  mouclass - ok
23:55:40.0210 6136  [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:55:40.0226 6136  mouhid - ok
23:55:40.0241 6136  [ 921C18727C5920D6C0300736646931C2 ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
23:55:40.0257 6136  mountmgr - ok
23:55:40.0273 6136  [ 2AF5997438C55FB79D33D015C30E1974 ] mpio            C:\Windows\system32\DRIVERS\mpio.sys
23:55:40.0288 6136  mpio - ok
23:55:40.0288 6136  [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:55:40.0319 6136  mpsdrv - ok
23:55:40.0351 6136  [ 5CD996CECF45CBC3E8D109C86B82D69E ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:55:40.0413 6136  MpsSvc - ok
23:55:40.0444 6136  [ B1BE47008D20E43DA3ADC37C24CDB89D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:55:40.0460 6136  MRxDAV - ok
23:55:40.0507 6136  [ CA7570E42522E24324A12161DB14EC02 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:55:40.0553 6136  mrxsmb - ok
23:55:40.0585 6136  [ F965C3AB2B2AE5C378F4562486E35051 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:55:40.0616 6136  mrxsmb10 - ok
23:55:40.0616 6136  [ 25C38264A3C72594DD21D355D70D7A5D ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:55:40.0631 6136  mrxsmb20 - ok
23:55:40.0647 6136  [ 4326D168944123F38DD3B2D9C37A0B12 ] msahci          C:\Windows\system32\DRIVERS\msahci.sys
23:55:40.0663 6136  msahci - ok
23:55:40.0678 6136  [ 455029C7174A2DBB03DBA8A0D8BDDD9A ] msdsm           C:\Windows\system32\DRIVERS\msdsm.sys
23:55:40.0694 6136  msdsm - ok
23:55:40.0709 6136  [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC           C:\Windows\System32\msdtc.exe
23:55:40.0741 6136  MSDTC - ok
23:55:40.0756 6136  [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:55:40.0803 6136  Msfs - ok
23:55:40.0819 6136  [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
23:55:40.0834 6136  mshidkmdf - ok
23:55:40.0850 6136  [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv        C:\Windows\system32\DRIVERS\msisadrv.sys
23:55:40.0865 6136  msisadrv - ok
23:55:40.0897 6136  [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
23:55:40.0928 6136  MSiSCSI - ok
23:55:40.0928 6136  msiserver - ok
23:55:40.0959 6136  [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
23:55:40.0975 6136  MSKSSRV - ok
23:55:40.0990 6136  [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:55:41.0021 6136  MSPCLOCK - ok
23:55:41.0021 6136  [ F456E973590D663B1073E9C463B40932 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
23:55:41.0053 6136  MSPQM - ok
23:55:41.0068 6136  [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
23:55:41.0068 6136  MsRPC - ok
23:55:41.0084 6136  [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:55:41.0099 6136  mssmbios - ok
23:55:41.0099 6136  [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
23:55:41.0131 6136  MSTEE - ok
23:55:41.0146 6136  [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
23:55:41.0162 6136  MTConfig - ok
23:55:41.0177 6136  [ 159FAD02F64E6381758C990F753BCC80 ] Mup             C:\Windows\system32\Drivers\mup.sys
23:55:41.0177 6136  Mup - ok
23:55:41.0193 6136  [ 80284F1985C70C86F0B5F86DA2DFE1DF ] napagent        C:\Windows\system32\qagentRT.dll
23:55:41.0224 6136  napagent - ok
23:55:41.0255 6136  [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
23:55:41.0287 6136  NativeWifiP - ok
23:55:41.0318 6136  [ 23759D175A0A9BAAF04D05047BC135A8 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:55:41.0349 6136  NDIS - ok
23:55:41.0349 6136  [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
23:55:41.0380 6136  NdisCap - ok
23:55:41.0411 6136  [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:55:41.0443 6136  NdisTapi - ok
23:55:41.0458 6136  [ B30AE7F2B6D7E343B0DF32E6C08FCE75 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
23:55:41.0489 6136  Ndisuio - ok
23:55:41.0489 6136  [ 267C415EADCBE53C9CA873DEE39CF3A4 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
23:55:41.0536 6136  NdisWan - ok
23:55:41.0552 6136  [ AF7E7C63DCEF3F8772726F86039D6EB4 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
23:55:41.0583 6136  NDProxy - ok
23:55:41.0599 6136  [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
23:55:41.0645 6136  NetBIOS - ok
23:55:41.0645 6136  [ DD52A733BF4CA5AF84562A5E2F963B91 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
23:55:41.0677 6136  NetBT - ok
23:55:41.0677 6136  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] Netlogon        C:\Windows\system32\lsass.exe
23:55:41.0692 6136  Netlogon - ok
23:55:41.0723 6136  [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman          C:\Windows\System32\netman.dll
23:55:41.0755 6136  Netman - ok
23:55:41.0770 6136  [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm        C:\Windows\System32\netprofm.dll
23:55:41.0801 6136  netprofm - ok
23:55:41.0817 6136  [ FE2AA5A684B0DD9B1FAE57B7817C198B ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:55:41.0833 6136  NetTcpPortSharing - ok
23:55:41.0848 6136  [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
23:55:41.0864 6136  nfrd960 - ok
23:55:41.0879 6136  [ 2226496E34BD40734946A054B1CD657F ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:55:41.0911 6136  NlaSvc - ok
23:55:41.0926 6136  [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:55:41.0957 6136  Npfs - ok
23:55:41.0957 6136  [ BA387E955E890C8A88306D9B8D06BF17 ] nsi             C:\Windows\system32\nsisvc.dll
23:55:41.0989 6136  nsi - ok
23:55:42.0004 6136  [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:55:42.0020 6136  nsiproxy - ok
23:55:42.0067 6136  [ A458A5F7FD79C477D40ED42CF5A230CB ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:55:42.0098 6136  Ntfs - ok
23:55:42.0129 6136  [ F9756A98D69098DCA8945D62858A812C ] Null            C:\Windows\system32\drivers\Null.sys
23:55:42.0160 6136  Null - ok
23:55:42.0176 6136  [ F1B0BED906F97E16F6D0C3629D2F21C6 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:55:42.0191 6136  nvraid - ok
23:55:42.0207 6136  [ 4520B63899E867F354EE012D34E11536 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:55:42.0223 6136  nvstor - ok
23:55:42.0238 6136  [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp          C:\Windows\system32\DRIVERS\nv_agp.sys
23:55:42.0254 6136  nv_agp - ok
23:55:42.0269 6136  [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
23:55:42.0285 6136  ohci1394 - ok
23:55:42.0332 6136  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose             C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:55:42.0332 6136  ose - ok
23:55:42.0472 6136  [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc         C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:55:42.0566 6136  osppsvc - ok
23:55:42.0613 6136  [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
23:55:42.0644 6136  p2pimsvc - ok
23:55:42.0659 6136  [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:55:42.0675 6136  p2psvc - ok
23:55:42.0691 6136  [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
23:55:42.0706 6136  Parport - ok
23:55:42.0737 6136  [ 66D3415C159741ADE7038A277EFFF99F ] partmgr         C:\Windows\system32\drivers\partmgr.sys
23:55:42.0753 6136  partmgr - ok
23:55:42.0769 6136  [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm          C:\Windows\system32\DRIVERS\parvdm.sys
23:55:42.0784 6136  Parvdm - ok
23:55:42.0800 6136  [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:55:42.0831 6136  PcaSvc - ok
23:55:42.0847 6136  [ C858CB77C577780ECC456A892E7E7D0F ] pci             C:\Windows\system32\DRIVERS\pci.sys
23:55:42.0862 6136  pci - ok
23:55:42.0878 6136  [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide          C:\Windows\system32\DRIVERS\pciide.sys
23:55:42.0878 6136  pciide - ok
23:55:42.0893 6136  [ F396431B31693E71E8A80687EF523506 ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
23:55:42.0909 6136  pcmcia - ok
23:55:42.0940 6136  [ 250F6B43D2B613172035C6747AEEB19F ] pcw             C:\Windows\system32\drivers\pcw.sys
23:55:42.0956 6136  pcw - ok
23:55:42.0971 6136  [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:55:43.0018 6136  PEAUTH - ok
23:55:43.0081 6136  [ 9C1BFF7910C89A1D12E57343475840CB ] pla             C:\Windows\system32\pla.dll
23:55:43.0127 6136  pla - ok
23:55:43.0159 6136  [ 71DEF5EC79774C798342D0EA16E41780 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:55:43.0221 6136  PlugPlay - ok
23:55:43.0237 6136  [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
23:55:43.0252 6136  PNRPAutoReg - ok
23:55:43.0268 6136  [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
23:55:43.0283 6136  PNRPsvc - ok
23:55:43.0315 6136  [ 48E1B75C6DC0232FD92BAAE4BD344721 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
23:55:43.0361 6136  PolicyAgent - ok
23:55:43.0377 6136  [ DBFF83F709A91049621C1D35DD45C92C ] Power           C:\Windows\system32\umpo.dll
23:55:43.0408 6136  Power - ok
23:55:43.0439 6136  [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:55:43.0471 6136  PptpMiniport - ok
23:55:43.0486 6136  [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor       C:\Windows\system32\DRIVERS\processr.sys
23:55:43.0502 6136  Processor - ok
23:55:43.0549 6136  [ AEA3BDBDBA667AA6F678CB38907E4F5E ] ProfSvc         C:\Windows\system32\profsvc.dll
23:55:43.0595 6136  ProfSvc - ok
23:55:43.0595 6136  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:55:43.0611 6136  ProtectedStorage - ok
23:55:43.0642 6136  [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
23:55:43.0673 6136  Psched - ok
23:55:43.0689 6136  [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2       c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
23:55:43.0736 6136  PSI_SVC_2 - ok
23:55:43.0767 6136  [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
23:55:43.0798 6136  ql2300 - ok
23:55:43.0829 6136  [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
23:55:43.0845 6136  ql40xx - ok
23:55:43.0861 6136  [ 31AC809E7707EB580B2BDB760390765A ] QWAVE           C:\Windows\system32\qwave.dll
23:55:43.0892 6136  QWAVE - ok
23:55:43.0892 6136  [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:55:43.0923 6136  QWAVEdrv - ok
23:55:43.0939 6136  [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:55:43.0970 6136  RasAcd - ok
23:55:43.0985 6136  [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
23:55:44.0017 6136  RasAgileVpn - ok
23:55:44.0032 6136  [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto         C:\Windows\System32\rasauto.dll
23:55:44.0063 6136  RasAuto - ok
23:55:44.0079 6136  [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
23:55:44.0126 6136  Rasl2tp - ok
23:55:44.0157 6136  [ 0CE66EC736B7FC526D78F7624C7D2A94 ] RasMan          C:\Windows\System32\rasmans.dll
23:55:44.0188 6136  RasMan - ok
23:55:44.0204 6136  [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:55:44.0235 6136  RasPppoe - ok
23:55:44.0251 6136  [ 44101F495A83EA6401D886E7FD70096B ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
23:55:44.0297 6136  RasSstp - ok
23:55:44.0313 6136  [ 835D7E81BF517A3B72384BDCC85E1CE6 ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
23:55:44.0329 6136  rdbss - ok
23:55:44.0360 6136  [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
23:55:44.0375 6136  rdpbus - ok
23:55:44.0453 6136  [ 1E016846895B15A99F9A176A05029075 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:55:44.0500 6136  RDPCDD - ok
23:55:44.0516 6136  [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:55:44.0547 6136  RDPENCDD - ok
23:55:44.0563 6136  [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
23:55:44.0594 6136  RDPREFMP - ok
23:55:44.0625 6136  [ C5B8D47A4688DE9D335204EA757C2240 ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
23:55:44.0656 6136  RDPWD - ok
23:55:44.0672 6136  [ 4EA225BF1CF05E158853F30A99CA29A7 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
23:55:44.0687 6136  rdyboost - ok
23:55:44.0703 6136  [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:55:44.0734 6136  RemoteAccess - ok
23:55:44.0750 6136  [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:55:44.0797 6136  RemoteRegistry - ok
23:55:44.0797 6136  [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
23:55:44.0828 6136  RpcEptMapper - ok
23:55:44.0843 6136  [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator      C:\Windows\system32\locator.exe
23:55:44.0859 6136  RpcLocator - ok
23:55:44.0875 6136  [ B82CD39E336973359D7C9BF911E8E84F ] RpcSs           C:\Windows\system32\rpcss.dll
23:55:44.0906 6136  RpcSs - ok
23:55:44.0921 6136  [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:55:44.0937 6136  rspndr - ok
23:55:44.0968 6136  [ BCEBD5D1AABCE4EFB7597635E347C44B ] RTL8167         C:\Windows\system32\DRIVERS\Rt86win7.sys
23:55:45.0015 6136  RTL8167 - ok
23:55:45.0046 6136  [ 51ADEF77E4C929535FD50DA153774E79 ] RTL8192su       C:\Windows\system32\DRIVERS\RTL8192su.sys
23:55:45.0093 6136  RTL8192su - ok
23:55:45.0093 6136  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] SamSs           C:\Windows\system32\lsass.exe
23:55:45.0109 6136  SamSs - ok
23:55:45.0140 6136  [ 34EE0C44B724E3E4CE2EFF29126DE5B5 ] sbp2port        C:\Windows\system32\DRIVERS\sbp2port.sys
23:55:45.0155 6136  sbp2port - ok
23:55:45.0171 6136  [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:55:45.0202 6136  SCardSvr - ok
23:55:45.0233 6136  [ A95C54B2AC3CC9C73FCDF9E51A1D6B51 ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
23:55:45.0249 6136  scfilter - ok
23:55:45.0280 6136  [ DF1E5C82E4D09CF8105CC644980C4803 ] Schedule        C:\Windows\system32\schedsvc.dll
23:55:45.0311 6136  Schedule - ok
23:55:45.0327 6136  [ 628A9E30EC5E18DD5DE6BE4DBDC12198 ] SCPolicySvc     C:\Windows\System32\certprop.dll
23:55:45.0358 6136  SCPolicySvc - ok
23:55:45.0374 6136  [ 5FD90ABDBFAEE85986802622CBB03446 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:55:45.0421 6136  SDRSVC - ok
23:55:45.0467 6136  [ 4A5809A1D796E2675AC0332BF7B0CB11 ] SeaPort         C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
23:55:45.0499 6136  SeaPort - ok
23:55:45.0514 6136  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:55:45.0545 6136  secdrv - ok
23:55:45.0561 6136  [ A59B3A4442C52060CC7A85293AA3546F ] seclogon        C:\Windows\system32\seclogon.dll
23:55:45.0592 6136  seclogon - ok
23:55:45.0608 6136  [ DCB7FCDCC97F87360F75D77425B81737 ] SENS            C:\Windows\System32\sens.dll
23:55:45.0639 6136  SENS - ok
23:55:45.0655 6136  [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc        C:\Windows\system32\sensrsvc.dll
23:55:45.0686 6136  SensrSvc - ok
23:55:45.0701 6136  [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
23:55:45.0733 6136  Serenum - ok
23:55:45.0733 6136  [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
23:55:45.0764 6136  Serial - ok
23:55:45.0764 6136  [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
23:55:45.0795 6136  sermouse - ok
23:55:45.0811 6136  [ 8F55CE568C543D5ADF45C409D16718FC ] SessionEnv      C:\Windows\system32\sessenv.dll
23:55:45.0842 6136  SessionEnv - ok
23:55:45.0842 6136  [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk         C:\Windows\system32\DRIVERS\sffdisk.sys
23:55:45.0889 6136  sffdisk - ok
23:55:45.0889 6136  [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc        C:\Windows\system32\DRIVERS\sffp_mmc.sys
23:55:45.0920 6136  sffp_mmc - ok
23:55:45.0935 6136  [ A0708BBD07D245C06FF9DE549CA47185 ] sffp_sd         C:\Windows\system32\DRIVERS\sffp_sd.sys
23:55:45.0951 6136  sffp_sd - ok
23:55:45.0967 6136  [ DB96666CC8312EBC45032F30B007A547 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
23:55:45.0982 6136  sfloppy - ok
23:55:46.0013 6136  [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs           C:\Windows\system32\DRIVERS\Sftfslh.sys
23:55:46.0045 6136  Sftfs - ok
23:55:46.0091 6136  [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist         C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
23:55:46.0107 6136  sftlist - ok
23:55:46.0123 6136  [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay         C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:55:46.0138 6136  Sftplay - ok
23:55:46.0154 6136  [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir        C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:55:46.0169 6136  Sftredir - ok
23:55:46.0169 6136  [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol          C:\Windows\system32\DRIVERS\Sftvollh.sys
23:55:46.0185 6136  Sftvol - ok
23:55:46.0201 6136  [ A5812F0281CA5081BF696626F9BF324D ] sftvsa          C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
23:55:46.0216 6136  sftvsa - ok
23:55:46.0232 6136  [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:55:46.0263 6136  SharedAccess - ok
23:55:46.0294 6136  [ CD2E48FA5B29EE2B3B5858056D246EF2 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:55:46.0310 6136  ShellHWDetection - ok
23:55:46.0325 6136  [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp          C:\Windows\system32\DRIVERS\sisagp.sys
23:55:46.0341 6136  sisagp - ok
23:55:46.0372 6136  [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:55:46.0388 6136  SiSRaid2 - ok
23:55:46.0481 6136  [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
23:55:46.0513 6136  SiSRaid4 - ok
23:55:46.0528 6136  [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb             C:\Windows\system32\DRIVERS\smb.sys
23:55:46.0575 6136  Smb - ok
23:55:46.0591 6136  [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:55:46.0622 6136  SNMPTRAP - ok
23:55:46.0622 6136  [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr           C:\Windows\system32\drivers\spldr.sys
23:55:46.0637 6136  spldr - ok
23:55:46.0669 6136  [ E17323B0AA9FB3FF9945731D736EDA2F ] Spooler         C:\Windows\System32\spoolsv.exe
23:55:46.0700 6136  Spooler - ok
23:55:46.0762 6136  [ 4C287F9069FEDBD791178876EE9DE536 ] sppsvc          C:\Windows\system32\sppsvc.exe
23:55:46.0825 6136  sppsvc - ok
23:55:46.0840 6136  [ D8E3E19EEBDAB49DD4A8D3062EAD4EC7 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
23:55:46.0871 6136  sppuinotify - ok
23:55:46.0903 6136  [ C4A027B8C0BD3FC0699F41FA5E9E0C87 ] srv             C:\Windows\system32\DRIVERS\srv.sys
23:55:46.0949 6136  srv - ok
23:55:46.0949 6136  [ 414BB592CAD8A79649D01F9D94318FB3 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:55:46.0981 6136  srv2 - ok
23:55:46.0996 6136  [ FF207D67700AA18242AAF985D3E7D8F4 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:55:47.0012 6136  srvnet - ok
23:55:47.0043 6136  [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
23:55:47.0074 6136  SSDPSRV - ok
23:55:47.0090 6136  [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc         C:\Windows\system32\sstpsvc.dll
23:55:47.0121 6136  SstpSvc - ok
23:55:47.0137 6136  [ DB32D325C192B801DF274BFD12A7E72B ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
23:55:47.0152 6136  stexstor - ok
23:55:47.0183 6136  [ A22825E7BB7018E8AF3E229A5AF17221 ] StiSvc          C:\Windows\System32\wiaservc.dll
23:55:47.0199 6136  StiSvc - ok
23:55:47.0215 6136  [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
23:55:47.0230 6136  swenum - ok
23:55:47.0246 6136  [ A28BD92DF340E57B024BA433165D34D7 ] swprv           C:\Windows\System32\swprv.dll
23:55:47.0293 6136  swprv - ok
23:55:47.0308 6136  [ 04105C8DA62353589C29BDAEB8D88BD8 ] SysMain         C:\Windows\system32\sysmain.dll
23:55:47.0339 6136  SysMain - ok
23:55:47.0355 6136  [ FCFB6C552FBC0DA299799CBD50AD9FD4 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:55:47.0371 6136  TabletInputService - ok
23:55:47.0402 6136  [ 2F46B0C70A4ADC8C90CF825DA3B4FEAF ] TapiSrv         C:\Windows\System32\tapisrv.dll
23:55:47.0433 6136  TapiSrv - ok
23:55:47.0449 6136  [ B799D9FDB26111737F58288D8DC172D9 ] TBS             C:\Windows\System32\tbssvc.dll
23:55:47.0480 6136  TBS - ok
23:55:47.0542 6136  [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
23:55:47.0589 6136  Tcpip - ok
23:55:47.0605 6136  [ BBCEAEFF1FD72A026F827CBB2F4AA8AD ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
23:55:47.0636 6136  TCPIP6 - ok
23:55:47.0667 6136  [ E64444523ADD154F86567C469BC0B17F ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:55:47.0683 6136  tcpipreg - ok
23:55:47.0714 6136  [ 1875C1490D99E70E449E3AFAE9FCBADF ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:55:47.0745 6136  TDPIPE - ok
23:55:47.0745 6136  [ 7156308896D34EA75A582F9A09E50C17 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
23:55:47.0776 6136  TDTCP - ok
23:55:47.0776 6136  [ CB39E896A2A83702D1737BFD402B3542 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
23:55:47.0823 6136  tdx - ok
23:55:47.0823 6136  [ C36F41EE20E6999DBF4B0425963268A5 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23:55:47.0839 6136  TermDD - ok
23:55:47.0870 6136  [ A01E50A04D7B1960B33E92B9080E6A94 ] TermService     C:\Windows\System32\termsrv.dll
23:55:47.0917 6136  TermService - ok
23:55:47.0917 6136  [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes          C:\Windows\system32\themeservice.dll
23:55:47.0932 6136  Themes - ok
23:55:47.0948 6136  [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER     C:\Windows\system32\mmcss.dll
23:55:47.0963 6136  THREADORDER - ok
23:55:47.0995 6136  [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks          C:\Windows\System32\trkwks.dll
23:55:48.0026 6136  TrkWks - ok
23:55:48.0073 6136  [ 41A4C781D2286208D397D72099304133 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:55:48.0104 6136  TrustedInstaller - ok
23:55:48.0119 6136  [ 98AE6FA07D12CB4EC5CF4A9BFA5F4242 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:55:48.0151 6136  tssecsrv - ok
23:55:48.0182 6136  [ 3E461D890A97F9D4C168F5FDA36E1D00 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:55:48.0197 6136  tunnel - ok
23:55:48.0213 6136  [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
23:55:48.0229 6136  uagp35 - ok
23:55:48.0244 6136  [ 09CC3E16F8E5EE7168E01CF8FCBE061A ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:55:48.0275 6136  udfs - ok
23:55:48.0291 6136  [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
23:55:48.0322 6136  UI0Detect - ok
23:55:48.0338 6136  [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx        C:\Windows\system32\DRIVERS\uliagpkx.sys
23:55:48.0353 6136  uliagpkx - ok
23:55:48.0369 6136  [ 049B3A50B3D646BAEEEE9EEC9B0668DC ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
23:55:48.0385 6136  umbus - ok
23:55:48.0431 6136  [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
23:55:48.0494 6136  UmPass - ok
23:55:48.0509 6136  [ 833FBB672460EFCE8011D262175FAD33 ] upnphost        C:\Windows\System32\upnphost.dll
23:55:48.0572 6136  upnphost - ok
23:55:48.0619 6136  [ 6E421CCC57059B0186C6259CA3B6DFC9 ] USBAAPL         C:\Windows\system32\Drivers\usbaapl.sys
23:55:48.0697 6136  USBAAPL - ok
23:55:48.0712 6136  [ 8455C4ED038EFD09E99327F9D2D48FFA ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
23:55:48.0743 6136  usbccgp - ok
23:55:48.0775 6136  [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir          C:\Windows\system32\DRIVERS\usbcir.sys
23:55:48.0790 6136  usbcir - ok
23:55:48.0806 6136  [ E4C436D914768CE965D5E659BA7EEBD8 ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
23:55:48.0838 6136  usbehci - ok
23:55:48.0854 6136  [ BDCD7156EC37448F08633FD899823620 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:55:48.0869 6136  usbhub - ok
23:55:48.0885 6136  [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci         C:\Windows\system32\drivers\usbohci.sys
23:55:48.0916 6136  usbohci - ok
23:55:48.0947 6136  [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:55:48.0963 6136  usbprint - ok
23:55:48.0994 6136  [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
23:55:49.0010 6136  usbscan - ok
23:55:49.0010 6136  [ D8889D56E0D27E57ED4591837FE71D27 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:55:49.0041 6136  USBSTOR - ok
23:55:49.0056 6136  [ 22480BF4E5A09192E5E30BA4DDE79FA4 ] usbuhci         C:\Windows\system32\DRIVERS\usbuhci.sys
23:55:49.0072 6136  usbuhci - ok
23:55:49.0103 6136  [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms           C:\Windows\System32\uxsms.dll
23:55:49.0134 6136  UxSms - ok
23:55:49.0150 6136  [ C2243FF9E9AAD0C30E8B1A0914DA15B6 ] VaultSvc        C:\Windows\system32\lsass.exe
23:55:49.0166 6136  VaultSvc - ok
23:55:49.0181 6136  [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot        C:\Windows\system32\DRIVERS\vdrvroot.sys
23:55:49.0197 6136  vdrvroot - ok
23:55:49.0212 6136  [ 8C4E7C49D3641BC9E299E466A7F8867D ] vds             C:\Windows\System32\vds.exe
23:55:49.0244 6136  vds - ok
23:55:49.0259 6136  [ 17C408214EA61696CEC9C66E388B14F3 ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
23:55:49.0275 6136  vga - ok
23:55:49.0290 6136  [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave         C:\Windows\System32\drivers\vga.sys
23:55:49.0306 6136  VgaSave - ok
23:55:49.0337 6136  [ 3BE6E1F3A4F1AFEC8CEE0D7883F93583 ] vhdmp           C:\Windows\system32\DRIVERS\vhdmp.sys
23:55:49.0353 6136  vhdmp - ok
23:55:49.0384 6136  [ C829317A37B4BEA8F39735D4B076E923 ] viaagp          C:\Windows\system32\DRIVERS\viaagp.sys
23:55:49.0384 6136  viaagp - ok
23:55:49.0415 6136  [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7           C:\Windows\system32\DRIVERS\viac7.sys
23:55:49.0431 6136  ViaC7 - ok
23:55:49.0446 6136  [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide          C:\Windows\system32\DRIVERS\viaide.sys
23:55:49.0446 6136  viaide - ok
23:55:49.0462 6136  [ 384E5A2AA49934295171E499F86BA6F3 ] volmgr          C:\Windows\system32\DRIVERS\volmgr.sys
23:55:49.0478 6136  volmgr - ok
23:55:49.0493 6136  [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
23:55:49.0509 6136  volmgrx - ok
23:55:49.0524 6136  [ 59F06B4968E58BC83DFC56CA4517960E ] volsnap         C:\Windows\system32\drivers\volsnap.sys
23:55:49.0540 6136  volsnap - ok
23:55:49.0571 6136  [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
23:55:49.0587 6136  vsmraid - ok
23:55:49.0618 6136  [ 7EA2BCD94D9CFAF4C556F5CC94532A6C ] VSS             C:\Windows\system32\vssvc.exe
23:55:49.0649 6136  VSS - ok
23:55:49.0665 6136  [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus        C:\Windows\System32\drivers\vwifibus.sys
23:55:49.0680 6136  vwifibus - ok
23:55:49.0696 6136  [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
23:55:49.0712 6136  vwififlt - ok
23:55:49.0727 6136  [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time         C:\Windows\system32\w32time.dll
23:55:49.0758 6136  W32Time - ok
23:55:49.0790 6136  [ DE3721E89C653AA281428C8A69745D90 ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
23:55:49.0805 6136  WacomPen - ok
23:55:49.0821 6136  [ 692A712062146E96D28BA0B7D75DE31B ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
23:55:49.0852 6136  WANARP - ok
23:55:49.0852 6136  [ 692A712062146E96D28BA0B7D75DE31B ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:55:49.0883 6136  Wanarpv6 - ok
23:55:49.0914 6136  [ 7790B77FE1E5EE47DCC66247095BB4C9 ] wbengine        C:\Windows\system32\wbengine.exe
23:55:49.0946 6136  wbengine - ok
23:55:49.0977 6136  [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
23:55:50.0008 6136  WbioSrvc - ok
23:55:50.0024 6136  [ 6D9B75275C3E3A5F51AEF81AFFADB2B6 ] wcncsvc         C:\Windows\System32\wcncsvc.dll
23:55:50.0086 6136  wcncsvc - ok
23:55:50.0102 6136  [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:55:50.0148 6136  WcsPlugInService - ok
23:55:50.0164 6136  [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd              C:\Windows\system32\DRIVERS\wd.sys
23:55:50.0195 6136  Wd - ok
23:55:50.0226 6136  [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:55:50.0242 6136  Wdf01000 - ok
23:55:50.0258 6136  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:55:50.0289 6136  WdiServiceHost - ok
23:55:50.0289 6136  [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost   C:\Windows\system32\wdi.dll
23:55:50.0304 6136  WdiSystemHost - ok
23:55:50.0320 6136  [ BB5EC38F8D4600119B4720BC5D4211F1 ] WebClient       C:\Windows\System32\webclnt.dll
23:55:50.0398 6136  WebClient - ok
23:55:50.0429 6136  [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:55:50.0476 6136  Wecsvc - ok
23:55:50.0492 6136  [ AC804569BB2364FB6017370258A4091B ] wercplsupport   C:\Windows\System32\wercplsupport.dll
23:55:50.0523 6136  wercplsupport - ok
23:55:50.0554 6136  [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:55:50.0570 6136  WerSvc - ok
23:55:50.0601 6136  [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
23:55:50.0632 6136  WfpLwf - ok
23:55:50.0648 6136  [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
23:55:50.0663 6136  WIMMount - ok
23:55:50.0694 6136  [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend       C:\Program Files\Windows Defender\mpsvc.dll
23:55:50.0757 6136  WinDefend - ok
23:55:50.0757 6136  WinHttpAutoProxySvc - ok
23:55:50.0804 6136  [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
23:55:50.0835 6136  Winmgmt - ok
23:55:50.0866 6136  [ C4F5D3901D1B41D602DDC196E0B95B51 ] WinRM           C:\Windows\system32\WsmSvc.dll
23:55:50.0928 6136  WinRM - ok
23:55:50.0975 6136  [ 30FC6E5448D0CBAAA95280EEEF7FEDAE ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
23:55:50.0991 6136  WinUsb - ok
23:55:51.0022 6136  [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc         C:\Windows\System32\wlansvc.dll
23:55:51.0053 6136  Wlansvc - ok
23:55:51.0116 6136  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc         C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:55:51.0147 6136  wlidsvc - ok
23:55:51.0162 6136  [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi         C:\Windows\system32\DRIVERS\wmiacpi.sys
23:55:51.0194 6136  WmiAcpi - ok
23:55:51.0209 6136  [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:55:51.0240 6136  wmiApSrv - ok
23:55:51.0303 6136  [ 77FBD400984CF72BA0FC4B3489D65F74 ] WMPNetworkSvc   C:\Program Files\Windows Media Player\wmpnetwk.exe
23:55:51.0365 6136  WMPNetworkSvc - ok
23:55:51.0381 6136  [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:55:51.0459 6136  WPCSvc - ok
23:55:51.0474 6136  [ B7F658A2EBC07129538AD9AB35212637 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:55:51.0521 6136  WPDBusEnum - ok
23:55:51.0552 6136  [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
23:55:51.0584 6136  ws2ifsl - ok
23:55:51.0615 6136  [ A661A76333057B383A06E65F0073222F ] wscsvc          C:\Windows\System32\wscsvc.dll
23:55:51.0630 6136  wscsvc - ok
23:55:51.0630 6136  WSearch - ok
23:55:51.0693 6136  [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv        C:\Windows\system32\wuaueng.dll
23:55:51.0740 6136  wuauserv - ok
23:55:51.0771 6136  [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:55:51.0802 6136  WudfPf - ok
23:55:51.0818 6136  [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:55:51.0849 6136  WUDFRd - ok
23:55:51.0849 6136  [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
23:55:51.0880 6136  wudfsvc - ok
23:55:51.0896 6136  [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc         C:\Windows\System32\wwansvc.dll
23:55:51.0942 6136  WwanSvc - ok
23:55:51.0958 6136  ================ Scan global ===============================
23:55:51.0974 6136  [ 9A595DF601070DA78C40481120DD2C06 ] C:\Windows\system32\basesrv.dll
23:55:52.0020 6136  [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\system32\winsrv.dll
23:55:52.0020 6136  [ 8531AAF69394EFB93BC653916C46D245 ] C:\Windows\system32\winsrv.dll
23:55:52.0052 6136  [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
23:55:52.0067 6136  [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
23:55:52.0067 6136  [Global] - ok
23:55:52.0067 6136  ================ Scan MBR ==================================
23:55:52.0067 6136  [ C79B30CB8852157F6F908E4698CFE0D0 ] \Device\Harddisk0\DR0
23:55:54.0438 6136  \Device\Harddisk0\DR0 - ok
23:55:54.0438 6136  ================ Scan VBR ==================================
23:55:54.0438 6136  [ A96290B5401C2DA5A08BB9471D76D503 ] \Device\Harddisk0\DR0\Partition1
23:55:54.0438 6136  \Device\Harddisk0\DR0\Partition1 - ok
23:55:54.0470 6136  [ 046BBD7303F14EB983A3F0C302651470 ] \Device\Harddisk0\DR0\Partition2
23:55:54.0470 6136  \Device\Harddisk0\DR0\Partition2 - ok
23:55:54.0501 6136  [ 376B50B18DD730F4A63E4B8227F4638C ] \Device\Harddisk0\DR0\Partition3
23:55:54.0516 6136  \Device\Harddisk0\DR0\Partition3 - ok
23:55:54.0516 6136  ============================================================
23:55:54.0516 6136  Scan finished
23:55:54.0516 6136  ============================================================
23:55:54.0532 1376  Detected object count: 1
23:55:54.0532 1376  Actual detected object count: 1 
23:56:43.0688 1376  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
23:56:43.0688 1376  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
         

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

• WICHTIG: Speichere Combofix auf deinem Desktop.
• Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
• Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
• Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
• Wenn Combofix fertig ist, wird es ein Logfile erstellen.
• Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

starte den Rechner einfach neu. Dies sollte das Problem beheben.

Hier das Ergebnis von Combofix: (zur Info: Kaspersky meldet weiterhin Malware)

Code: Alles auswählenAufklappen

ATTFilter

ComboFix 13-04-23.02 - XYZ 23.04.2013  18:13:45.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7600.0.1252.49.1031.18.3071.2063 [GMT 2:00]
ausgeführt von:: c:\users\XYZ\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\XYZ\AppData\Roaming\.#
c:\windows\system32\pt
c:\windows\system32\pt\AuthFWSnapIn.Resources.dll
c:\windows\system32\pt\AuthFWWizFwk.Resources.dll
c:\windows\system32\pt\Narrator.resources.dll
.
Infizierte Kopie von c:\windows\system32\Drivers\atapi.sys wurde gefunden und desinfiziert 
Kopie von - c:\windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys wurde wiederhergestellt 
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-03-23 bis 2013-04-23  ))))))))))))))))))))))))))))))
.
.
2013-04-23 16:45 . 2013-04-23 16:47	--------	d-----w-	c:\users\XYZ\AppData\Local\temp
2013-04-23 16:45 . 2013-04-23 16:45	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-04-23 16:19 . 2013-04-23 16:19	60872	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C74D8421-5226-4C8F-A84C-72B237622B01}\offreg.dll
2013-04-23 15:51 . 2013-04-10 03:08	6906960	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{C74D8421-5226-4C8F-A84C-72B237622B01}\mpengine.dll
2013-04-20 16:41 . 2013-04-20 16:41	--------	d-----w-	c:\programdata\Malwarebytes
2013-04-20 07:51 . 2013-04-20 07:51	0	----a-w-	c:\windows\system32\sho7DC8.tmp
2013-04-15 05:08 . 2013-04-15 05:08	0	----a-w-	c:\windows\system32\shoFE19.tmp
2013-04-03 20:30 . 2013-04-03 20:30	--------	d-----w-	c:\users\XYZ\Auto
2013-04-02 06:59 . 2013-04-02 06:59	0	----a-w-	c:\windows\system32\sho9B45.tmp
2013-03-27 19:25 . 2013-03-27 19:25	0	----a-w-	c:\windows\system32\sho21B5.tmp
2013-03-26 17:38 . 2013-02-12 13:51	15872	----a-w-	c:\windows\system32\drivers\usb8023.sys
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-19 22:39 . 2013-03-19 22:39	0	----a-w-	c:\windows\system32\sho89CB.tmp
2013-03-11 23:10 . 2010-06-29 13:41	237088	------w-	c:\windows\system32\MpSigStub.exe
2013-03-10 16:12 . 2013-03-10 16:12	0	----a-w-	c:\windows\system32\sho2626.tmp
2013-03-09 09:36 . 2013-03-09 09:36	0	----a-w-	c:\windows\system32\shoDE3F.tmp
2013-02-24 22:09 . 2013-02-24 22:09	0	----a-w-	c:\windows\system32\sho9BB5.tmp
2013-02-24 17:13 . 2013-02-24 17:13	0	----a-w-	c:\windows\system32\sho9F6A.tmp
2013-02-17 22:35 . 2013-02-17 22:35	0	----a-w-	c:\windows\system32\sho6165.tmp
2013-02-17 02:19 . 2013-02-17 02:19	0	----a-w-	c:\windows\system32\shoD685.tmp
2013-02-16 09:42 . 2013-02-16 09:42	0	----a-w-	c:\windows\system32\sho2990.tmp
2013-02-15 23:23 . 2013-02-15 23:23	0	----a-w-	c:\windows\system32\sho142C.tmp
2013-02-14 22:06 . 2013-02-14 22:06	0	----a-w-	c:\windows\system32\shoFE30.tmp
2013-02-06 22:19 . 2013-02-06 22:19	0	----a-w-	c:\windows\system32\sho341F.tmp
2013-02-03 23:15 . 2013-02-03 23:15	0	----a-w-	c:\windows\system32\sho2513.tmp
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll" [2012-09-10 502088]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
2012-09-10 07:05	502088	----a-w-	c:\users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{17166733-40EA-4432-A85C-AE672FF0E236}]
2011-03-18 12:50	154728	----a-w-	c:\programdata\1und1InternetExplorerAddon\BHOXML.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}"= "c:\users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll" [2012-09-10 502088]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}"= "c:\users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll" [2012-09-10 502088]
.
[HKEY_CLASSES_ROOT\clsid\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-21 39408]
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" [2011-03-01 119608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-07 8555040]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"Bing Bar"="c:\program files\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-10-30 206448]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-02-20 152392]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2013-02-23 1297728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-12 19:17	1642448	----a-w-	c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-21 20:13]
.
2013-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-21 20:13]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.web.de/
uInternet Settings,ProxyOverride = <local>;*.local
IE: Hinzufügen zu Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - c:\program files\WEB.DE Toolbar IE8\uitb.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{B922D405-6D13-4A2B-AE89-08A030DA4402} - (no file)
SafeBoot-BsScanner
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\System32\WUDFHost.exe
c:\windows\system32\conhost.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\Ribbons.scr
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-04-23  18:51:58 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-04-23 16:51
.
Vor Suchlauf: 5 Verzeichnis(se), 862.061.498.368 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 862.553.575.424 Bytes frei
.
- - End Of File - - 9EA20B8E18B76BC60DCD1DD3C64ECBAB
         

Zitat:

(zur Info: Kaspersky meldet weiterhin Malware)

Ja das ist eine tolle Info in aller Ausführlichkeit! Wo bitte meldet Kaspersky was?

Kaspersky meldete weiterhin den "HEUR:Exploit.Java.CVE-2012-0507.gen" unter "erkannte Bedrohungen". Ich habe eben (leider versehentlich) auf "Verarbeiten" gedrückt. Jetzt blendet Kaspersky die Malware zumindest nicht mehr ein, d.h. folgendes wird angezeigt: "Bedrohungen: nicht vorhanden".

Unter dem Punkt erkannte Bedrohungen wird der "Exploit.Java.CVE-2012-0507.gen" aufgelistet mit dem Status "Nicht gefunden" vom 24.04. um 23:07 Uhr.

Ist die Sache damit erledigt/gelöscht?? siehe Anhang

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

• Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
• Drücke eine beliebige Taste, um das Tool zu starten.
• Je nach System kann der Scan eine Weile dauern.
• Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
• Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte AdwCleaner auf deinen Desktop.

• Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
• Starte die AdwCleaner.exe mit einem Doppelklick.
• Stimme den Nutzungsbedingungen zu.
• Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
  • "Tracing" Schlüssel löschen
  • Winsock Einstellungen zurücksetzen
  • Proxy Einstellungen zurücksetzen
  • Internet Explorer Richtlinien zurücksetzen
  • Chrome Richtlinien zurücksetzen
  • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
• Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
• Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
• Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
• Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

• Doppelklick auf die OTL.exe
• Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
• Setze oben mittig den Haken bei Scanne alle Benutzer
• Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
• Unter Extra Registry, wähle bitte Use SafeList
• Klicke nun auf Run Scan links oben
• Wenn der Scan beendet wurde werden 2 Logfiles erstellt
• Poste die Logfiles in CODE-Tags hier in den Thread.

1) JRT:

Code: Alles auswählenAufklappen

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.9 (04.22.2013:1)
OS: Windows 7 Home Premium x86
Ran by XYZ on 25.04.2013 at 21:49:25,03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] application updater 
Successfully deleted: [Service] application updater 
Successfully stopped: [Service] icq service 
Successfully deleted: [Service] icq service 



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchsettings



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\application updater
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\search settings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\Software\smartbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\appid\icq service.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\icqtoolbar.iehook
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\icqtoolbar.iehook.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\conduitinstaller_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF42D4A8-016E-4fcd-B1EB-837659FD77C6}



~~~ Files

Successfully deleted: [File] C:\Windows\system32\sho1026.tmp
Successfully deleted: [File] C:\Windows\system32\sho1055.tmp
Successfully deleted: [File] C:\Windows\system32\sho11CE.tmp
Successfully deleted: [File] C:\Windows\system32\sho1355.tmp
Successfully deleted: [File] C:\Windows\system32\sho142C.tmp
Successfully deleted: [File] C:\Windows\system32\sho1989.tmp
Successfully deleted: [File] C:\Windows\system32\sho19AB.tmp
Successfully deleted: [File] C:\Windows\system32\sho1A6A.tmp
Successfully deleted: [File] C:\Windows\system32\sho1CD5.tmp
Successfully deleted: [File] C:\Windows\system32\sho1D21.tmp
Successfully deleted: [File] C:\Windows\system32\sho1EB9.tmp
Successfully deleted: [File] C:\Windows\system32\sho1F56.tmp
Successfully deleted: [File] C:\Windows\system32\sho2013.tmp
Successfully deleted: [File] C:\Windows\system32\sho2033.tmp
Successfully deleted: [File] C:\Windows\system32\sho21B5.tmp
Successfully deleted: [File] C:\Windows\system32\sho228E.tmp
Successfully deleted: [File] C:\Windows\system32\sho2513.tmp
Successfully deleted: [File] C:\Windows\system32\sho2626.tmp
Successfully deleted: [File] C:\Windows\system32\sho281B.tmp
Successfully deleted: [File] C:\Windows\system32\sho2868.tmp
Successfully deleted: [File] C:\Windows\system32\sho28C.tmp
Successfully deleted: [File] C:\Windows\system32\sho2933.tmp
Successfully deleted: [File] C:\Windows\system32\sho2990.tmp
Successfully deleted: [File] C:\Windows\system32\sho2BA3.tmp
Successfully deleted: [File] C:\Windows\system32\sho2C8E.tmp
Successfully deleted: [File] C:\Windows\system32\sho2CAB.tmp
Successfully deleted: [File] C:\Windows\system32\sho2CD4.tmp
Successfully deleted: [File] C:\Windows\system32\sho2EE1.tmp
Successfully deleted: [File] C:\Windows\system32\sho2EEF.tmp
Successfully deleted: [File] C:\Windows\system32\sho2F88.tmp
Successfully deleted: [File] C:\Windows\system32\sho3006.tmp
Successfully deleted: [File] C:\Windows\system32\sho3121.tmp
Successfully deleted: [File] C:\Windows\system32\sho31CC.tmp
Successfully deleted: [File] C:\Windows\system32\sho3284.tmp
Successfully deleted: [File] C:\Windows\system32\sho3350.tmp
Successfully deleted: [File] C:\Windows\system32\sho33D.tmp
Successfully deleted: [File] C:\Windows\system32\sho341F.tmp
Successfully deleted: [File] C:\Windows\system32\sho347D.tmp
Successfully deleted: [File] C:\Windows\system32\sho34B9.tmp
Successfully deleted: [File] C:\Windows\system32\sho35A2.tmp
Successfully deleted: [File] C:\Windows\system32\sho35FE.tmp
Successfully deleted: [File] C:\Windows\system32\sho37C2.tmp
Successfully deleted: [File] C:\Windows\system32\sho3B12.tmp
Successfully deleted: [File] C:\Windows\system32\sho3C48.tmp
Successfully deleted: [File] C:\Windows\system32\sho3DAD.tmp
Successfully deleted: [File] C:\Windows\system32\sho3E8B.tmp
Successfully deleted: [File] C:\Windows\system32\sho3F43.tmp
Successfully deleted: [File] C:\Windows\system32\sho3FCC.tmp
Successfully deleted: [File] C:\Windows\system32\sho41F4.tmp
Successfully deleted: [File] C:\Windows\system32\sho420E.tmp
Successfully deleted: [File] C:\Windows\system32\sho425E.tmp
Successfully deleted: [File] C:\Windows\system32\sho426E.tmp
Successfully deleted: [File] C:\Windows\system32\sho42BA.tmp
Successfully deleted: [File] C:\Windows\system32\sho43E4.tmp
Successfully deleted: [File] C:\Windows\system32\sho4435.tmp
Successfully deleted: [File] C:\Windows\system32\sho455A.tmp
Successfully deleted: [File] C:\Windows\system32\sho470D.tmp
Successfully deleted: [File] C:\Windows\system32\sho47EF.tmp
Successfully deleted: [File] C:\Windows\system32\sho49EB.tmp
Successfully deleted: [File] C:\Windows\system32\sho49FE.tmp
Successfully deleted: [File] C:\Windows\system32\sho4CE2.tmp
Successfully deleted: [File] C:\Windows\system32\sho4D0B.tmp
Successfully deleted: [File] C:\Windows\system32\sho4D4E.tmp
Successfully deleted: [File] C:\Windows\system32\sho4D74.tmp
Successfully deleted: [File] C:\Windows\system32\sho4D7A.tmp
Successfully deleted: [File] C:\Windows\system32\sho4E01.tmp
Successfully deleted: [File] C:\Windows\system32\sho4EBC.tmp
Successfully deleted: [File] C:\Windows\system32\sho4F15.tmp
Successfully deleted: [File] C:\Windows\system32\sho502A.tmp
Successfully deleted: [File] C:\Windows\system32\sho5229.tmp
Successfully deleted: [File] C:\Windows\system32\sho5302.tmp
Successfully deleted: [File] C:\Windows\system32\sho5488.tmp
Successfully deleted: [File] C:\Windows\system32\sho54B4.tmp
Successfully deleted: [File] C:\Windows\system32\sho54D9.tmp
Successfully deleted: [File] C:\Windows\system32\sho5688.tmp
Successfully deleted: [File] C:\Windows\system32\sho56E8.tmp
Successfully deleted: [File] C:\Windows\system32\sho58AA.tmp
Successfully deleted: [File] C:\Windows\system32\sho58B4.tmp
Successfully deleted: [File] C:\Windows\system32\sho5B8E.tmp
Successfully deleted: [File] C:\Windows\system32\sho5CB3.tmp
Successfully deleted: [File] C:\Windows\system32\sho5E38.tmp
Successfully deleted: [File] C:\Windows\system32\sho5EF9.tmp
Successfully deleted: [File] C:\Windows\system32\sho6165.tmp
Successfully deleted: [File] C:\Windows\system32\sho6181.tmp
Successfully deleted: [File] C:\Windows\system32\sho61E1.tmp
Successfully deleted: [File] C:\Windows\system32\sho62FC.tmp
Successfully deleted: [File] C:\Windows\system32\sho63E3.tmp
Successfully deleted: [File] C:\Windows\system32\sho65A9.tmp
Successfully deleted: [File] C:\Windows\system32\sho65F3.tmp
Successfully deleted: [File] C:\Windows\system32\sho6807.tmp
Successfully deleted: [File] C:\Windows\system32\sho6B60.tmp
Successfully deleted: [File] C:\Windows\system32\sho6C99.tmp
Successfully deleted: [File] C:\Windows\system32\sho6D0B.tmp
Successfully deleted: [File] C:\Windows\system32\sho70EC.tmp
Successfully deleted: [File] C:\Windows\system32\sho7298.tmp
Successfully deleted: [File] C:\Windows\system32\sho730F.tmp
Successfully deleted: [File] C:\Windows\system32\sho7409.tmp
Successfully deleted: [File] C:\Windows\system32\sho7455.tmp
Successfully deleted: [File] C:\Windows\system32\sho75EC.tmp
Successfully deleted: [File] C:\Windows\system32\sho76E5.tmp
Successfully deleted: [File] C:\Windows\system32\sho7846.tmp
Successfully deleted: [File] C:\Windows\system32\sho7899.tmp
Successfully deleted: [File] C:\Windows\system32\sho7926.tmp
Successfully deleted: [File] C:\Windows\system32\sho7A10.tmp
Successfully deleted: [File] C:\Windows\system32\sho7ADA.tmp
Successfully deleted: [File] C:\Windows\system32\sho7BA5.tmp
Successfully deleted: [File] C:\Windows\system32\sho7BB6.tmp
Successfully deleted: [File] C:\Windows\system32\sho7DC8.tmp
Successfully deleted: [File] C:\Windows\system32\sho7DD7.tmp
Successfully deleted: [File] C:\Windows\system32\sho7F14.tmp
Successfully deleted: [File] C:\Windows\system32\sho7F41.tmp
Successfully deleted: [File] C:\Windows\system32\sho807A.tmp
Successfully deleted: [File] C:\Windows\system32\sho8190.tmp
Successfully deleted: [File] C:\Windows\system32\sho8395.tmp
Successfully deleted: [File] C:\Windows\system32\sho83C0.tmp
Successfully deleted: [File] C:\Windows\system32\sho841D.tmp
Successfully deleted: [File] C:\Windows\system32\sho888.tmp
Successfully deleted: [File] C:\Windows\system32\sho89CB.tmp
Successfully deleted: [File] C:\Windows\system32\sho8A94.tmp
Successfully deleted: [File] C:\Windows\system32\sho8C38.tmp
Successfully deleted: [File] C:\Windows\system32\sho8D23.tmp
Successfully deleted: [File] C:\Windows\system32\sho8E12.tmp
Successfully deleted: [File] C:\Windows\system32\sho8E1C.tmp
Successfully deleted: [File] C:\Windows\system32\sho8E7C.tmp
Successfully deleted: [File] C:\Windows\system32\sho912A.tmp
Successfully deleted: [File] C:\Windows\system32\sho9221.tmp
Successfully deleted: [File] C:\Windows\system32\sho9300.tmp
Successfully deleted: [File] C:\Windows\system32\sho9392.tmp
Successfully deleted: [File] C:\Windows\system32\sho968A.tmp
Successfully deleted: [File] C:\Windows\system32\sho96F7.tmp
Successfully deleted: [File] C:\Windows\system32\sho9730.tmp
Successfully deleted: [File] C:\Windows\system32\sho986A.tmp
Successfully deleted: [File] C:\Windows\system32\sho9B45.tmp
Successfully deleted: [File] C:\Windows\system32\sho9B84.tmp
Successfully deleted: [File] C:\Windows\system32\sho9BB5.tmp
Successfully deleted: [File] C:\Windows\system32\sho9C81.tmp
Successfully deleted: [File] C:\Windows\system32\sho9CD0.tmp
Successfully deleted: [File] C:\Windows\system32\sho9D6A.tmp
Successfully deleted: [File] C:\Windows\system32\sho9DB5.tmp
Successfully deleted: [File] C:\Windows\system32\sho9E91.tmp
Successfully deleted: [File] C:\Windows\system32\sho9EB3.tmp
Successfully deleted: [File] C:\Windows\system32\sho9F6A.tmp
Successfully deleted: [File] C:\Windows\system32\shoA150.tmp
Successfully deleted: [File] C:\Windows\system32\shoA20.tmp
Successfully deleted: [File] C:\Windows\system32\shoA549.tmp
Successfully deleted: [File] C:\Windows\system32\shoA592.tmp
Successfully deleted: [File] C:\Windows\system32\shoA6F9.tmp
Successfully deleted: [File] C:\Windows\system32\shoA8DB.tmp
Successfully deleted: [File] C:\Windows\system32\shoAB7F.tmp
Successfully deleted: [File] C:\Windows\system32\shoAD01.tmp
Successfully deleted: [File] C:\Windows\system32\shoB22D.tmp
Successfully deleted: [File] C:\Windows\system32\shoB280.tmp
Successfully deleted: [File] C:\Windows\system32\shoB3C9.tmp
Successfully deleted: [File] C:\Windows\system32\shoB7F9.tmp
Successfully deleted: [File] C:\Windows\system32\shoB8A7.tmp
Successfully deleted: [File] C:\Windows\system32\shoB9B3.tmp
Successfully deleted: [File] C:\Windows\system32\shoBA5D.tmp
Successfully deleted: [File] C:\Windows\system32\shoBBD6.tmp
Successfully deleted: [File] C:\Windows\system32\shoBE30.tmp
Successfully deleted: [File] C:\Windows\system32\shoC18A.tmp
Successfully deleted: [File] C:\Windows\system32\shoC2D2.tmp
Successfully deleted: [File] C:\Windows\system32\shoC3EB.tmp
Successfully deleted: [File] C:\Windows\system32\shoC468.tmp
Successfully deleted: [File] C:\Windows\system32\shoC65F.tmp
Successfully deleted: [File] C:\Windows\system32\shoC6B8.tmp
Successfully deleted: [File] C:\Windows\system32\shoC800.tmp
Successfully deleted: [File] C:\Windows\system32\shoC88F.tmp
Successfully deleted: [File] C:\Windows\system32\shoC94B.tmp
Successfully deleted: [File] C:\Windows\system32\shoC9E3.tmp
Successfully deleted: [File] C:\Windows\system32\shoCABF.tmp
Successfully deleted: [File] C:\Windows\system32\shoCB3B.tmp
Successfully deleted: [File] C:\Windows\system32\shoCC69.tmp
Successfully deleted: [File] C:\Windows\system32\shoCCD9.tmp
Successfully deleted: [File] C:\Windows\system32\shoCD04.tmp
Successfully deleted: [File] C:\Windows\system32\shoCD5F.tmp
Successfully deleted: [File] C:\Windows\system32\shoCF83.tmp
Successfully deleted: [File] C:\Windows\system32\shoD1B7.tmp
Successfully deleted: [File] C:\Windows\system32\shoD58B.tmp
Successfully deleted: [File] C:\Windows\system32\shoD5C9.tmp
Successfully deleted: [File] C:\Windows\system32\shoD685.tmp
Successfully deleted: [File] C:\Windows\system32\shoD6C0.tmp
Successfully deleted: [File] C:\Windows\system32\shoDB51.tmp
Successfully deleted: [File] C:\Windows\system32\shoDC4B.tmp
Successfully deleted: [File] C:\Windows\system32\shoDCB9.tmp
Successfully deleted: [File] C:\Windows\system32\shoDD46.tmp
Successfully deleted: [File] C:\Windows\system32\shoDD75.tmp
Successfully deleted: [File] C:\Windows\system32\shoDE3F.tmp
Successfully deleted: [File] C:\Windows\system32\shoDE47.tmp
Successfully deleted: [File] C:\Windows\system32\shoE065.tmp
Successfully deleted: [File] C:\Windows\system32\shoE3C9.tmp
Successfully deleted: [File] C:\Windows\system32\shoE42A.tmp
Successfully deleted: [File] C:\Windows\system32\shoE43D.tmp
Successfully deleted: [File] C:\Windows\system32\shoE61.tmp
Successfully deleted: [File] C:\Windows\system32\shoE63C.tmp
Successfully deleted: [File] C:\Windows\system32\shoE677.tmp
Successfully deleted: [File] C:\Windows\system32\shoE708.tmp
Successfully deleted: [File] C:\Windows\system32\shoE70B.tmp
Successfully deleted: [File] C:\Windows\system32\shoE883.tmp
Successfully deleted: [File] C:\Windows\system32\shoEA12.tmp
Successfully deleted: [File] C:\Windows\system32\shoEB2B.tmp
Successfully deleted: [File] C:\Windows\system32\shoEF8F.tmp
Successfully deleted: [File] C:\Windows\system32\shoEFBB.tmp
Successfully deleted: [File] C:\Windows\system32\shoF508.tmp
Successfully deleted: [File] C:\Windows\system32\shoF660.tmp
Successfully deleted: [File] C:\Windows\system32\shoF70B.tmp
Successfully deleted: [File] C:\Windows\system32\shoF7DE.tmp
Successfully deleted: [File] C:\Windows\system32\shoF8E1.tmp
Successfully deleted: [File] C:\Windows\system32\shoF93F.tmp
Successfully deleted: [File] C:\Windows\system32\shoFB25.tmp
Successfully deleted: [File] C:\Windows\system32\shoFD64.tmp
Successfully deleted: [File] C:\Windows\system32\shoFE19.tmp
Successfully deleted: [File] C:\Windows\system32\shoFE30.tmp
Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\Users\XYZ\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\XYZ\AppData\Roaming\pdfforge"
Successfully deleted: [Folder] "C:\Users\XYZ\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\XYZ\appdata\locallow\pdfforge"
Successfully deleted: [Folder] "C:\Users\XYZ\appdata\locallow\search settings"
Successfully deleted: [Folder] "C:\Program Files\application updater"
Successfully deleted: [Folder] "C:\Program Files\icq6toolbar"
Successfully deleted: [Folder] "C:\Program Files\pdfforge toolbar"
Failed to delete: [Folder] "C:\Program Files\Common Files\spigot"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.04.2013 at 21:51:46,42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

2)adwCleaner:

Code: Alles auswählenAufklappen

ATTFilter

# AdwCleaner v2.202 - Datei am 25/04/2013 um 21:57:52 erstellt
# Aktualisiert am 23/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium  (32 bits)
# Benutzer : XYZ - XYZ
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\XYZ\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Program Files\Common Files\spigot
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5D723752-5899-47E8-99B4-62C824EF9E13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5555CC4C-FA2B-4D69-8296-B6AE5E95C0B7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SmartBar.CT2625848
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{63BEF061-5EFC-4753-9806-ED0573BC7C4B}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{BE7785D6-045F-44FB-A1E4-3FA555874415}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ICQToolbar
Schlüssel Gelöscht : HKLM\Software\pdfforge
Schlüssel Gelöscht : HKLM\Software\Search Settings
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7600.17267

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\XYZ\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [2826 octets] - [25/04/2013 21:57:52]

########## EOF - C:\AdwCleaner[S1].txt - [2886 octets] ##########
         

3)OTL:

OTL.Txt Editor

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 4/25/2013 10:06:26 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\XYZ\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 56.70% Memory free
6.00 Gb Paging File | 4.54 Gb Available in Paging File | 75.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 890.41 Gb Total Space | 803.33 Gb Free Space | 90.22% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 23.53 Gb Free Space | 58.82% Space Free | Partition Type: NTFS
 
Computer Name: XYZ | User Name: XYZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\XYZ\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft Inc.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a00aab40bdf5aed84b4d4294965cf20d\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\dd2d0cf72eac6e5b113a0059aeb3cab5\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtGui4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtSql4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtScript4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtNetwork4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtCore4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\QtDeclarative4.dll ()
MOD - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\imageformats\qgif4.dll ()
MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files\Common Files\Microsoft Shared\Web Folders\1031\nsextint.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (ACDaemon) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (ArcSoft Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (catchme) -- C:\Users\~1\AppData\Local\Temp\catchme.sys File not found
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\Windows\System32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (KL1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (RTL8192su) -- C:\Windows\System32\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\URLSearchHook:  - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{432C657B-AB37-491E-8C53-C4B369D39B1B}: "URL" = hxxp://go.web.de/br/ie8_search_ebay/?q={searchTerms}
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{4D3A3268-0704-4E74-8AF4-A180761461D7}: "URL" = hxxp://go.web.de/br/ie8_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGHP_deDE415
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{A291A10C-3FC2-4308-A71D-A28B9849B72A}: "URL" = hxxp://go.web.de/br/ie8_search_amazon/?keywords={searchTerms}
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{C31C8515-CC6B-4FA7-B621-A7AA4DE7497E}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\SearchScopes\{FC3A14B0-228A-4D08-988E-AEBAC666BE78}: "URL" = hxxp://go.mail.com/br/ie8_search_web/?su={searchTerms}
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1463205399-554048611-282685520-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpWinExt,version=5.0: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\npwinext.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/01/21 19:05:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\5.0.1449.0\Firefox [2011/01/21 19:20:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3112ca9c-de6d-4884-a869-9855de68056c}: C:\ProgramData\Google\Toolbar for Firefox\{3112ca9c-de6d-4884-a869-9855de68056c} [2011/01/21 22:13:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\toolbar@web.de: C:\Program Files\WEB.DE Toolbar IE8\Firefox\WEBDE_toolbar [2011/03/30 12:44:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru [2012/10/30 18:47:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\KavAntiBanner@Kaspersky.ru [2012/10/30 18:47:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru [2012/10/30 18:47:57 | 000,000,000 | ---D | M]
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
 
O1 HOSTS File: ([2013/04/23 18:47:39 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll (Google Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB_DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O3 - HKLM\..\Toolbar: (WEB.DE Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\Toolbar\WebBrowser: (DVDVideoSoftTB_DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Users\XYZ\AppData\LocalLow\CT2625848\ldrtbDVDV.dll ()
O3 - HKU\S-1-5-21-1463205399-554048611-282685520-1000\..\Toolbar\WebBrowser: (WEB.DE Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-21-1463205399-554048611-282685520-1000..\Run: [ICQ] C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1463205399-554048611-282685520-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1463205399-554048611-282685520-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C7E6CD9-BDFA-4788-AA0F-146DE9693532}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF3F26A8-CAA2-45C6-9B8B-7AC9D5B5A0FF}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\webde {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE Toolbar IE8\uitb.dll (1und1 Mail und Media GmbH)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - (C:\Windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/25 21:49:22 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013/04/25 21:49:11 | 000,000,000 | ---D | C] -- C:\JRT
[2013/04/25 21:47:45 | 000,535,764 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\XYZ\Desktop\JRT.exe
[2013/04/23 18:52:00 | 000,000,000 | ---D | C] -- C:\Users\XYZ\AppData\Local\temp
[2013/04/23 18:47:42 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013/04/23 18:45:37 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013/04/23 18:11:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013/04/23 18:11:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013/04/23 18:11:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013/04/23 18:11:24 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013/04/23 18:11:21 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013/04/23 18:11:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013/04/23 18:08:32 | 005,059,674 | R--- | C] (Swearware) -- C:\Users\XYZ\Desktop\ComboFix.exe
[2013/04/20 23:08:00 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\XYZ\Desktop\tdsskiller.exe
[2013/04/20 22:42:26 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\XYZ\Desktop\aswMBR.exe
[2013/04/20 18:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/04/20 18:40:53 | 000,000,000 | ---D | C] -- C:\Users\XYZ\Desktop\mbar-1.05.0.1001
[2013/04/18 22:14:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\XYZ\Desktop\OTL.exe
[2013/04/10 18:28:28 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013/04/10 18:28:25 | 003,958,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013/04/10 18:28:25 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013/04/10 18:28:24 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013/04/10 18:28:20 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2013/04/10 18:28:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2013/04/10 18:28:10 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013/04/10 18:28:10 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2013/04/10 18:28:09 | 000,386,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2013/04/10 18:28:09 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2013/04/10 18:28:09 | 000,185,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2013/04/10 18:28:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013/04/10 18:28:08 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013/04/10 18:28:08 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013/04/10 18:28:08 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2013/04/10 18:28:08 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013/04/10 18:28:08 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2013/04/10 18:28:08 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2013/04/04 10:07:59 | 000,000,000 | R--D | C] -- C:\Users\XYZ\Desktop
[2013/04/03 22:30:35 | 000,000,000 | ---D | C] -- C:\Users\XYZ\Auto
[2013/03/28 21:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Becker Content Manager
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/25 22:08:04 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/25 22:08:04 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/25 21:59:47 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/04/25 21:59:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/04/25 21:59:24 | 2415,321,088 | -HS- | M] () -- C:\hiberfil.sys
[2013/04/25 21:56:22 | 000,619,461 | ---- | M] () -- C:\Users\XYZ\Desktop\adwcleaner.exe
[2013/04/25 21:47:58 | 000,535,764 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\XYZ\Desktop\JRT.exe
[2013/04/25 21:17:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/04/24 23:25:25 | 000,048,481 | ---- | M] () -- C:\Users\XYZ\Desktop\24.04.2.png
[2013/04/24 23:24:21 | 000,092,474 | ---- | M] () -- C:\Users\XYZ\Desktop\24.04..png
[2013/04/23 18:47:39 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2013/04/23 18:08:39 | 005,059,674 | R--- | M] (Swearware) -- C:\Users\XYZ\Desktop\ComboFix.exe
[2013/04/22 23:08:01 | 000,000,512 | ---- | M] () -- C:\Users\XYZ\Desktop\MBR.dat
[2013/04/20 23:08:05 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\XYZ\Desktop\tdsskiller.exe
[2013/04/20 22:42:30 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\XYZ\Desktop\aswMBR.exe
[2013/04/19 22:31:56 | 012,917,756 | ---- | M] () -- C:\Users\XYZ\Desktop\mbar-1.05.0.1001.zip
[2013/04/19 21:34:39 | 000,377,856 | ---- | M] () -- C:\Users\XYZ\Desktop\gmer_2.1.19163.exe
[2013/04/18 22:14:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\XYZ\Desktop\OTL.exe
[2013/04/11 23:25:54 | 000,693,922 | ---- | M] () -- C:\Windows\System32\perfh00A.dat
[2013/04/11 23:25:54 | 000,691,660 | ---- | M] () -- C:\Windows\System32\perfh013.dat
[2013/04/11 23:25:54 | 000,690,194 | ---- | M] () -- C:\Windows\System32\perfh015.dat
[2013/04/11 23:25:54 | 000,689,576 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2013/04/11 23:25:54 | 000,679,810 | ---- | M] () -- C:\Windows\System32\prfh0816.dat
[2013/04/11 23:25:54 | 000,654,594 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013/04/11 23:25:54 | 000,632,648 | ---- | M] () -- C:\Windows\System32\perfh00E.dat
[2013/04/11 23:25:54 | 000,616,476 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/04/11 23:25:54 | 000,610,670 | ---- | M] () -- C:\Windows\System32\perfh01F.dat
[2013/04/11 23:25:54 | 000,148,520 | ---- | M] () -- C:\Windows\System32\perfc00E.dat
[2013/04/11 23:25:54 | 000,137,272 | ---- | M] () -- C:\Windows\System32\perfc00A.dat
[2013/04/11 23:25:54 | 000,135,050 | ---- | M] () -- C:\Windows\System32\perfc015.dat
[2013/04/11 23:25:54 | 000,133,962 | ---- | M] () -- C:\Windows\System32\prfc0816.dat
[2013/04/11 23:25:54 | 000,133,150 | ---- | M] () -- C:\Windows\System32\perfc013.dat
[2013/04/11 23:25:54 | 000,130,208 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013/04/11 23:25:54 | 000,127,354 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2013/04/11 23:25:54 | 000,121,736 | ---- | M] () -- C:\Windows\System32\perfc01F.dat
[2013/04/11 23:25:54 | 000,106,598 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/04/10 20:44:17 | 000,368,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/04/04 00:49:24 | 000,000,017 | ---- | M] () -- C:\Windows\System32\shortcut_ex.dat
[2013/03/28 21:50:07 | 000,001,127 | ---- | M] () -- C:\Users\Public\Desktop\Becker Content Manager.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/04/25 21:56:13 | 000,619,461 | ---- | C] () -- C:\Users\XYZ\Desktop\adwcleaner.exe
[2013/04/24 23:25:25 | 000,048,481 | ---- | C] () -- C:\Users\XYZ\Desktop\24.04.2.png
[2013/04/24 23:24:21 | 000,092,474 | ---- | C] () -- C:\Users\XYZ\Desktop\24.04..png
[2013/04/23 18:11:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013/04/23 18:11:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013/04/23 18:11:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013/04/23 18:11:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013/04/23 18:11:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013/04/22 23:08:01 | 000,000,512 | ---- | C] () -- C:\Users\XYZ\Desktop\MBR.dat
[2013/04/19 22:31:47 | 012,917,756 | ---- | C] () -- C:\Users\XYZ\Desktop\mbar-1.05.0.1001.zip
[2013/04/19 21:34:37 | 000,377,856 | ---- | C] () -- C:\Users\XYZ\Desktop\gmer_2.1.19163.exe
[2013/04/04 00:49:24 | 000,000,017 | ---- | C] () -- C:\Windows\System32\shortcut_ex.dat
[2013/03/28 21:50:07 | 000,001,127 | ---- | C] () -- C:\Users\Public\Desktop\Becker Content Manager.lnk
[2012/04/14 22:22:34 | 000,000,288 | ---- | C] () -- C:\Users\XYZ\AppData\Roaming\.backup.dm
[2012/03/18 18:02:02 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Techno Kit
[2012/03/18 18:02:02 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Tables
[2012/03/18 18:02:02 | 000,000,268 | RH-- | C] () -- C:\Users\XYZ\AppData\Roaming\System Image Utility
[2012/03/18 18:02:02 | 000,000,268 | RH-- | C] () -- C:\Users\XYZ\AppData\Roaming\Synth Textures
[2012/03/18 18:02:02 | 000,000,268 | RH-- | C] () -- C:\Users\XYZ\AppData\Roaming\Synth Pads
[2012/03/18 18:02:02 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012/03/18 18:02:02 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012/03/18 18:02:02 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Vocal Transformer
[2012/03/18 18:02:02 | 000,000,012 | RH-- | C] () -- C:\ProgramData\User Pictures
[2012/03/18 18:02:02 | 000,000,012 | RH-- | C] () -- C:\ProgramData\URLs
[2012/03/18 18:02:01 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012/01/14 19:53:39 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012/01/07 23:15:01 | 000,004,096 | -H-- | C] () -- C:\Users\XYZ\AppData\Local\keyfile3.drm
[2011/12/27 22:33:11 | 000,017,408 | ---- | C] () -- C:\Users\XYZ\AppData\Local\WebpageIcons.db
 
========== ZeroAccess Check ==========
 
[2009/07/14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 06:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         

Extras.Txt Editor

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 4/25/2013 10:06:26 PM - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\XYZ\Desktop
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 1.70 Gb Available Physical Memory | 56.70% Memory free
6.00 Gb Paging File | 4.54 Gb Available in Paging File | 75.75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 890.41 Gb Total Space | 803.33 Gb Free Space | 90.22% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 23.53 Gb Free Space | 58.82% Space Free | Partition Type: NTFS
 
Computer Name: XYZ | User Name: XYZ | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03B74180-D76A-4C8F-A6F6-3103E109E941}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{07646CDD-4BD2-4800-94BF-8D1DDF9C754B}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0C96CB0D-2A7A-4A88-AFE0-BA38E61B4FE9}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1310D265-A30C-4FCE-9A40-94039462C0CD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1ABA908A-78FE-4717-8768-7E751053645B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1BCF41E0-8F66-4F4A-A7C7-ABA7FB11B270}" = rport=138 | protocol=17 | dir=out | app=system | 
"{30FCB229-31D0-4705-AD07-8B7E61490568}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5787F921-5431-4BA2-A3E2-0FAD3C661A8D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5D2B11F8-A097-4992-A229-DC6AA51A9A22}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{73BC6293-9162-4966-82B4-3042E2D74DEB}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7714FED0-79FC-4D57-B4DD-B98B4A1A9DC6}" = lport=139 | protocol=6 | dir=in | app=system | 
"{7B3AE9FE-3D74-4F90-B772-FF9ABF0FC216}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8C1A9568-F520-4BBC-AB24-8B809B571F84}" = lport=445 | protocol=6 | dir=in | app=system | 
"{93D50508-69FE-4C5E-B532-0C511EB50E75}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{9ACDED70-11A1-4D4C-8ECD-A482449B92AA}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A0CC27A7-9A11-4826-925A-6F85F9A33CAF}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A15040A5-2E7D-47D3-B496-55133D56F708}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A35DC2EA-9E0D-4F08-8681-48AD467A2981}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{AF10D220-3861-4641-BCDB-ACFA81EDF20A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D3F7F406-992C-4FD0-B448-970A8BAABB26}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D964598F-3CD9-4F7E-BB08-767C59DCB4A4}" = rport=137 | protocol=17 | dir=out | app=system | 
"{DE2E95B6-C0E2-4763-9E92-2496398CEE48}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DFEABD30-BFC3-4CCE-A191-7C4D90990D82}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{F66BCFBD-B2E1-443A-AE50-D696DE926991}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FC471ED0-36BF-403A-98C6-924DDDA231A2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{053BC0F2-836E-4A84-B8F6-7A6A083BE34E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{056F4C23-7EB4-468C-AD6E-11CD8DCEE687}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{087EFD99-E62A-4F9F-84EA-5F639E1BA320}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{0972544F-A9EF-4820-A959-BC5652A47D61}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0B5B3474-02D5-41FB-8BE7-1A00B93CB5BC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{0DD76F02-0CB6-4CEE-965F-16849E1338F5}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{18D5E152-030D-433B-8459-F85965F86922}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{1E8312E3-AD9C-4571-81CA-096E569236F5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{26B4EB06-280F-4994-B6CC-B3DA46B68444}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe | 
"{2B14787F-8F01-49ED-9062-8067830607BF}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{2F1F19AA-2CC0-4CF2-A561-4F7E64587125}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{34307912-13DA-47F9-84BD-EEFC76C89661}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{4342EE36-DF66-48A8-BF20-4E7C975ADC6F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{47113460-FF6D-44AB-A9F0-8CD28615B7DC}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe | 
"{57B951B6-CC36-4F94-9D41-52F345B58648}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5BC15063-A98C-42EF-8687-F2C22B1E6D91}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5BFE8A42-CCD1-4057-8B4D-DF256BE8C2FA}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{6F2811AE-0F27-4702-9F6F-3C9333937DD9}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\devicesetup.exe | 
"{6F71CB98-89D4-4E4D-B6A8-18EB3F758F9C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{708A2176-7AFC-4F3E-8458-55C8DF4B08F2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9BF3B4EF-16AF-4778-874A-5D57E96D710B}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 3050 j610 series\bin\hpnetworkcommunicator.exe | 
"{9D9FCCDC-E783-484A-B2CE-DBF502633089}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A1AC82B1-4E9F-49D1-896E-27467F231803}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A60207D4-5143-47B2-BEB6-1CD7EC4F8017}" = protocol=17 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{AFE24910-1896-442A-A6D7-335F4C877CB1}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{B5197E2F-C93E-449B-A3FB-0C37728F25F8}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{BAF72E62-8F83-4521-9CC8-5D5DEB333F70}" = protocol=6 | dir=out | app=system | 
"{C1EF6C8D-FC59-418B-95FE-4931E86AC009}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C687FEEC-0745-40B9-81DB-A81853269CF7}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D0CAABE8-6F10-45E2-95D6-6EB995F26B48}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{DC23138F-AB29-4B58-BCCD-F6B2B4D8BD89}" = protocol=6 | dir=in | app=c:\program files\icq7.4\icq.exe | 
"{F9063565-9DE5-418F-986D-848F6E68A389}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{FD006F46-67D8-44BB-986F-3772F16FD129}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4
"_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{06E6E30D-B498-442F-A943-07DE41D7F785}" = Microsoft Search Enhancement Pack
"{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{093561FF-BC54-CD42-77BD-4885F16C60B7}" = CCC Help Danish
"{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE
"{17D39326-BF2B-FCE9-DE84-58EE76F945CD}" = CCC Help French
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28F11027-A8BC-44D3-A59A-CA018ED73E8C}" = Compact&Easy
"{2CCBABCB-6427-4A55-B091-49864623C43F}" = Google Toolbar for Firefox
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN
"{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A4940D6-418E-867B-F214-2B0C58E7961D}" = CCC Help Swedish
"{4F7177E9-2B54-48B4-AAFD-03FA1F87A542}" = Bing Bar Platform
"{537575D6-3B96-474C-BD8F-DFF667363DBD}" = Naviextras Toolbox Prerequesities
"{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{701BDB1B-8D00-8C67-6F64-BDD3B58EC827}" = CCC Help Norwegian
"{70AA9B4F-64F7-4B0D-ADD8-05802D61AF72}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37}" = ICQ7.4
"{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{80D847BF-3610-4BE4-9F05-970BADEADB9A}" = Studie zur Verbesserung von HP Deskjet 3050 J610 series Produkten
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8CA7DA5E-B8BD-4E9F-A6F2-BAF53D503498}" = HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.3.3 MUI
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B355AD55-ED88-4A46-015D-51AAD00EB57D}" = CCC Help Japanese
"{B95B1BA9-F887-4B3C-8D3A-CCD4C4675120}" = Microsoft Default Manager
"{B95FB6E3-8373-52BC-C824-8DDB1D6DD049}" = CCC Help Dutch
"{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw
"{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BE4AE3A7-190D-BCB8-A953-A708C9E8E8AA}" = ATI Catalyst Install Manager
"{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA
"{C09C15F5-DDB7-3820-CF1A-798051174EC7}" = CCC Help Italian
"{C2214950-8342-4878-1286-31D0F07FDC34}" = Catalyst Control Center Localization All
"{C39F6C00-142E-48AC-633F-15E6AA7E24D8}" = Catalyst Control Center Graphics Previews Vista
"{C47D990B-5D5C-B6A6-A04D-676379D39170}" = CCC Help English
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES
"{C7105B49-9E6E-C93C-74E6-858B0863F604}" = Catalyst Control Center InstallProxy
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension
"{CF52C7EA-BDEF-A58F-6F33-0431076766C8}" = ccc-utility
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D7C7EA35-4C51-F874-3AB7-95DC40DDA494}" = CCC Help German
"{D81845B4-5239-AD56-39A5-9FCFE528330F}" = ccc-core-static
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{DFD284CD-501F-B36C-67D9-05D4D7D590AB}" = CCC Help Spanish
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{EAC1A606-1D31-AC37-90DD-5684A6E7D2E8}" = CCC Help Finnish
"{EB788378-C27A-468F-BEAC-00C123D216E6}" = WEB.DE Toolbar MSVC90 CRT
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters
"{F18046C5-1C4E-4BE1-A3D6-A6F970E2E8E8}" = ArcSoft Panorama Maker 5
"{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}" = HP Deskjet 3050 J610 series Hilfe
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = WEB.DE Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"1&1 Mail & Media GmbH Toolbar IE8" = WEB.DE Toolbar für Internet Explorer
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Becker Content Manager" = Becker Content Manager 5.20.1008
"Content Manager 2" = Content Manager 2
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Internet Security 2012
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"WinLiveSuite_Wave3" = Windows Live Essentials
"Zattoo4" = Zattoo4 4.0.5
 
< End of report >
         

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

• Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
• Lade und starte Eset Online Scanner
• Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
• Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
• Klicke auf Starten.
• Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
• Klicke am Ende des Suchlaufs auf Fertig stellen.
• Schließe das Fenster von ESET.
• Explorer öffnen.
• C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
• Logfile hier posten.
• Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
• Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

1) Malwarebytes:

Code: Alles auswählenAufklappen

ATTFilter

 Malwarebytes Anti-Malware  (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.26.06

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
XYZ ::  [Administrator]

Schutz: Aktiviert

26.04.2013 21:24:52
mbam-log-2013-04-26 (21-24-52).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 218399
Laufzeit: 5 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

2) ESET:

Code: Alles auswählenAufklappen

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=97566b85c998994f9227d39fe72ff241
# engine=13707
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-27 12:46:24
# local_time=2013-04-27 02:46:24 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7600 NT 
# compatibility_mode=1285 16777213 100 100 21090 63671496 0 0
# compatibility_mode=5893 16776573 100 94 20684 118654775 0 0
# scanned=644368
# found=0
# cleaned=0
# scan_time=18588
         

Achso, was mir in der letzten Zeit noch am PC aufgefallen ist, ich weiß nicht ob es mit dieser Sache in Zusammenhang steht:

Wenn ich im Internet Explorer unter Sicherheit -> Browserverlauf löschen den Verlauf und evtl. gespeicherte Kennwörter löschen will, kommt zwar dieses Fenster "Browserverlauf löschen" und der grüne Balken bewegt sich und arbeitet und arbeitet und kommt einfach nie zum Ende, bleibt aber auch nicht hängen? Läuft schon über eine Stunde so. Ich glaube ich habe an den einzelnen Häkchen mal was verändert, ob das der Grund ist?

Folgende Auswahl gibt es ja:

- Bevorzugte Websiten beibehalten
- Temporäre Internetdateien (Haken ist gesetzt)
- Cookies (Haken ist gesetzt)
- Verlauf (Haken ist gesetzt)
- Formulardaten (Haken ist gesetzt)
- Kennwörter (Haken ist gesetzt)
- In-Private Filterungsdaten

Wie lange darf sowas dauern? Warum funktioniert das nicht mehr?

Zitat:

Wie lange darf sowas dauern? Warum funktioniert das nicht mehr?

Wie lange sowas dauern kann ist nicht zu beantworten, das dauert auf jedem Rechner unterschiedlich lange und warum der IE das nicht mehr machen ist bei dieser Infolage etwas

Allerdings frage ich mich, warum du noch den IE8 drin hast, wir sind bei den Betriebssystemen Windows7 und Windows8 bei IE10! Und das SP1 für Windows7 hast du auch nicht installiert!

Warum? Hast du die Updates ausgestellt?

Welche Infos benötigst du denn?

Von wo installiert man den IE 10 denn am besten? Hier?: hxxp://windows.microsoft.com/de-DE/internet-explorer/downloads/ie-10/worldwide-languages

Welche Version denn? SP1 64 bit? Damit habe ich gleichzeitig IE10 und das von dir angesprochene SP1 oder wie?

Wo kann ich die automatischen Updates einstellen?

Zur Ursprungsfrage zurück: Wie sieht es denn jetzt mit dem "Trojaner" HEUR:Exploit.Java.CVE-2012-0507.gen aus? Kann ich die ganzen Scanner auf meinem Rechner wieder löschen? Was meinst du?

Hast du noch nie was von Windows-Update gehört?!
Mehr dazu später

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Zitat:

Zitat von cosinus

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Ja also soweit ich es halt einschätzen kann schon. Soll ich mal mit meinem Kaspersky eine Komplettuntersuchung des PC machen? Auf diese Weise ist ja die Malware HEUR:Exploit.Java.CVE-2012-0507.gen neulich gefunden worden, d.h. für mich als Laien dürfte Kaspersky bei einer komplettuntersuchung nicht mehr anschlagen oder?

Was für mich wichtig zu wissen wäre aufgrund meines vollen Desktops: Kann ich die ganzen Scanner von dir wieder löschen?

Bitte TFC ausführen, dann sollte der auch weg sein, mal ganz davon abgesehen, dass es nur ein heuristischer Treffer ist

TFC - Temp File Cleaner

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe und drücke auf Start.
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.