Virus/Trojaner? Google Links Weiterleitung auf Monstermarketplace.com

empijion · 22.05.2013, 21:32

Hallo Trojaner-Board-Helfer,
mein Problem betrifft ein HP Notebook, Win 7 Ultimate.
Bei der Google-Suche werde ich beim Anklicken der Links auf die Site monstermarketplace.com weitergeleitet.

Kaspersky hat nichts gefunden und ich weiß nicht mehr weiter. Da ich nur mäßige PC-Erfahrung habe, bitte ich euch um Hilfe! Es wäre super, wenn ihr mir weiterhelfen könntet! An dieser Stelle schon mal herzlichen Dank, dass ihr euch für Dummies wie mich, die Zeit nehmt und eure Freizeit opfert!

Lt. eurer Liste für HIlfesuchende habe ich Defogger installiert.
Log:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:01 on 22/05/2013 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

Anschließend OTL

OTL logfile created on: 22.05.2013 22:02:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,75 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 66,72% Memory free
7,49 Gb Paging File | 6,01 Gb Available in Paging File | 80,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 267,66 Gb Total Space | 10,88 Gb Free Space | 4,07% Space Free | Partition Type: NTFS

Computer Name: **********-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.05.22 22:01:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2013.04.04 13:43:44 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
PRC - [2012.04.07 19:41:29 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe

========== Modules (No Company Name) ==========

MOD - [2012.08.17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
MOD - [2012.04.07 19:41:28 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2003.07.11 04:09:28 | 000,048,192 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\1031\nsextint.dll

========== Services (SafeList) ==========

SRV:64bit: - [2010.11.26 03:32:55 | 009,464,168 | ---- | M] (DisplayLink Corp.) [Auto | Running] -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe -- (DisplayLinkService)
SRV:64bit: - [2010.09.15 04:47:36 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.05.15 18:06:25 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.04 13:43:44 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe -- (AVP)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.05 16:56:28 | 000,266,240 | ---- | M] (Brother Industries, Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Browny02\BrYNSvc.exe -- (BrYNSvc)
SRV - [2010.05.04 13:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.04.23 16:12:52 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)
DRV:64bit: - [2013.04.23 16:12:52 | 000,055,056 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)
DRV:64bit: - [2013.04.23 16:12:51 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.10.25 12:42:02 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2012.10.25 12:42:02 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2012.07.31 13:56:58 | 000,095,344 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrSerIb.sys -- (BrSerIb)
DRV:64bit: - [2012.06.22 03:59:36 | 000,021,872 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BrUsbSib.sys -- (BrUsbSIb)
DRV:64bit: - [2012.06.19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.06.01 07:18:22 | 000,079,360 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ax88772.sys -- (AX88772)
DRV:64bit: - [2011.04.10 21:08:50 | 000,017,408 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_5.6.31854.0.sys -- (DisplayLinkUsbPort)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.26 03:33:22 | 000,203,376 | ---- | M] (DisplayLink Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dlkmd.sys -- (dlkmd)
DRV:64bit: - [2010.11.26 03:33:22 | 000,013,936 | ---- | M] (DisplayLink Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\dlkmdldr.sys -- (dlkmdldr)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.09.15 05:17:28 | 006,861,312 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.09.15 04:13:58 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.09.02 00:52:50 | 003,065,408 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2010.08.11 22:43:00 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2010.06.04 02:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010.05.20 20:06:38 | 000,096,384 | ---- | M] (Realtek Semiconductor Corp.) [2 MP Fixed] [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvc.sys -- (rtsuvc)
DRV:64bit: - [2010.03.09 23:03:52 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie64.sys -- (AtiPcie)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 22:35:38 | 000,707,072 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr7364.sys -- (netr7364)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D9 AD C9 EE 95 D5 CB 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_de
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.03.13 20:53:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.04.23 16:12:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.04.23 16:12:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.04.23 16:12:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.04.23 16:12:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.04.23 16:12:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.07 19:41:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2011.08.24 19:15:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2013.05.22 17:41:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\q6ohm84h.default\extensions
[2011.08.24 19:15:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.07 19:41:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.04.07 19:41:26 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.07 19:41:26 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.07 19:41:26 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.07 19:41:26 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.07 19:41:26 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.07 19:41:26 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Modul f\u00FCr das Blockieren gef\u00E4hrlicher Webseiten = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3\
CHR - Extension: Anti-Banner = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [iyabpond] C:\Users\***\AppData\Roaming\DHCPQECL.dll ()
O4 - HKCU..\Run: [SecureBanking] C:\Program Files (x86)\Secure Banking\SecureBanking.exe (Secure Banking)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {CEF002D2-5A9F-4656-AA41-85DA2534ACBD} https://web2mail.bsw-kehl.de/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} hxxp://webmail.bsw-kehl.de/dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D377D2A-D953-4647-B42D-C832C8D7E881}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.05.22 21:21:56 | 000,700,783 | R--- | C] (Swearware) -- C:\Users\***\Desktop\dds++.exe
[2013.05.22 20:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013.05.21 21:09:59 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ProcAlyzer Dumps
[2013.05.21 20:48:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.05.21 20:34:03 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\CCleaner_Sicherungsdateien
[2013.05.12 09:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secure Banking
[2013.05.12 09:10:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secure Banking
[2013.05.12 08:48:50 | 000,700,783 | R--- | C] (Swearware) -- C:\Users\***\Desktop\dds+.exe
[2013.05.12 08:38:59 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\TFC.exe
[2013.05.11 19:24:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.05.06 19:34:02 | 000,000,000 | ---D | C] -- C:\Temp
[2013.05.06 19:34:02 | 000,000,000 | ---D | C] -- \Temp
[2010.01.23 02:59:40 | 002,495,080 | ---- | C] (Amazon.com) -- C:\Program Files\AmazonMP3Downloader.exe

========== Files - Modified Within 30 Days ==========

[2013.05.22 22:07:00 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.22 22:06:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.22 22:01:10 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.05.22 21:56:11 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 21:56:11 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 21:55:30 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.22 21:55:30 | 000,652,240 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.22 21:55:30 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.22 21:55:30 | 000,129,908 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.22 21:55:30 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.22 21:48:11 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.22 21:47:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.22 21:47:37 | 4022,923,264 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.22 21:22:01 | 000,700,783 | R--- | M] (Swearware) -- C:\Users\***\Desktop\dds++.exe
[2013.05.22 21:16:58 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\TFC.exe
[2013.05.22 21:06:21 | 000,632,031 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.05.22 20:11:52 | 001,049,314 | ---- | M] () -- C:\Windows\SysNative\oem30.inf
[2013.05.22 20:11:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013.05.22 19:31:40 | 000,000,017 | ---- | M] () -- C:\Users\***\AppData\Local\resmon.resmoncfg
[2013.05.22 18:01:43 | 000,002,723 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office PowerPoint 2003.lnk
[2013.05.22 18:01:33 | 000,002,735 | ---- | M] () -- C:\Users\***\Desktop\Microsoft Office Excel 2003.lnk
[2013.05.18 08:32:59 | 000,310,817 | ---- | M] () -- C:\Users\***\Desktop\Laufzettel.pdf
[2013.05.18 08:32:36 | 000,173,203 | ---- | M] () -- C:\Users\***\Desktop\Indianer Deckblatt.pdf
[2013.05.16 16:04:24 | 000,465,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.12 09:10:14 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Secure Banking.lnk
[2013.05.12 08:48:57 | 000,700,783 | R--- | M] (Swearware) -- C:\Users\***\Desktop\dds+.exe
[2013.05.11 19:19:04 | 000,000,866 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.04.29 19:18:41 | 000,026,120 | ---- | M] () -- C:\Windows\BRRBCOM.INI
[2013.04.23 16:12:52 | 000,178,448 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kneps.sys
[2013.04.23 16:12:52 | 000,055,056 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\kltdi.sys
[2013.04.23 16:12:51 | 000,620,128 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klif.sys
[2013.04.23 16:12:51 | 000,090,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klflt.sys

========== Files Created - No Company Name ==========

[2013.05.22 22:01:10 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.05.22 21:06:14 | 000,632,031 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe
[2013.05.22 20:12:06 | 001,049,314 | ---- | C] () -- C:\Windows\SysNative\oem30.inf
[2013.05.22 20:11:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013.05.22 19:31:40 | 000,000,017 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg
[2013.05.22 18:01:43 | 000,002,723 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office PowerPoint 2003.lnk
[2013.05.22 18:01:33 | 000,002,735 | ---- | C] () -- C:\Users\***\Desktop\Microsoft Office Excel 2003.lnk
[2013.05.18 08:33:02 | 000,310,817 | ---- | C] () -- C:\Users\***\Desktop\Laufzettel.pdf
[2013.05.18 08:32:42 | 000,173,203 | ---- | C] () -- C:\Users\***\Desktop\Indianer Deckblatt.pdf
[2013.05.12 09:10:14 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Secure Banking.lnk
[2013.05.06 19:29:48 | 000,000,866 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.04.03 16:30:55 | 000,000,215 | ---- | C] () -- C:\Windows\wininit.ini
[2013.03.23 10:23:14 | 000,159,744 | RHS- | C] () -- C:\Users\***\AppData\Roaming\DHCPQECL.dll
[2013.03.08 20:08:34 | 000,000,092 | ---- | C] () -- C:\Windows\brpcfx.ini
[2013.03.08 20:08:34 | 000,000,024 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2013.03.08 20:06:10 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2013.03.08 20:01:16 | 000,026,120 | ---- | C] () -- C:\Windows\BRRBCOM.INI
[2012.08.06 08:33:12 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012.08.06 08:33:12 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012.03.10 12:03:18 | 000,000,151 | ---- | C] () -- C:\Windows\wiso.ini
[2012.02.06 20:56:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2012.02.06 20:56:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd11.dll
[2012.02.06 20:56:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2012.01.23 20:18:59 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.01.23 20:18:59 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.03.14 19:48:16 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm
[2011.03.07 21:53:23 | 000,382,077 | RHS- | C] () -- \YIZCJ
[2011.03.07 21:53:23 | 000,000,020 | RHS- | C] () -- \win7.ld
[2011.02.26 10:28:42 | 000,000,065 | ---- | C] () -- C:\Users\***\_dataoracleclientperfcounters_shared12_neutral_d.ini
[2011.02.25 07:56:43 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2011.02.25 07:56:41 | 000,383,786 | RHS- | C] () -- \bootmgr
[2011.02.24 22:57:25 | 4022,923,264 | -HS- | C] () -- \hiberfil.sys
[2010.01.21 23:59:14 | 000,009,107 | ---- | C] () -- C:\Program Files\Readme.html

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012.07.21 12:32:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2013.03.08 20:18:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ControlCenter4
[2013.03.08 19:52:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nuance

========== Purity Check ==========

< End of report >

OTL Extras logfile created on: 22.05.2013 22:02:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,75 Gb Total Physical Memory | 2,50 Gb Available Physical Memory | 66,72% Memory free
7,49 Gb Paging File | 6,01 Gb Available in Paging File | 80,16% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 267,66 Gb Total Space | 10,88 Gb Free Space | 4,07% Space Free | Partition Type: NTFS

Computer Name: FABIKATJA-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06CB14DF-9171-4CC9-ADEC-EBD7376B1BF8}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner |
"{138A4BA8-1F24-4A46-8838-26CFF022213E}" = lport=139 | protocol=6 | dir=in | app=system |
"{2177F078-E381-4371-944B-5BC88C027E91}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{32EB9FFB-F3CA-4187-9B37-7C2511BD5684}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{41FA6172-8C55-4452-835A-C1879FF01AA4}" = rport=138 | protocol=17 | dir=out | app=system |
"{4A579F8C-89DE-4190-A5D1-55136521E48D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{569EA542-0247-4AC3-B04A-4AAEF9DF3851}" = rport=137 | protocol=17 | dir=out | app=system |
"{5ABDD845-ACE6-47DC-98D1-8280E1590474}" = lport=137 | protocol=17 | dir=in | app=system |
"{6187C0F7-A6F9-4A52-81B3-D3A0E6EE3626}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{639EEC49-D227-45E9-B4CD-4D17CEDB4CF6}" = lport=138 | protocol=17 | dir=in | app=system |
"{69F14B0A-6BFC-46C6-A633-627FC0FB294D}" = lport=445 | protocol=6 | dir=in | app=system |
"{7A67B979-64A0-4481-9508-EB10530912A0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{86F1B978-2951-4519-B8F4-B03A4BBDF6D5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C04C1C0-DB36-457D-A477-305384837078}" = rport=445 | protocol=6 | dir=out | app=system |
"{913544DE-5940-4D24-8A64-0F312D607C6E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9AECF6CA-4998-4A1C-B936-A8E0EC0C77F2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A493D01F-8CFA-4ABA-9032-0F6BEF46CF87}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AFA8556A-E549-4532-88C3-05884A0915BB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B6941A40-DF4F-4B33-BD40-401A714354B8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C65A0DC8-2F56-4474-B2B7-BF305941282D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C6D28404-3A12-43A9-9927-93405F252AF8}" = rport=139 | protocol=6 | dir=out | app=system |
"{CF0CF40A-D4D4-4745-BEC1-35272694D959}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E0EC09CF-5AB1-4F64-A3BE-4F14D6964699}" = lport=10243 | protocol=6 | dir=in | app=system |
"{FA4B3194-D589-43F7-BE82-51A4D9BA71AA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08AD8B40-D39E-4B0E-A596-630D23B0FF43}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{10B6F987-4ABD-4C04-92A5-35CB32AED954}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl12b\faxrx.exe |
"{41217740-E5F5-4331-8E0E-4D39FCA0DAD3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4D34D7EB-3772-402A-9ED1-328DD96F6C65}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{67FAE3B8-EAB2-4DA0-8FE6-648CEE6B1321}" = protocol=6 | dir=out | app=system |
"{697598A9-4911-46A3-B83D-86881C5D0C2D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6C4D713F-8D19-41F4-9F72-51CD93B8DE14}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{7C4DE51F-E717-400E-B7D3-AEB36C8B45CE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8DFE19CB-D366-4A5E-9399-FD3F95D045DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{947697A4-5951-43B0-9B6F-63E7482416F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{951313B1-DEA3-45C4-B9A5-6B86379038DB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A1F7787E-5172-43FB-BF25-203FEEA5B1F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A88128E7-67F1-417D-9EAC-779916E1C587}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AAE10A06-D362-4ED0-8A25-4BD9119AFF76}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl12b\faxrx.exe |
"{B6787C79-6128-4CA3-A924-3EB0D420D463}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BC7E02B6-C6BC-44F8-9219-DD5D289FDEA8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{BCFA4841-123A-4F5A-B0D2-A77EE683C578}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{E564EC0C-8F41-4961-9FDD-B5AB26E889BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E6C42109-25B5-4E2D-B0A7-2E144B0853B5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F0134ECD-8921-4363-BA27-9C0F757D346B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F1E29F03-04BB-46BC-90BC-D7AD3CC68BC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{5FA28A54-CF59-420C-8B17-3B2F1434F980}C:\windows\syswow64\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"TCP Query User{9BD9D2C0-54F9-424A-8C8C-C170E4EB93E8}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |
"TCP Query User{E23C274D-04E0-4046-842E-F651620956F4}C:\windows\syswow64\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"UDP Query User{00579D0D-3527-4E39-8E0E-DC0C6DEB8494}C:\windows\syswow64\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"UDP Query User{19A400C0-1E49-4385-8837-51D821A43E5C}C:\windows\syswow64\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe |
"UDP Query User{7E8D2529-6645-4D60-96FA-F635C8904C2E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{173D870E-7FB0-7322-7889-807CC9547228}" = ATI Catalyst Install Manager
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C6258F57-2A15-19B6-3082-F2888D26668C}" = ccc-utility64
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF76E87C-0398-45A2-8D07-D5D11CA12FDF}" = DisplayLink Core Software
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PDF Creator" = PDF Creator
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A2FCCC6-AF02-4FBF-9196-1C0A89FF33A5}" = Catalyst Control Center - Branding
"{0C08C0A5-613F-D1CC-4080-4E4A7646E552}" = CCC Help Spanish
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer 2012
"{0D23ABFF-48D3-54AC-98D9-ABA8C3772B97}" = Catalyst Control Center Localization All
"{154E7CE0-089C-53EC-3BB3-209E6B1A5FE6}" = CCC Help Hungarian
"{1673D965-5ADC-B95C-ABE0-8619EBCFC5EF}" = CCC Help French
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{207E9B74-F4D3-4FD7-8142-16FF41825BC4}_is1" = Secure Banking Version 1.5.1
"{2091EAF4-C7A3-CADE-0F3C-87A64796FF2B}" = CCC Help Finnish
"{23D81028-77D9-407C-BC47-07B34E732D0D}" = CCC Help Korean
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{265B95FC-342F-8CD7-197F-99B4B1341ECF}" = CCC Help Chinese Standard
"{2861BDF2-B36A-4C9D-7A95-97EF8DFF53EB}" = CCC Help Czech
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{32AFCEB5-DD1F-E879-962F-C43AB003CC1D}" = CCC Help Danish
"{33774E23-CC33-471F-9635-FCDBF78F20B5}" = HP System Default Settings
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3A800300-D395-37A0-D17D-FDC8461F7028}" = CCC Help Italian
"{4422D20B-F530-4E65-8504-31396C9BC066}" = Google SketchUp 8
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5E7F872E-3F2A-B40F-0626-B8B671A5F4C3}" = CCC Help Portuguese
"{6218D39A-A825-5438-B23A-A0275D06A973}" = CCC Help Thai
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65792F2F-EB8B-7874-4A89-C1A0C206C9FA}" = Catalyst Control Center InstallProxy
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{676CBF19-35FD-7A3A-5EAA-CB091C0234E8}" = CCC Help Dutch
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70F5AD48-91B1-40AE-D7A4-0978606F6DE1}" = CCC Help Greek
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{BE89AE6B-AFDB-F66F-4766-230CE1721E89}" = CCC Help English
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{CB51A24D-551C-DA4E-894B-8115BF45FCA4}" = CCC Help Turkish
"{CEB1E126-51F9-31BC-73DB-265F06851E32}" = CCC Help Russian
"{D4BF2B2B-D80B-4C35-B8DE-1F444B9C1179}" = CCC Help Japanese
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{DD98C438-D769-4677-AA87-3481FA32D20C}" = Brother MFL-Pro Suite MFC-J4410DW
"{DF2AD7A5-D7BF-1AE8-2621-D704A0A7E4CC}" = CCC Help German
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = HP Webcam Driver
"{E2C553E9-51E5-A195-BF5F-C964CF3DDA70}" = CCC Help Norwegian
"{E7E22D1E-8E4D-7278-BD36-71E2C87F61FE}" = CCC Help Swedish
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EDF396A7-8710-0FAB-505C-BA0B5F367241}" = CCC Help Chinese Traditional
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F367D577-6366-0656-85FE-43249DBEF2ED}" = CCC Help Polish
"{FB72F5B5-C295-845E-3E57-55F0E20E039F}" = ccc-core-static
"7-Zip" = 7-Zip 9.20
"99_is1" = Jawbreaker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"dm-Fotowelt" = dm-Fotowelt
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Mozilla Firefox 10.0.1 (x86 de)" = Mozilla Firefox 10.0.1 (x86 de)
"RealPlayer 12.0" = RealPlayer
"Schulschriften_is1" = Schulschriften

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 25.04.2013 07:01:06 | Computer Name = FabiKatja-PC | Source = Desktop Window Manager | ID = 9020
Description = Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x88980406)
festgestellt.

Error - 25.04.2013 23:52:24 | Computer Name = FabiKatja-PC | Source = Desktop Window Manager | ID = 9020
Description = Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x88980406)
festgestellt.

Error - 26.04.2013 11:38:31 | Computer Name = FabiKatja-PC | Source = Desktop Window Manager | ID = 9020
Description = Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x88980406)
festgestellt.

Error - 27.04.2013 03:59:29 | Computer Name = FabiKatja-PC | Source = Desktop Window Manager | ID = 9020
Description = Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x88980406)
festgestellt.

Error - 27.04.2013 04:06:37 | Computer Name = FabiKatja-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashUtil64_11_6_602_180_ActiveX.exe,
Version: 11.6.602.180, Zeitstempel: 0x5130146c Name des fehlerhaften Moduls: ntdll.dll,
Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc0000005 Fehleroffset:
0x00000000000532d0 ID des fehlerhaften Prozesses: 0xb90 Startzeit der fehlerhaften
Anwendung: 0x01ce431d29d01156 Pfad der fehlerhaften Anwendung: C:\Windows\System32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 6216494c-af11-11e2-a404-e02a8202389c

Error - 27.04.2013 04:06:41 | Computer Name = FabiKatja-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: FlashUtil64_11_6_602_180_ActiveX.exe,
Version: 11.6.602.180, Zeitstempel: 0x5130146c Name des fehlerhaften Moduls: ntdll.dll,
Version: 6.1.7601.17725, Zeitstempel: 0x4ec4aa8e Ausnahmecode: 0xc000041d Fehleroffset:
0x00000000000532d0 ID des fehlerhaften Prozesses: 0xb90 Startzeit der fehlerhaften
Anwendung: 0x01ce431d29d01156 Pfad der fehlerhaften Anwendung: C:\Windows\System32\Macromed\Flash\FlashUtil64_11_6_602_180_ActiveX.exe
Pfad
des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: 64623d2f-af11-11e2-a404-e02a8202389c

Error - 27.04.2013 06:55:38 | Computer Name = FabiKatja-PC | Source = Desktop Window Manager | ID = 9020
Description = Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x88980406)
festgestellt.

Error - 28.04.2013 06:19:59 | Computer Name = FabiKatja-PC | Source = Desktop Window Manager | ID = 9020
Description = Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x88980406)
festgestellt.

Error - 29.04.2013 00:22:08 | Computer Name = FabiKatja-PC | Source = Desktop Window Manager | ID = 9020
Description = Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x88980406)
festgestellt.

Error - 29.04.2013 11:25:35 | Computer Name = FabiKatja-PC | Source = Desktop Window Manager | ID = 9020
Description = Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x88980406)
festgestellt.

[ Media Center Events ]
Error - 26.02.2011 04:45:48 | Computer Name = FabiKatja-PC | Source = MCUpdate | ID = 0
Description = 09:45:48 - Error connecting to the internet. 09:45:48 - Unable
to contact server..

[ System Events ]
Error - 22.05.2013 14:17:01 | Computer Name = FabiKatja-PC | Source = DCOM | ID = 10016
Description =

Error - 22.05.2013 14:17:01 | Computer Name = FabiKatja-PC | Source = DCOM | ID = 10016
Description =

Error - 22.05.2013 14:17:39 | Computer Name = FabiKatja-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.

Error - 22.05.2013 14:17:39 | Computer Name = FabiKatja-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Restart the service.

Error - 22.05.2013 15:11:24 | Computer Name = FabiKatja-PC | Source = DCOM | ID = 10016
Description =

Error - 22.05.2013 15:11:31 | Computer Name = FabiKatja-PC | Source = DCOM | ID = 10016
Description =

Error - 22.05.2013 15:17:41 | Computer Name = FabiKatja-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.

Error - 22.05.2013 15:49:05 | Computer Name = FabiKatja-PC | Source = DCOM | ID = 10016
Description =

Error - 22.05.2013 15:49:15 | Computer Name = FabiKatja-PC | Source = DCOM | ID = 10016
Description =

Error - 22.05.2013 15:51:04 | Computer Name = FabiKatja-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.

< End of report >

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-22 22:21:03
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD3200BEVT-60A23T0 rev.02.01A02 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\FABIKA~1\AppData\Local\Temp\uwrdruod.sys

---- Threads - GMER 2.1 ----

Thread C:\Windows\SysWOW64\rundll32.exe [2452:2580] 0000000000290cb0
Thread C:\Windows\SysWOW64\rundll32.exe [2452:2584] 00000000002b3a80
Thread C:\Windows\SysWOW64\rundll32.exe [2452:2644] 00000000002b3a10
Thread C:\Windows\SysWOW64\rundll32.exe [2452:3660] 00000000009180a3
Thread C:\Windows\SysWOW64\rundll32.exe [2452:3664] 0000000000915235
Thread C:\Windows\SysWOW64\rundll32.exe [2452:3668] 0000000000915755
Thread C:\Windows\SysWOW64\rundll32.exe [2452:3672] 000000000030b2fc
Thread C:\Windows\SysWOW64\rundll32.exe [2452:3676] 0000000000306736

---- EOF - GMER 2.1 ----

Bitte um Anleitung/Hilfestellung/Info was ich wie weiter tun soll!

Gruß,

Brigitte

cosinus · 22.05.2013, 22:10

Hallo und

Zitat:

64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Warum hast du eine Ultimate-Edition von Windows, brauchst du das als Heimanwender?
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

empijion · 23.05.2013, 05:15

Hallo Cosinus,
zunächst vielen Dank für die prompte Reaktion!
Zunächst: das Notebook gehört meinem Schwiegersohn. Den PC hat er sich während seinem Studium zugelegt. Warum da Ultimate drauf ist - keine Ahnung. Er ist bis Énde der Woche in Urlaub. Das Notebook hat er mir gebracht, weil er nicht mehr weiterkam (ist ein reiner Anwender) und ich ein klein wenig mehr Ahnung hätte, als er

Kaspersky hatte zwei Trojaner gefunden und gelöscht, sowie zwei schädliche Links.

Dachte, dass es das war, aber wenn ich Google aufrufe und Links anklicke, komme ich eben immer noch auf diese doofe Seite von Monstermarketplace....

Vielleicht habt ihr eine Lösung?

Gruß und herzlichen Dank für eure Bemühungen!

Brigitte

cosinus · 23.05.2013, 09:57

Zitat:

Kaspersky hatte zwei Trojaner gefunden und gelöscht, sowie zwei schädliche Links.

Und wo sind jetzt die Logs dazu?
Ich hab doch extra genau drauf hingewiesen, dass du alle Logs mit Funden posten sollst

empijion · 23.05.2013, 11:47

Ups, sorry, hatte zu schnell auf absenden geklickt und musste weg.

Wie ich in Kaspersky an Logfile komme, weiß ich nicht, habe aus den Untersuchungsberichten folgendes, was entfernt oder in quarantäne gestellt wurde;

Code:

ATTFilter

Schädlicher Link	Inaktiv	12.05.2013 07:52:33	hxxp://xml.ecpvads.com/	
Schädlicher Link	Inaktiv	12.05.2013 07:52:33	hxxp://xml.ecpvads.com/	
Schädlicher Link	Inaktiv	09.05.2013 17:42:07	hxxp://scissors.middletonoptimists.org:8181/tabs/	
Schädlicher Link	Inaktiv	09.05.2013 17:42:07	hxxp://wjzyy.10ewazino.info/	
Schädlicher Link	Inaktiv	09.05.2013 17:42:07	hxxp://wjzyy.10ewazino.info/	
not-a-virus:AdWare.Win32.MegaSearch.am	Inaktiv	06.05.2013 19:33:32	hxxp://softwareapplicationsforally.asia/?e=ctos&publisher=708&country=DE&ind=2310188799&exid=0&ssd=3209070399&hid=2375510277&osid=601&channel=0&category_name=ContinueToSave&install_date=20120506//yeiuoeuy@yooo.com/content/	

not-a-virus:AdWare.Win32.MegaSearch.am	Inaktiv	06.05.2013 19:30:29	hxxp://softwareapplicationsforally.asia/?e=ctos&publisher=708&country=DE&ind=2310188799&exid=0&ssd=3209070399&hid=2375510277&osid=601&channel=0&category_name=ContinueToSave&install_date=20120506//t_3h8@svpwgj-n.org/content/	


Schädlicher Link	Inaktiv	22.05.2013 17:41:29	hxxp://5998.jadeclick.com/	
Schädlicher Link	Inaktiv	22.05.2013 17:41:28	hxxp://5998.jadeclick.com/

Mehr hab ich leider nicht bzw. weiß ich nicht, wie ich das "sichtbar" machen kann.

Gruß

cosinus · 23.05.2013, 11:52

Lies doch auch bitte mal alles, v.a. was ich auch verlinkt habe
Die Logs der anderen Scanner wie zB Malwarebytes fehlen immer noch. Und mach keine neuen Scans, nur schon vorhandene hier posten

empijion · 23.05.2013, 18:22

Hallo Cosinus,
mehr Logs habe ich nicht. Auf dem Notebook ist ausschließlich Kaspersky installiert.
Kann/soll ich mal Malwarebytes installieren und scannen?
Gruß vom Dummie

cosinus · 23.05.2013, 21:45

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.

Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.
Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!
Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!
Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!
Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten

MBAR (Malwarebytes Anti-Rootkit)

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

aswMBR

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

TDSS-Killer

Downloade dir bitte

TDSSKiller.exe und speichere diese Datei auf dem Desktop

Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
Drücke Start Scan
Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt

Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

empijion · 24.05.2013, 15:23

Hallo,
hier die erforderlichen Logfiles

a) Malwarebytes Anti-Rootkits

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.24.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Fabi Katja :: FABIKATJA-PC [administrator]

24.05.2013 15:09:16
mbar-log-2013-05-24 (15-09-16).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 26527
Time elapsed: 35 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

dann der 2. Durchlauf:

Code:

ATTFilter

Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.24.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Fabi Katja :: FABIKATJA-PC [administrator]

24.05.2013 15:47:33
mbar-log-2013-05-24 (15-47-33).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 26529
Time elapsed: 32 minute(s), 33 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

b) Scan mit aswMBR gem. Anleitung

Code:

ATTFilter

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-05-24 15:51:16
-----------------------------
15:51:16.093    OS Version: Windows x64 6.1.7601 Service Pack 1
15:51:16.093    Number of processors: 2 586 0x603
15:51:16.093    ComputerName: FABIKATJA-PC  UserName: Fabi Katja
15:51:19.072    Initialize success
15:53:11.129    AVAST engine defs: 13052301
15:53:31.388    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
15:53:31.403    Disk 0 Vendor: WDC_WD3200BEVT-60A23T0 02.01A02 Size: 305245MB BusType: 11
15:53:31.653    Disk 0 MBR read successfully
15:53:31.653    Disk 0 MBR scan
15:53:31.669    Disk 0 Windows 7 default MBR code
15:53:31.684    Disk 0 Partition 1 00     83        Linux             20489 MB offset 63
15:53:31.715    Disk 0 Partition 2 00     82   Linux swap              7444 MB offset 41961780
15:53:31.747    Disk 0 Partition 3 00     83        Linux  NTFS        3223 MB offset 57207465
15:53:31.762    Disk 0 Partition 4 80 (A) 07    HPFS/NTFS NTFS       274085 MB offset 63810180
15:53:31.934    Disk 0 scanning C:\Windows\system32\drivers
15:53:51.496    Service scanning
15:55:05.940    Modules scanning
15:55:05.955    Disk 0 trace - called modules:
15:55:05.986    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys 
15:55:06.002    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004cda060]
15:55:06.002    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8004c54520]
15:55:06.018    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004c5e060]
15:55:08.373    AVAST engine scan C:\Windows
15:55:12.897    AVAST engine scan C:\Windows\system32
16:01:13.679    AVAST engine scan C:\Windows\system32\drivers
16:01:40.885    AVAST engine scan C:\Users\Fabi Katja
16:02:15.003    File: C:\Users\Fabi Katja\AppData\Roaming\DHCPQECL.dll  **INFECTED** Win32:Medfos-BE [Trj]
16:02:42.568    AVAST engine scan C:\ProgramData
16:04:43.406    Scan finished successfully
16:06:43.323    Disk 0 MBR has been saved successfully to "C:\Users\Fabi Katja\Desktop\MBR.dat"
16:06:43.339    The log file has been saved successfully to "C:\Users\Fabi Katja\Desktop\aswMBR LogFile.txt"

c) TDSS-Killer

Code:

ATTFilter

16:08:21.0315 0920  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:08:21.0564 0920  ============================================================
16:08:21.0564 0920  Current date / time: 2013/05/24 16:08:21.0564
16:08:21.0564 0920  SystemInfo:
16:08:21.0564 0920  
16:08:21.0564 0920  OS Version: 6.1.7601 ServicePack: 1.0
16:08:21.0564 0920  Product type: Workstation
16:08:21.0564 0920  ComputerName: FABIKATJA-PC
16:08:21.0564 0920  UserName: Fabi Katja
16:08:21.0564 0920  Windows directory: C:\Windows
16:08:21.0564 0920  System windows directory: C:\Windows
16:08:21.0564 0920  Running under WOW64
16:08:21.0564 0920  Processor architecture: Intel x64
16:08:21.0564 0920  Number of processors: 2
16:08:21.0564 0920  Page size: 0x1000
16:08:21.0564 0920  Boot type: Normal boot
16:08:21.0564 0920  ============================================================
16:08:23.0233 0920  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
16:08:23.0249 0920  ============================================================
16:08:23.0249 0920  \Device\Harddisk0\DR0:
16:08:23.0249 0920  MBR partitions:
16:08:23.0249 0920  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3CDAA84, BlocksNum 0x21752C3D
16:08:23.0249 0920  ============================================================
16:08:23.0421 0920  C: <-> \Device\Harddisk0\DR0\Partition1
16:08:23.0421 0920  ============================================================
16:08:23.0421 0920  Initialize success
16:08:23.0421 0920  ============================================================
16:08:25.0729 4388  ============================================================
16:08:25.0729 4388  Scan started
16:08:25.0729 4388  Mode: Manual; 
16:08:25.0729 4388  ============================================================
16:08:26.0681 4388  ================ Scan system memory ========================
16:08:26.0681 4388  System memory - ok
16:08:26.0681 4388  ================ Scan services =============================
16:08:26.0946 4388  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
16:08:26.0946 4388  1394ohci - ok
16:08:27.0009 4388  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
16:08:27.0009 4388  ACPI - ok
16:08:27.0040 4388  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi         C:\Windows\system32\drivers\acpipmi.sys
16:08:27.0040 4388  AcpiPmi - ok
16:08:27.0196 4388  [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
16:08:27.0196 4388  AdobeARMservice - ok
16:08:27.0399 4388  [ F040037B149FD0F5A5044AE563390FA7 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
16:08:27.0399 4388  AdobeFlashPlayerUpdateSvc - ok
16:08:27.0633 4388  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx         C:\Windows\system32\DRIVERS\adp94xx.sys
16:08:27.0648 4388  adp94xx - ok
16:08:27.0695 4388  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci         C:\Windows\system32\DRIVERS\adpahci.sys
16:08:27.0695 4388  adpahci - ok
16:08:27.0773 4388  [ E109549C90F62FB570B9540C4B148E54 ] adpu320         C:\Windows\system32\DRIVERS\adpu320.sys
16:08:27.0789 4388  adpu320 - ok
16:08:27.0851 4388  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc     C:\Windows\System32\aelupsvc.dll
16:08:27.0851 4388  AeLookupSvc - ok
16:08:27.0913 4388  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD             C:\Windows\system32\drivers\afd.sys
16:08:27.0929 4388  AFD - ok
16:08:27.0991 4388  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
16:08:27.0991 4388  agp440 - ok
16:08:28.0038 4388  [ 3290D6946B5E30E70414990574883DDB ] ALG             C:\Windows\System32\alg.exe
16:08:28.0038 4388  ALG - ok
16:08:28.0069 4388  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
16:08:28.0069 4388  aliide - ok
16:08:28.0116 4388  [ CC52C1F09ADA0B7F4970BC22A3F82B45 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:08:28.0132 4388  AMD External Events Utility - ok
16:08:28.0147 4388  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
16:08:28.0147 4388  amdide - ok
16:08:28.0210 4388  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8           C:\Windows\system32\DRIVERS\amdk8.sys
16:08:28.0210 4388  AmdK8 - ok
16:08:28.0397 4388  [ 0F4FBF5C86AE163E87EECEECBA82035D ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
16:08:28.0522 4388  amdkmdag - ok
16:08:28.0553 4388  [ FD736E1588973ADF26B82DE750F13BB5 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
16:08:28.0553 4388  amdkmdap - ok
16:08:28.0584 4388  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\DRIVERS\amdppm.sys
16:08:28.0584 4388  AmdPPM - ok
16:08:28.0631 4388  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata         C:\Windows\system32\drivers\amdsata.sys
16:08:28.0631 4388  amdsata - ok
16:08:28.0678 4388  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\DRIVERS\amdsbs.sys
16:08:28.0693 4388  amdsbs - ok
16:08:28.0709 4388  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata         C:\Windows\system32\drivers\amdxata.sys
16:08:28.0709 4388  amdxata - ok
16:08:28.0756 4388  [ 89A69C3F2F319B43379399547526D952 ] AppID           C:\Windows\system32\drivers\appid.sys
16:08:28.0771 4388  AppID - ok
16:08:28.0803 4388  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
16:08:28.0803 4388  AppIDSvc - ok
16:08:28.0834 4388  [ 9D2A2369AB4B08A4905FE72DB104498F ] Appinfo         C:\Windows\System32\appinfo.dll
16:08:28.0834 4388  Appinfo - ok
16:08:28.0896 4388  [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt         C:\Windows\System32\appmgmts.dll
16:08:28.0912 4388  AppMgmt - ok
16:08:28.0943 4388  [ C484F8CEB1717C540242531DB7845C4E ] arc             C:\Windows\system32\DRIVERS\arc.sys
16:08:28.0959 4388  arc - ok
16:08:28.0974 4388  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\DRIVERS\arcsas.sys
16:08:28.0974 4388  arcsas - ok
16:08:29.0021 4388  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
16:08:29.0021 4388  AsyncMac - ok
16:08:29.0052 4388  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi           C:\Windows\system32\drivers\atapi.sys
16:08:29.0052 4388  atapi - ok
16:08:29.0099 4388  [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService  C:\Windows\system32\drivers\AtiHdmi.sys
16:08:29.0099 4388  AtiHdmiService - ok
16:08:29.0146 4388  [ E82E61F46D1336447F4DEFF8C074F13E ] AtiPcie         C:\Windows\system32\DRIVERS\AtiPcie64.sys
16:08:29.0146 4388  AtiPcie - ok
16:08:29.0208 4388  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:08:29.0224 4388  AudioEndpointBuilder - ok
16:08:29.0271 4388  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
16:08:29.0286 4388  AudioSrv - ok
16:08:29.0380 4388  [ 587EFD6A3A30A35A27904D21AE1FB882 ] AVP             C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
16:08:29.0380 4388  AVP - ok
16:08:29.0427 4388  [ 803B9A93C8D8B72414D7D05DC1A47F34 ] AX88772         C:\Windows\system32\DRIVERS\ax88772.sys
16:08:29.0427 4388  AX88772 - ok
16:08:29.0489 4388  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
16:08:29.0489 4388  AxInstSV - ok
16:08:29.0551 4388  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv         C:\Windows\system32\DRIVERS\bxvbda.sys
16:08:29.0567 4388  b06bdrv - ok
16:08:29.0645 4388  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
16:08:29.0645 4388  b57nd60a - ok
16:08:29.0785 4388  [ 0E7A9264576B40638A3FBC804DE1FF76 ] BCM43XX         C:\Windows\system32\DRIVERS\bcmwl664.sys
16:08:29.0895 4388  BCM43XX - ok
16:08:29.0973 4388  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
16:08:29.0973 4388  BDESVC - ok
16:08:30.0035 4388  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
16:08:30.0035 4388  Beep - ok
16:08:30.0113 4388  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE             C:\Windows\System32\bfe.dll
16:08:30.0129 4388  BFE - ok
16:08:30.0191 4388  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
16:08:30.0222 4388  BITS - ok
16:08:30.0269 4388  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\DRIVERS\blbdrive.sys
16:08:30.0269 4388  blbdrive - ok
16:08:30.0316 4388  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
16:08:30.0316 4388  bowser - ok
16:08:30.0363 4388  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:08:30.0363 4388  BrFiltLo - ok
16:08:30.0378 4388  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:08:30.0378 4388  BrFiltUp - ok
16:08:30.0409 4388  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser         C:\Windows\System32\browser.dll
16:08:30.0409 4388  Browser - ok
16:08:30.0456 4388  [ 63A00CDBEB300522C49EC7CA77324060 ] BrSerIb         C:\Windows\system32\DRIVERS\BrSerIb.sys
16:08:30.0456 4388  BrSerIb - ok
16:08:30.0503 4388  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid         C:\Windows\System32\Drivers\Brserid.sys
16:08:30.0503 4388  Brserid - ok
16:08:30.0534 4388  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
16:08:30.0534 4388  BrSerWdm - ok
16:08:30.0565 4388  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
16:08:30.0565 4388  BrUsbMdm - ok
16:08:30.0565 4388  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
16:08:30.0565 4388  BrUsbSer - ok
16:08:30.0612 4388  [ BBCFD6C6EF66449F55AF1BFDB08C9B12 ] BrUsbSIb        C:\Windows\system32\DRIVERS\BrUsbSIb.sys
16:08:30.0612 4388  BrUsbSIb - ok
16:08:30.0753 4388  [ DB109DA005B6FE2A350C5DD7CA768DFD ] BrYNSvc         C:\Program Files (x86)\Browny02\BrYNSvc.exe
16:08:30.0768 4388  BrYNSvc - ok
16:08:30.0909 4388  [ CF98190A94F62E405C8CB255018B2315 ] BthEnum         C:\Windows\system32\drivers\BthEnum.sys
16:08:30.0909 4388  BthEnum - ok
16:08:30.0955 4388  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\DRIVERS\bthmodem.sys
16:08:30.0955 4388  BTHMODEM - ok
16:08:31.0002 4388  [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
16:08:31.0002 4388  BthPan - ok
16:08:31.0080 4388  [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT         C:\Windows\System32\Drivers\BTHport.sys
16:08:31.0080 4388  BTHPORT - ok
16:08:31.0127 4388  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv         C:\Windows\system32\bthserv.dll
16:08:31.0143 4388  bthserv - ok
16:08:31.0174 4388  [ F188B7394D81010767B6DF3178519A37 ] BTHUSB          C:\Windows\System32\Drivers\BTHUSB.sys
16:08:31.0174 4388  BTHUSB - ok
16:08:31.0205 4388  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
16:08:31.0205 4388  cdfs - ok
16:08:31.0283 4388  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom           C:\Windows\system32\drivers\cdrom.sys
16:08:31.0283 4388  cdrom - ok
16:08:31.0330 4388  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc     C:\Windows\System32\certprop.dll
16:08:31.0330 4388  CertPropSvc - ok
16:08:31.0377 4388  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\DRIVERS\circlass.sys
16:08:31.0377 4388  circlass - ok
16:08:31.0439 4388  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
16:08:31.0455 4388  CLFS - ok
16:08:31.0533 4388  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:08:31.0533 4388  clr_optimization_v2.0.50727_32 - ok
16:08:31.0595 4388  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
16:08:31.0595 4388  clr_optimization_v2.0.50727_64 - ok
16:08:31.0657 4388  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:08:31.0673 4388  clr_optimization_v4.0.30319_32 - ok
16:08:31.0704 4388  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
16:08:31.0704 4388  clr_optimization_v4.0.30319_64 - ok
16:08:31.0767 4388  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
16:08:31.0767 4388  CmBatt - ok
16:08:31.0798 4388  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
16:08:31.0798 4388  cmdide - ok
16:08:31.0845 4388  [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG             C:\Windows\system32\Drivers\cng.sys
16:08:31.0860 4388  CNG - ok
16:08:31.0923 4388  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
16:08:31.0923 4388  Compbatt - ok
16:08:31.0969 4388  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
16:08:31.0969 4388  CompositeBus - ok
16:08:32.0001 4388  COMSysApp - ok
16:08:32.0016 4388  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk         C:\Windows\system32\DRIVERS\crcdisk.sys
16:08:32.0016 4388  crcdisk - ok
16:08:32.0063 4388  [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc        C:\Windows\system32\cryptsvc.dll
16:08:32.0063 4388  CryptSvc - ok
16:08:32.0110 4388  [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC             C:\Windows\system32\drivers\csc.sys
16:08:32.0125 4388  CSC - ok
16:08:32.0188 4388  [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService      C:\Windows\System32\cscsvc.dll
16:08:32.0188 4388  CscService - ok
16:08:32.0266 4388  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
16:08:32.0281 4388  DcomLaunch - ok
16:08:32.0313 4388  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc       C:\Windows\System32\defragsvc.dll
16:08:32.0328 4388  defragsvc - ok
16:08:32.0375 4388  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
16:08:32.0375 4388  DfsC - ok
16:08:32.0422 4388  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
16:08:32.0437 4388  Dhcp - ok
16:08:32.0453 4388  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
16:08:32.0453 4388  discache - ok
16:08:32.0484 4388  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\DRIVERS\disk.sys
16:08:32.0500 4388  Disk - ok
16:08:32.0968 4388  [ 82E653BB80E807B4DF61A68846978C3F ] DisplayLinkService C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
16:08:33.0155 4388  DisplayLinkService - ok
16:08:33.0202 4388  [ 1FAE14F2CB2F1C1CBDBC17EFB63D5845 ] DisplayLinkUsbPort C:\Windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys
16:08:33.0202 4388  DisplayLinkUsbPort - ok
16:08:33.0233 4388  [ 75C2E9609601044DBF8D19212A11743E ] dlkmd           C:\Windows\system32\drivers\dlkmd.sys
16:08:33.0249 4388  dlkmd - ok
16:08:33.0280 4388  [ 389FB1D69A1B0E2403327590BF50084B ] dlkmdldr        C:\Windows\system32\drivers\dlkmdldr.sys
16:08:33.0280 4388  dlkmdldr - ok
16:08:33.0327 4388  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
16:08:33.0327 4388  Dnscache - ok
16:08:33.0373 4388  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc         C:\Windows\System32\dot3svc.dll
16:08:33.0373 4388  dot3svc - ok
16:08:33.0405 4388  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS             C:\Windows\system32\dps.dll
16:08:33.0420 4388  DPS - ok
16:08:33.0467 4388  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud         C:\Windows\system32\drivers\drmkaud.sys
16:08:33.0467 4388  drmkaud - ok
16:08:33.0514 4388  [ AF2E16242AA723F68F461B6EAE2EAD3D ] DXGKrnl         C:\Windows\System32\drivers\dxgkrnl.sys
16:08:33.0561 4388  DXGKrnl - ok
16:08:33.0639 4388  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost         C:\Windows\System32\eapsvc.dll
16:08:33.0639 4388  EapHost - ok
16:08:33.0748 4388  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv           C:\Windows\system32\DRIVERS\evbda.sys
16:08:33.0873 4388  ebdrv - ok
16:08:33.0888 4388  [ C118A82CD78818C29AB228366EBF81C3 ] EFS             C:\Windows\System32\lsass.exe
16:08:33.0904 4388  EFS - ok
16:08:33.0966 4388  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr         C:\Windows\ehome\ehRecvr.exe
16:08:33.0997 4388  ehRecvr - ok
16:08:34.0029 4388  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched         C:\Windows\ehome\ehsched.exe
16:08:34.0029 4388  ehSched - ok
16:08:34.0091 4388  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor         C:\Windows\system32\DRIVERS\elxstor.sys
16:08:34.0107 4388  elxstor - ok
16:08:34.0138 4388  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
16:08:34.0138 4388  ErrDev - ok
16:08:34.0200 4388  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem     C:\Windows\system32\es.dll
16:08:34.0200 4388  EventSystem - ok
16:08:34.0231 4388  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat           C:\Windows\system32\drivers\exfat.sys
16:08:34.0231 4388  exfat - ok
16:08:34.0263 4388  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat         C:\Windows\system32\drivers\fastfat.sys
16:08:34.0263 4388  fastfat - ok
16:08:34.0325 4388  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax             C:\Windows\system32\fxssvc.exe
16:08:34.0341 4388  Fax - ok
16:08:34.0356 4388  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc             C:\Windows\system32\DRIVERS\fdc.sys
16:08:34.0356 4388  fdc - ok
16:08:34.0403 4388  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost         C:\Windows\system32\fdPHost.dll
16:08:34.0403 4388  fdPHost - ok
16:08:34.0419 4388  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
16:08:34.0419 4388  FDResPub - ok
16:08:34.0450 4388  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
16:08:34.0450 4388  FileInfo - ok
16:08:34.0465 4388  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace       C:\Windows\system32\drivers\filetrace.sys
16:08:34.0465 4388  Filetrace - ok
16:08:34.0481 4388  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
16:08:34.0481 4388  flpydisk - ok
16:08:34.0528 4388  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
16:08:34.0528 4388  FltMgr - ok
16:08:34.0606 4388  [ C4C183E6551084039EC862DA1C945E3D ] FontCache       C:\Windows\system32\FntCache.dll
16:08:34.0637 4388  FontCache - ok
16:08:34.0699 4388  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
16:08:34.0699 4388  FontCache3.0.0.0 - ok
16:08:34.0746 4388  [ D43703496149971890703B4B1B723EAC ] FsDepends       C:\Windows\system32\drivers\FsDepends.sys
16:08:34.0746 4388  FsDepends - ok
16:08:34.0777 4388  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
16:08:34.0777 4388  Fs_Rec - ok
16:08:34.0824 4388  [ 8F6322049018354F45F05A2FD2D4E5E0 ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
16:08:34.0824 4388  fvevol - ok
16:08:34.0840 4388  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\DRIVERS\gagp30kx.sys
16:08:34.0840 4388  gagp30kx - ok
16:08:34.0902 4388  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc           C:\Windows\System32\gpsvc.dll
16:08:34.0918 4388  gpsvc - ok
16:08:35.0058 4388  [ F02A533F517EB38333CB12A9E8963773 ] gupdate         C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:08:35.0058 4388  gupdate - ok
16:08:35.0089 4388  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
16:08:35.0089 4388  gupdatem - ok
16:08:35.0136 4388  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
16:08:35.0136 4388  hcw85cir - ok
16:08:35.0183 4388  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:08:35.0183 4388  HdAudAddService - ok
16:08:35.0214 4388  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\drivers\HDAudBus.sys
16:08:35.0214 4388  HDAudBus - ok
16:08:35.0245 4388  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt         C:\Windows\system32\DRIVERS\HidBatt.sys
16:08:35.0245 4388  HidBatt - ok
16:08:35.0261 4388  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\DRIVERS\hidbth.sys
16:08:35.0261 4388  HidBth - ok
16:08:35.0277 4388  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr           C:\Windows\system32\DRIVERS\hidir.sys
16:08:35.0277 4388  HidIr - ok
16:08:35.0308 4388  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv         C:\Windows\system32\hidserv.dll
16:08:35.0308 4388  hidserv - ok
16:08:35.0370 4388  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
16:08:35.0370 4388  HidUsb - ok
16:08:35.0417 4388  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
16:08:35.0417 4388  hkmsvc - ok
16:08:35.0464 4388  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:08:35.0464 4388  HomeGroupListener - ok
16:08:35.0511 4388  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:08:35.0511 4388  HomeGroupProvider - ok
16:08:35.0542 4388  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
16:08:35.0542 4388  HpSAMD - ok
16:08:35.0604 4388  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
16:08:35.0620 4388  HTTP - ok
16:08:35.0667 4388  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
16:08:35.0667 4388  hwpolicy - ok
16:08:35.0713 4388  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
16:08:35.0713 4388  i8042prt - ok
16:08:35.0776 4388  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV         C:\Windows\system32\drivers\iaStorV.sys
16:08:35.0791 4388  iaStorV - ok
16:08:36.0041 4388  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc           C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
16:08:36.0072 4388  idsvc - ok
16:08:36.0103 4388  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp           C:\Windows\system32\DRIVERS\iirsp.sys
16:08:36.0119 4388  iirsp - ok
16:08:36.0166 4388  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
16:08:36.0213 4388  IKEEXT - ok
16:08:36.0244 4388  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
16:08:36.0244 4388  intelide - ok
16:08:36.0275 4388  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
16:08:36.0275 4388  intelppm - ok
16:08:36.0322 4388  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum       C:\Windows\system32\ipbusenum.dll
16:08:36.0322 4388  IPBusEnum - ok
16:08:36.0369 4388  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:08:36.0369 4388  IpFilterDriver - ok
16:08:36.0431 4388  [ 08C2957BB30058E663720C5606885653 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
16:08:36.0431 4388  iphlpsvc - ok
16:08:36.0478 4388  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV         C:\Windows\system32\drivers\IPMIDrv.sys
16:08:36.0478 4388  IPMIDRV - ok
16:08:36.0525 4388  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT           C:\Windows\system32\drivers\ipnat.sys
16:08:36.0525 4388  IPNAT - ok
16:08:36.0556 4388  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
16:08:36.0556 4388  IRENUM - ok
16:08:36.0603 4388  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
16:08:36.0603 4388  isapnp - ok
16:08:36.0649 4388  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
16:08:36.0649 4388  iScsiPrt - ok
16:08:36.0681 4388  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\drivers\kbdclass.sys
16:08:36.0681 4388  kbdclass - ok
16:08:36.0743 4388  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\drivers\kbdhid.sys
16:08:36.0743 4388  kbdhid - ok
16:08:36.0759 4388  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
16:08:36.0759 4388  KeyIso - ok
16:08:36.0837 4388  [ 8B5219318DF5895ABD230C373F2DF18A ] kl1             C:\Windows\system32\DRIVERS\kl1.sys
16:08:36.0852 4388  kl1 - ok
16:08:36.0946 4388  [ 2CBD248370721DCAD632DB70D09C5A6D ] KLIF            C:\Windows\system32\DRIVERS\klif.sys
16:08:36.0961 4388  KLIF - ok
16:08:37.0024 4388  [ 9BD99E1AB3F664120AB95C35F9EC1EB0 ] KLIM6           C:\Windows\system32\DRIVERS\klim6.sys
16:08:37.0024 4388  KLIM6 - ok
16:08:37.0055 4388  [ 2C43FD500522EF3B8C283A5846B7FC41 ] klkbdflt        C:\Windows\system32\DRIVERS\klkbdflt.sys
16:08:37.0071 4388  klkbdflt - ok
16:08:37.0071 4388  [ 70A6D2E292017EC47949696F51ABE18D ] klmouflt        C:\Windows\system32\DRIVERS\klmouflt.sys
16:08:37.0071 4388  klmouflt - ok
16:08:37.0102 4388  [ 982974975E679276F0FA39EFA331A268 ] kltdi           C:\Windows\system32\DRIVERS\kltdi.sys
16:08:37.0102 4388  kltdi - ok
16:08:37.0117 4388  [ 1FCB657B581CC4DF17FD6571F93602DE ] kneps           C:\Windows\system32\DRIVERS\kneps.sys
16:08:37.0117 4388  kneps - ok
16:08:37.0164 4388  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
16:08:37.0164 4388  KSecDD - ok
16:08:37.0195 4388  [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg         C:\Windows\system32\Drivers\ksecpkg.sys
16:08:37.0211 4388  KSecPkg - ok
16:08:37.0242 4388  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk         C:\Windows\system32\drivers\ksthunk.sys
16:08:37.0242 4388  ksthunk - ok
16:08:37.0289 4388  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm           C:\Windows\system32\msdtckrm.dll
16:08:37.0305 4388  KtmRm - ok
16:08:37.0351 4388  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
16:08:37.0367 4388  LanmanServer - ok
16:08:37.0398 4388  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:08:37.0398 4388  LanmanWorkstation - ok
16:08:37.0429 4388  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
16:08:37.0429 4388  lltdio - ok
16:08:37.0461 4388  [ C1185803384AB3FEED115F79F109427F ] lltdsvc         C:\Windows\System32\lltdsvc.dll
16:08:37.0476 4388  lltdsvc - ok
16:08:37.0492 4388  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts         C:\Windows\System32\lmhsvc.dll
16:08:37.0492 4388  lmhosts - ok
16:08:37.0539 4388  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\DRIVERS\lsi_fc.sys
16:08:37.0539 4388  LSI_FC - ok
16:08:37.0570 4388  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS         C:\Windows\system32\DRIVERS\lsi_sas.sys
16:08:37.0570 4388  LSI_SAS - ok
16:08:37.0601 4388  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:08:37.0601 4388  LSI_SAS2 - ok
16:08:37.0632 4388  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:08:37.0632 4388  LSI_SCSI - ok
16:08:37.0663 4388  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv           C:\Windows\system32\drivers\luafv.sys
16:08:37.0679 4388  luafv - ok
16:08:37.0726 4388  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc         C:\Windows\system32\Mcx2Svc.dll
16:08:37.0726 4388  Mcx2Svc - ok
16:08:37.0741 4388  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas         C:\Windows\system32\DRIVERS\megasas.sys
16:08:37.0741 4388  megasas - ok
16:08:37.0773 4388  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\DRIVERS\MegaSR.sys
16:08:37.0773 4388  MegaSR - ok
16:08:37.0819 4388  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS           C:\Windows\system32\mmcss.dll
16:08:37.0819 4388  MMCSS - ok
16:08:37.0851 4388  [ 800BA92F7010378B09F9ED9270F07137 ] Modem           C:\Windows\system32\drivers\modem.sys
16:08:37.0851 4388  Modem - ok
16:08:37.0882 4388  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor         C:\Windows\system32\DRIVERS\monitor.sys
16:08:37.0882 4388  monitor - ok
16:08:37.0929 4388  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
16:08:37.0944 4388  mouclass - ok
16:08:37.0960 4388  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
16:08:37.0960 4388  mouhid - ok
16:08:38.0007 4388  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
16:08:38.0007 4388  mountmgr - ok
16:08:38.0085 4388  [ 825BF0E46B4470A463AEB641480C5FCA ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
16:08:38.0085 4388  MozillaMaintenance - ok
16:08:38.0116 4388  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
16:08:38.0131 4388  mpio - ok
16:08:38.0163 4388  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
16:08:38.0163 4388  mpsdrv - ok
16:08:38.0225 4388  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
16:08:38.0256 4388  MpsSvc - ok
16:08:38.0334 4388  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
16:08:38.0334 4388  MRxDAV - ok
16:08:38.0365 4388  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
16:08:38.0365 4388  mrxsmb - ok
16:08:38.0412 4388  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:08:38.0428 4388  mrxsmb10 - ok
16:08:38.0459 4388  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:08:38.0459 4388  mrxsmb20 - ok
16:08:38.0490 4388  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
16:08:38.0490 4388  msahci - ok
16:08:38.0537 4388  [ DB801A638D011B9633829EB6F663C900 ] msdsm           C:\Windows\system32\drivers\msdsm.sys
16:08:38.0537 4388  msdsm - ok
16:08:38.0568 4388  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC           C:\Windows\System32\msdtc.exe
16:08:38.0584 4388  MSDTC - ok
16:08:38.0631 4388  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
16:08:38.0631 4388  Msfs - ok
16:08:38.0662 4388  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf       C:\Windows\System32\drivers\mshidkmdf.sys
16:08:38.0662 4388  mshidkmdf - ok
16:08:38.0677 4388  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
16:08:38.0677 4388  msisadrv - ok
16:08:38.0724 4388  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI         C:\Windows\system32\iscsiexe.dll
16:08:38.0724 4388  MSiSCSI - ok
16:08:38.0724 4388  msiserver - ok
16:08:38.0755 4388  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV         C:\Windows\system32\drivers\MSKSSRV.sys
16:08:38.0755 4388  MSKSSRV - ok
16:08:38.0787 4388  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
16:08:38.0787 4388  MSPCLOCK - ok
16:08:38.0802 4388  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM           C:\Windows\system32\drivers\MSPQM.sys
16:08:38.0802 4388  MSPQM - ok
16:08:38.0849 4388  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC           C:\Windows\system32\drivers\MsRPC.sys
16:08:38.0849 4388  MsRPC - ok
16:08:38.0896 4388  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
16:08:38.0896 4388  mssmbios - ok
16:08:38.0911 4388  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE           C:\Windows\system32\drivers\MSTEE.sys
16:08:38.0911 4388  MSTEE - ok
16:08:38.0943 4388  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\DRIVERS\MTConfig.sys
16:08:38.0943 4388  MTConfig - ok
16:08:38.0958 4388  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup             C:\Windows\system32\Drivers\mup.sys
16:08:38.0958 4388  Mup - ok
16:08:39.0005 4388  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
16:08:39.0005 4388  napagent - ok
16:08:39.0036 4388  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP     C:\Windows\system32\DRIVERS\nwifi.sys
16:08:39.0052 4388  NativeWifiP - ok
16:08:39.0177 4388  [ 9D1CCE440552500DED3A62F9D779CDB4 ] NAUpdate        C:\Program Files (x86)\Nero\Update\NASvc.exe
16:08:39.0192 4388  NAUpdate - ok
16:08:39.0239 4388  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
16:08:39.0286 4388  NDIS - ok
16:08:39.0333 4388  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap         C:\Windows\system32\DRIVERS\ndiscap.sys
16:08:39.0333 4388  NdisCap - ok
16:08:39.0395 4388  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
16:08:39.0395 4388  NdisTapi - ok
16:08:39.0457 4388  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio         C:\Windows\system32\DRIVERS\ndisuio.sys
16:08:39.0457 4388  Ndisuio - ok
16:08:39.0504 4388  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan         C:\Windows\system32\DRIVERS\ndiswan.sys
16:08:39.0504 4388  NdisWan - ok
16:08:39.0535 4388  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy         C:\Windows\system32\drivers\NDProxy.sys
16:08:39.0535 4388  NDProxy - ok
16:08:39.0567 4388  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS         C:\Windows\system32\DRIVERS\netbios.sys
16:08:39.0567 4388  NetBIOS - ok
16:08:39.0613 4388  [ 09594D1089C523423B32A4229263F068 ] NetBT           C:\Windows\system32\DRIVERS\netbt.sys
16:08:39.0613 4388  NetBT - ok
16:08:39.0629 4388  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
16:08:39.0629 4388  Netlogon - ok
16:08:39.0676 4388  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
16:08:39.0691 4388  Netman - ok
16:08:39.0707 4388  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
16:08:39.0707 4388  netprofm - ok
16:08:39.0801 4388  [ 81B8D0C1CE44A7FDBD596B693783950C ] netr7364        C:\Windows\system32\DRIVERS\netr7364.sys
16:08:39.0816 4388  netr7364 - ok
16:08:39.0894 4388  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:08:39.0894 4388  NetTcpPortSharing - ok
16:08:39.0941 4388  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960         C:\Windows\system32\DRIVERS\nfrd960.sys
16:08:39.0941 4388  nfrd960 - ok
16:08:39.0988 4388  [ 8AD77806D336673F270DB31645267293 ] NlaSvc          C:\Windows\System32\nlasvc.dll
16:08:40.0003 4388  NlaSvc - ok
16:08:40.0035 4388  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
16:08:40.0035 4388  Npfs - ok
16:08:40.0050 4388  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi             C:\Windows\system32\nsisvc.dll
16:08:40.0066 4388  nsi - ok
16:08:40.0081 4388  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
16:08:40.0081 4388  nsiproxy - ok
16:08:40.0159 4388  [ B98F8C6E31CD07B2E6F71F7F648E38C0 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
16:08:40.0191 4388  Ntfs - ok
16:08:40.0222 4388  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
16:08:40.0222 4388  Null - ok
16:08:40.0253 4388  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
16:08:40.0269 4388  nvraid - ok
16:08:40.0284 4388  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
16:08:40.0284 4388  nvstor - ok
16:08:40.0331 4388  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
16:08:40.0331 4388  nv_agp - ok
16:08:40.0362 4388  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
16:08:40.0362 4388  ohci1394 - ok
16:08:40.0425 4388  [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose             C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:08:40.0425 4388  ose - ok
16:08:40.0487 4388  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
16:08:40.0487 4388  p2pimsvc - ok
16:08:40.0534 4388  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
16:08:40.0549 4388  p2psvc - ok
16:08:40.0581 4388  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport         C:\Windows\system32\DRIVERS\parport.sys
16:08:40.0596 4388  Parport - ok
16:08:40.0612 4388  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr         C:\Windows\system32\drivers\partmgr.sys
16:08:40.0612 4388  partmgr - ok
16:08:40.0643 4388  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
16:08:40.0643 4388  PcaSvc - ok
16:08:40.0690 4388  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci             C:\Windows\system32\drivers\pci.sys
16:08:40.0690 4388  pci - ok
16:08:40.0721 4388  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
16:08:40.0721 4388  pciide - ok
16:08:40.0752 4388  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\DRIVERS\pcmcia.sys
16:08:40.0768 4388  pcmcia - ok
16:08:40.0799 4388  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw             C:\Windows\system32\drivers\pcw.sys
16:08:40.0799 4388  pcw - ok
16:08:40.0830 4388  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
16:08:40.0846 4388  PEAUTH - ok
16:08:40.0924 4388  [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc     C:\Windows\system32\peerdistsvc.dll
16:08:40.0955 4388  PeerDistSvc - ok
16:08:41.0080 4388  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
16:08:41.0080 4388  PerfHost - ok
16:08:41.0158 4388  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla             C:\Windows\system32\pla.dll
16:08:41.0189 4388  pla - ok
16:08:41.0236 4388  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
16:08:41.0251 4388  PlugPlay - ok
16:08:41.0298 4388  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg     C:\Windows\system32\pnrpauto.dll
16:08:41.0298 4388  PNRPAutoReg - ok
16:08:41.0329 4388  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc         C:\Windows\system32\pnrpsvc.dll
16:08:41.0329 4388  PNRPsvc - ok
16:08:41.0392 4388  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent     C:\Windows\System32\ipsecsvc.dll
16:08:41.0392 4388  PolicyAgent - ok
16:08:41.0454 4388  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power           C:\Windows\system32\umpo.dll
16:08:41.0454 4388  Power - ok
16:08:41.0501 4388  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
16:08:41.0501 4388  PptpMiniport - ok
16:08:41.0532 4388  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor       C:\Windows\system32\DRIVERS\processr.sys
16:08:41.0532 4388  Processor - ok
16:08:41.0579 4388  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc         C:\Windows\system32\profsvc.dll
16:08:41.0595 4388  ProfSvc - ok
16:08:41.0610 4388  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:08:41.0610 4388  ProtectedStorage - ok
16:08:41.0657 4388  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
16:08:41.0657 4388  Psched - ok
16:08:41.0735 4388  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\DRIVERS\ql2300.sys
16:08:41.0782 4388  ql2300 - ok
16:08:41.0813 4388  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\DRIVERS\ql40xx.sys
16:08:41.0813 4388  ql40xx - ok
16:08:41.0860 4388  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE           C:\Windows\system32\qwave.dll
16:08:41.0875 4388  QWAVE - ok
16:08:41.0891 4388  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
16:08:41.0891 4388  QWAVEdrv - ok
16:08:41.0938 4388  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
16:08:41.0938 4388  RasAcd - ok
16:08:41.0985 4388  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn     C:\Windows\system32\DRIVERS\AgileVpn.sys
16:08:41.0985 4388  RasAgileVpn - ok
16:08:42.0031 4388  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto         C:\Windows\System32\rasauto.dll
16:08:42.0031 4388  RasAuto - ok
16:08:42.0078 4388  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp         C:\Windows\system32\DRIVERS\rasl2tp.sys
16:08:42.0078 4388  Rasl2tp - ok
16:08:42.0109 4388  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
16:08:42.0125 4388  RasMan - ok
16:08:42.0156 4388  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
16:08:42.0156 4388  RasPppoe - ok
16:08:42.0187 4388  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp         C:\Windows\system32\DRIVERS\rassstp.sys
16:08:42.0187 4388  RasSstp - ok
16:08:42.0234 4388  [ 77F665941019A1594D887A74F301FA2F ] rdbss           C:\Windows\system32\DRIVERS\rdbss.sys
16:08:42.0250 4388  rdbss - ok
16:08:42.0265 4388  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\DRIVERS\rdpbus.sys
16:08:42.0265 4388  rdpbus - ok
16:08:42.0281 4388  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
16:08:42.0281 4388  RDPCDD - ok
16:08:42.0312 4388  [ 1B6163C503398B23FF8B939C67747683 ] RDPDR           C:\Windows\system32\drivers\rdpdr.sys
16:08:42.0312 4388  RDPDR - ok
16:08:42.0312 4388  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
16:08:42.0312 4388  RDPENCDD - ok
16:08:42.0328 4388  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
16:08:42.0328 4388  RDPREFMP - ok
16:08:42.0375 4388  [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
16:08:42.0375 4388  RdpVideoMiniport - ok
16:08:42.0406 4388  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD           C:\Windows\system32\drivers\RDPWD.sys
16:08:42.0406 4388  RDPWD - ok
16:08:42.0453 4388  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
16:08:42.0453 4388  rdyboost - ok
16:08:42.0499 4388  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
16:08:42.0499 4388  RemoteAccess - ok
16:08:42.0515 4388  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
16:08:42.0531 4388  RemoteRegistry - ok
16:08:42.0577 4388  [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
16:08:42.0577 4388  RFCOMM - ok
16:08:42.0624 4388  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
16:08:42.0624 4388  RpcEptMapper - ok
16:08:42.0655 4388  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
16:08:42.0655 4388  RpcLocator - ok
16:08:42.0702 4388  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs           C:\Windows\system32\rpcss.dll
16:08:42.0718 4388  RpcSs - ok
16:08:42.0749 4388  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
16:08:42.0749 4388  rspndr - ok
16:08:42.0811 4388  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167         C:\Windows\system32\DRIVERS\Rt64win7.sys
16:08:42.0827 4388  RTL8167 - ok
16:08:42.0858 4388  [ 73157D4A4F6DA18C5148E47CB958AF58 ] rtsuvc          C:\Windows\system32\DRIVERS\rtsuvc.sys
16:08:42.0858 4388  rtsuvc - ok
16:08:42.0905 4388  [ E60C0A09F997826C7627B244195AB581 ] s3cap           C:\Windows\system32\drivers\vms3cap.sys
16:08:42.0905 4388  s3cap - ok
16:08:42.0921 4388  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs           C:\Windows\system32\lsass.exe
16:08:42.0921 4388  SamSs - ok
16:08:42.0952 4388  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
16:08:42.0952 4388  sbp2port - ok
16:08:42.0999 4388  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
16:08:42.0999 4388  SCardSvr - ok
16:08:43.0014 4388  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
16:08:43.0014 4388  scfilter - ok
16:08:43.0061 4388  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
16:08:43.0077 4388  Schedule - ok
16:08:43.0108 4388  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc     C:\Windows\System32\certprop.dll
16:08:43.0108 4388  SCPolicySvc - ok
16:08:43.0155 4388  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
16:08:43.0155 4388  SDRSVC - ok
16:08:43.0186 4388  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
16:08:43.0186 4388  secdrv - ok
16:08:43.0217 4388  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
16:08:43.0217 4388  seclogon - ok
16:08:43.0248 4388  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
16:08:43.0248 4388  SENS - ok
16:08:43.0264 4388  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
16:08:43.0264 4388  SensrSvc - ok
16:08:43.0311 4388  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum         C:\Windows\system32\DRIVERS\serenum.sys
16:08:43.0311 4388  Serenum - ok
16:08:43.0326 4388  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\DRIVERS\serial.sys
16:08:43.0326 4388  Serial - ok
16:08:43.0373 4388  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\DRIVERS\sermouse.sys
16:08:43.0373 4388  sermouse - ok
16:08:43.0420 4388  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
16:08:43.0420 4388  SessionEnv - ok
16:08:43.0435 4388  [ A554811BCD09279536440C964AE35BBF ] sffdisk         C:\Windows\system32\drivers\sffdisk.sys
16:08:43.0451 4388  sffdisk - ok
16:08:43.0467 4388  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
16:08:43.0467 4388  sffp_mmc - ok
16:08:43.0482 4388  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd         C:\Windows\system32\drivers\sffp_sd.sys
16:08:43.0482 4388  sffp_sd - ok
16:08:43.0529 4388  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy         C:\Windows\system32\DRIVERS\sfloppy.sys
16:08:43.0529 4388  sfloppy - ok
16:08:43.0591 4388  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
16:08:43.0607 4388  SharedAccess - ok
16:08:43.0623 4388  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:08:43.0638 4388  ShellHWDetection - ok
16:08:43.0654 4388  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:08:43.0654 4388  SiSRaid2 - ok
16:08:43.0685 4388  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\DRIVERS\sisraid4.sys
16:08:43.0685 4388  SiSRaid4 - ok
16:08:43.0716 4388  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb             C:\Windows\system32\DRIVERS\smb.sys
16:08:43.0716 4388  Smb - ok
16:08:43.0747 4388  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
16:08:43.0747 4388  SNMPTRAP - ok
16:08:43.0763 4388  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr           C:\Windows\system32\drivers\spldr.sys
16:08:43.0763 4388  spldr - ok
16:08:43.0794 4388  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler         C:\Windows\System32\spoolsv.exe
16:08:43.0794 4388  Spooler - ok
16:08:43.0919 4388  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
16:08:44.0013 4388  sppsvc - ok
16:08:44.0059 4388  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify     C:\Windows\system32\sppuinotify.dll
16:08:44.0059 4388  sppuinotify - ok
16:08:44.0091 4388  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv             C:\Windows\system32\DRIVERS\srv.sys
16:08:44.0091 4388  srv - ok
16:08:44.0122 4388  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
16:08:44.0137 4388  srv2 - ok
16:08:44.0153 4388  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
16:08:44.0153 4388  srvnet - ok
16:08:44.0200 4388  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV         C:\Windows\System32\ssdpsrv.dll
16:08:44.0200 4388  SSDPSRV - ok
16:08:44.0231 4388  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc         C:\Windows\system32\sstpsvc.dll
16:08:44.0231 4388  SstpSvc - ok
16:08:44.0247 4388  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\DRIVERS\stexstor.sys
16:08:44.0247 4388  stexstor - ok
16:08:44.0262 4388  STHDA - ok
16:08:44.0293 4388  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
16:08:44.0293 4388  StillCam - ok
16:08:44.0356 4388  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
16:08:44.0356 4388  stisvc - ok
16:08:44.0403 4388  [ 7785DC213270D2FC066538DAF94087E7 ] storflt         C:\Windows\system32\drivers\vmstorfl.sys
16:08:44.0403 4388  storflt - ok
16:08:44.0434 4388  [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc         C:\Windows\system32\drivers\storvsc.sys
16:08:44.0434 4388  storvsc - ok
16:08:44.0481 4388  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
16:08:44.0481 4388  swenum - ok
16:08:44.0527 4388  [ E08E46FDD841B7184194011CA1955A0B ] swprv           C:\Windows\System32\swprv.dll
16:08:44.0543 4388  swprv - ok
16:08:44.0590 4388  Synth3dVsc - ok
16:08:44.0668 4388  [ D268D2A0DB2A2BBE963E688D0B039267 ] SynTP           C:\Windows\system32\DRIVERS\SynTP.sys
16:08:44.0715 4388  SynTP - ok
16:08:44.0808 4388  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain         C:\Windows\system32\sysmain.dll
16:08:44.0871 4388  SysMain - ok
16:08:44.0902 4388  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:08:44.0902 4388  TabletInputService - ok
16:08:44.0933 4388  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv         C:\Windows\System32\tapisrv.dll
16:08:44.0933 4388  TapiSrv - ok
16:08:44.0980 4388  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS             C:\Windows\System32\tbssvc.dll
16:08:44.0980 4388  TBS - ok
16:08:45.0042 4388  [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip           C:\Windows\system32\drivers\tcpip.sys
16:08:45.0105 4388  Tcpip - ok
16:08:45.0167 4388  [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
16:08:45.0167 4388  TCPIP6 - ok
16:08:45.0214 4388  [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
16:08:45.0214 4388  tcpipreg - ok
16:08:45.0229 4388  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
16:08:45.0229 4388  TDPIPE - ok
16:08:45.0261 4388  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP           C:\Windows\system32\drivers\tdtcp.sys
16:08:45.0261 4388  TDTCP - ok
16:08:45.0307 4388  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx             C:\Windows\system32\DRIVERS\tdx.sys
16:08:45.0307 4388  tdx - ok
16:08:45.0339 4388  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
16:08:45.0339 4388  TermDD - ok
16:08:45.0385 4388  [ 2E648163254233755035B46DD7B89123 ] TermService     C:\Windows\System32\termsrv.dll
16:08:45.0401 4388  TermService - ok
16:08:45.0432 4388  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
16:08:45.0432 4388  Themes - ok
16:08:45.0448 4388  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER     C:\Windows\system32\mmcss.dll
16:08:45.0448 4388  THREADORDER - ok
16:08:45.0479 4388  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
16:08:45.0479 4388  TrkWks - ok
16:08:45.0541 4388  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:08:45.0557 4388  TrustedInstaller - ok
16:08:45.0635 4388  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
16:08:45.0635 4388  tssecsrv - ok
16:08:45.0682 4388  [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
16:08:45.0682 4388  TsUsbFlt - ok
16:08:45.0697 4388  tsusbhub - ok
16:08:45.0760 4388  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
16:08:45.0760 4388  tunnel - ok
16:08:45.0807 4388  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\DRIVERS\uagp35.sys
16:08:45.0807 4388  uagp35 - ok
16:08:45.0838 4388  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
16:08:45.0838 4388  udfs - ok
16:08:45.0885 4388  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect       C:\Windows\system32\UI0Detect.exe
16:08:45.0885 4388  UI0Detect - ok
16:08:45.0916 4388  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
16:08:45.0916 4388  uliagpkx - ok
16:08:45.0963 4388  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus           C:\Windows\system32\DRIVERS\umbus.sys
16:08:45.0963 4388  umbus - ok
16:08:45.0994 4388  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\DRIVERS\umpass.sys
16:08:45.0994 4388  UmPass - ok
16:08:46.0025 4388  [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService    C:\Windows\System32\umrdp.dll
16:08:46.0041 4388  UmRdpService - ok
16:08:46.0072 4388  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
16:08:46.0087 4388  upnphost - ok
16:08:46.0150 4388  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
16:08:46.0181 4388  usbaudio - ok
16:08:46.0306 4388  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp         C:\Windows\system32\DRIVERS\usbccgp.sys
16:08:46.0337 4388  usbccgp - ok
16:08:46.0399 4388  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
16:08:46.0399 4388  usbcir - ok
16:08:46.0431 4388  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci         C:\Windows\system32\DRIVERS\usbehci.sys
16:08:46.0431 4388  usbehci - ok
16:08:46.0477 4388  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
16:08:46.0477 4388  usbhub - ok
16:08:46.0524 4388  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci         C:\Windows\system32\DRIVERS\usbohci.sys
16:08:46.0524 4388  usbohci - ok
16:08:46.0571 4388  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
16:08:46.0571 4388  usbprint - ok
16:08:46.0602 4388  [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan         C:\Windows\system32\DRIVERS\usbscan.sys
16:08:46.0618 4388  usbscan - ok
16:08:46.0649 4388  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR         C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:08:46.0649 4388  USBSTOR - ok
16:08:46.0696 4388  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci         C:\Windows\system32\drivers\usbuhci.sys
16:08:46.0696 4388  usbuhci - ok
16:08:46.0743 4388  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\System32\Drivers\usbvideo.sys
16:08:46.0743 4388  usbvideo - ok
16:08:46.0789 4388  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms           C:\Windows\System32\uxsms.dll
16:08:46.0789 4388  UxSms - ok
16:08:46.0805 4388  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
16:08:46.0805 4388  VaultSvc - ok
16:08:46.0867 4388  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
16:08:46.0867 4388  vdrvroot - ok
16:08:46.0914 4388  [ 8D6B481601D01A456E75C3210F1830BE ] vds             C:\Windows\System32\vds.exe
16:08:46.0930 4388  vds - ok
16:08:46.0992 4388  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga             C:\Windows\system32\DRIVERS\vgapnp.sys
16:08:46.0992 4388  vga - ok
16:08:47.0008 4388  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave         C:\Windows\System32\drivers\vga.sys
16:08:47.0008 4388  VgaSave - ok
16:08:47.0039 4388  VGPU - ok
16:08:47.0086 4388  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp           C:\Windows\system32\drivers\vhdmp.sys
16:08:47.0086 4388  vhdmp - ok
16:08:47.0117 4388  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
16:08:47.0117 4388  viaide - ok
16:08:47.0164 4388  [ 86EA3E79AE350FEA5331A1303054005F ] vmbus           C:\Windows\system32\drivers\vmbus.sys
16:08:47.0164 4388  vmbus - ok
16:08:47.0195 4388  [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID        C:\Windows\system32\drivers\VMBusHID.sys
16:08:47.0195 4388  VMBusHID - ok
16:08:47.0226 4388  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
16:08:47.0226 4388  volmgr - ok
16:08:47.0257 4388  [ A255814907C89BE58B79EF2F189B843B ] volmgrx         C:\Windows\system32\drivers\volmgrx.sys
16:08:47.0273 4388  volmgrx - ok
16:08:47.0304 4388  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap         C:\Windows\system32\drivers\volsnap.sys
16:08:47.0320 4388  volsnap - ok
16:08:47.0351 4388  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid         C:\Windows\system32\DRIVERS\vsmraid.sys
16:08:47.0351 4388  vsmraid - ok
16:08:47.0429 4388  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS             C:\Windows\system32\vssvc.exe
16:08:47.0507 4388  VSS - ok
16:08:47.0523 4388  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
16:08:47.0523 4388  vwifibus - ok
16:08:47.0538 4388  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
16:08:47.0538 4388  vwififlt - ok
16:08:47.0569 4388  [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp         C:\Windows\system32\DRIVERS\vwifimp.sys
16:08:47.0569 4388  vwifimp - ok
16:08:47.0601 4388  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time         C:\Windows\system32\w32time.dll
16:08:47.0616 4388  W32Time - ok
16:08:47.0632 4388  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\DRIVERS\wacompen.sys
16:08:47.0632 4388  WacomPen - ok
16:08:47.0679 4388  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
16:08:47.0679 4388  WANARP - ok
16:08:47.0710 4388  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
16:08:47.0710 4388  Wanarpv6 - ok
16:08:47.0803 4388  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
16:08:47.0850 4388  wbengine - ok
16:08:47.0881 4388  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
16:08:47.0881 4388  WbioSrvc - ok
16:08:47.0928 4388  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc         C:\Windows\System32\wcncsvc.dll
16:08:47.0928 4388  wcncsvc - ok
16:08:47.0944 4388  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:08:47.0959 4388  WcsPlugInService - ok
16:08:47.0991 4388  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\DRIVERS\wd.sys
16:08:47.0991 4388  Wd - ok
16:08:48.0022 4388  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
16:08:48.0037 4388  Wdf01000 - ok
16:08:48.0069 4388  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
16:08:48.0069 4388  WdiServiceHost - ok
16:08:48.0069 4388  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost   C:\Windows\system32\wdi.dll
16:08:48.0069 4388  WdiSystemHost - ok
16:08:48.0115 4388  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient       C:\Windows\System32\webclnt.dll
16:08:48.0115 4388  WebClient - ok
16:08:48.0147 4388  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
16:08:48.0147 4388  Wecsvc - ok
16:08:48.0178 4388  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport   C:\Windows\System32\wercplsupport.dll
16:08:48.0178 4388  wercplsupport - ok
16:08:48.0193 4388  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
16:08:48.0193 4388  WerSvc - ok
16:08:48.0240 4388  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
16:08:48.0240 4388  WfpLwf - ok
16:08:48.0256 4388  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
16:08:48.0256 4388  WIMMount - ok
16:08:48.0287 4388  WinDefend - ok
16:08:48.0303 4388  WinHttpAutoProxySvc - ok
16:08:48.0396 4388  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt         C:\Windows\system32\wbem\WMIsvc.dll
16:08:48.0396 4388  Winmgmt - ok
16:08:48.0490 4388  [ BCB1310604AA415C4508708975B3931E ] WinRM           C:\Windows\system32\WsmSvc.dll
16:08:48.0568 4388  WinRM - ok
16:08:48.0646 4388  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
16:08:48.0646 4388  WinUsb - ok
16:08:48.0708 4388  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc         C:\Windows\System32\wlansvc.dll
16:08:48.0739 4388  Wlansvc - ok
16:08:48.0786 4388  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi         C:\Windows\system32\drivers\wmiacpi.sys
16:08:48.0802 4388  WmiAcpi - ok
16:08:48.0849 4388  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
16:08:48.0849 4388  wmiApSrv - ok
16:08:48.0895 4388  WMPNetworkSvc - ok
16:08:48.0927 4388  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
16:08:48.0927 4388  WPCSvc - ok
16:08:48.0958 4388  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
16:08:48.0973 4388  WPDBusEnum - ok
16:08:49.0005 4388  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl         C:\Windows\system32\drivers\ws2ifsl.sys
16:08:49.0005 4388  ws2ifsl - ok
16:08:49.0036 4388  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
16:08:49.0036 4388  wscsvc - ok
16:08:49.0067 4388  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
16:08:49.0067 4388  WSDPrintDevice - ok
16:08:49.0083 4388  [ 4A2A5C50DD1A63577D3ACA94269FBC7F ] WSDScan         C:\Windows\system32\DRIVERS\WSDScan.sys
16:08:49.0083 4388  WSDScan - ok
16:08:49.0098 4388  WSearch - ok
16:08:49.0176 4388  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
16:08:49.0254 4388  wuauserv - ok
16:08:49.0285 4388  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
16:08:49.0285 4388  WudfPf - ok
16:08:49.0317 4388  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
16:08:49.0332 4388  WUDFRd - ok
16:08:49.0379 4388  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc         C:\Windows\System32\WUDFSvc.dll
16:08:49.0379 4388  wudfsvc - ok
16:08:49.0410 4388  [ FE90B750AB808FB9DD8FBB428B5FF83B ] WwanSvc         C:\Windows\System32\wwansvc.dll
16:08:49.0426 4388  WwanSvc - ok
16:08:49.0488 4388  ================ Scan global ===============================
16:08:49.0566 4388  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
16:08:49.0597 4388  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:08:49.0629 4388  [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
16:08:49.0707 4388  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
16:08:49.0753 4388  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
16:08:49.0769 4388  [Global] - ok
16:08:49.0769 4388  ================ Scan MBR ==================================
16:08:49.0800 4388  [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
16:08:50.0393 4388  \Device\Harddisk0\DR0 - ok
16:08:50.0393 4388  ================ Scan VBR ==================================
16:08:50.0393 4388  [ 891E4FFBF4648FDC695942A9F814AB37 ] \Device\Harddisk0\DR0\Partition1
16:08:50.0393 4388  \Device\Harddisk0\DR0\Partition1 - ok
16:08:50.0393 4388  ============================================================
16:08:50.0393 4388  Scan finished
16:08:50.0393 4388  ============================================================
16:08:50.0409 5100  Detected object count: 0
16:08:50.0409 5100  Actual detected object count: 0

War bemüht, alles exakt nach Anleitungen durchzuführen. ´Vielen Dank für eure Zeit!

Gruß,

empijion

cosinus · 28.05.2013, 08:24

Dann bitte jetzt Combofix ausführen:

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

empijion · 28.05.2013, 17:29

Hallo cosinus,

danke für die Info.
Habe combofix durchgeführt. Hier der Logfile:

Code:

ATTFilter

ComboFix 13-05-28.02 - Fabi Katja 28.05.2013  17:24:53.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1033.18.3837.2572 [GMT 2:00]
ausgeführt von:: c:\users\Fabi Katja\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Fabi Katja\AppData\Roaming\DHCPQECL.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-28 bis 2013-05-28  ))))))))))))))))))))))))))))))
.
.
2013-05-28 16:07 . 2013-05-28 16:07	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-24 13:21 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{6ECB5587-D977-42BB-96B1-C22F0A5FC8E4}\mpengine.dll
2013-05-22 18:10 . 2013-05-22 18:10	--------	d-----w-	c:\program files\Synaptics
2013-05-22 18:08 . 2012-05-04 09:59	514560	----a-w-	c:\windows\SysWow64\qdvd.dll
2013-05-22 18:08 . 2012-05-04 11:00	366592	----a-w-	c:\windows\system32\qdvd.dll
2013-05-22 18:08 . 2012-08-24 18:09	458712	----a-w-	c:\windows\system32\drivers\cng.sys
2013-05-22 18:08 . 2012-08-24 18:05	340992	----a-w-	c:\windows\system32\schannel.dll
2013-05-22 18:08 . 2012-08-24 16:57	247808	----a-w-	c:\windows\SysWow64\schannel.dll
2013-05-22 18:08 . 2012-08-24 18:13	154480	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2013-05-22 18:08 . 2012-08-24 18:03	1448448	----a-w-	c:\windows\system32\lsasrv.dll
2013-05-22 18:08 . 2012-08-24 16:57	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2013-05-22 18:08 . 2012-08-24 16:53	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2013-05-21 18:48 . 2013-05-22 19:47	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2013-05-15 04:23 . 2013-04-10 06:01	265064	----a-w-	c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 04:23 . 2013-04-10 06:01	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 04:23 . 2011-02-03 11:25	144384	----a-w-	c:\windows\system32\cdd.dll
2013-05-15 04:22 . 2013-02-27 05:52	14172672	----a-w-	c:\windows\system32\shell32.dll
2013-05-15 04:22 . 2013-02-27 05:48	1930752	----a-w-	c:\windows\system32\authui.dll
2013-05-15 04:22 . 2013-02-27 05:52	197120	----a-w-	c:\windows\system32\shdocvw.dll
2013-05-15 04:22 . 2013-02-27 06:02	111448	----a-w-	c:\windows\system32\consent.exe
2013-05-15 04:22 . 2013-02-27 05:47	70144	----a-w-	c:\windows\system32\appinfo.dll
2013-05-15 04:22 . 2013-02-27 04:49	1796096	----a-w-	c:\windows\SysWow64\authui.dll
2013-05-15 04:22 . 2013-03-19 05:53	230400	----a-w-	c:\windows\system32\wwansvc.dll
2013-05-15 04:22 . 2013-03-19 05:53	48640	----a-w-	c:\windows\system32\wwanprotdim.dll
2013-05-15 04:22 . 2013-04-10 03:30	3153920	----a-w-	c:\windows\system32\win32k.sys
2013-05-12 07:10 . 2013-05-12 07:10	--------	d-----w-	c:\program files (x86)\Secure Banking
2013-05-11 17:24 . 2013-05-11 17:24	--------	d-----w-	c:\windows\system32\appmgmt
2013-05-06 17:34 . 2013-05-06 17:34	--------	d-----w-	C:\Temp
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-15 18:44 . 2013-04-06 07:54	75016696	----a-w-	c:\windows\system32\MRT.exe
2013-05-15 16:06 . 2012-06-09 13:02	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 16:06 . 2011-06-11 06:43	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2011-02-26 09:23	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-23 14:12 . 2012-08-13 14:49	178448	----a-w-	c:\windows\system32\drivers\kneps.sys
2013-04-23 14:12 . 2012-06-08 09:38	55056	----a-w-	c:\windows\system32\drivers\kltdi.sys
2013-04-23 14:12 . 2013-04-04 11:36	90208	----a-w-	c:\windows\system32\drivers\klflt.sys
2013-04-23 14:12 . 2013-04-04 11:36	620128	----a-w-	c:\windows\system32\drivers\klif.sys
2013-04-13 05:49 . 2013-05-15 04:23	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 04:23	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 04:23	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 04:23	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 04:23	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 04:23	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-24 04:19	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-03-29 19:55 . 2013-03-29 19:55	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-03-29 19:55 . 2013-03-29 19:55	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-03-29 19:55 . 2013-03-29 19:55	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-03-29 19:55 . 2013-03-29 19:55	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-29 19:55 . 2013-03-29 19:55	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-29 19:55 . 2013-03-29 19:55	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-03-29 19:55 . 2013-03-29 19:55	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-03-29 19:55 . 2013-03-29 19:55	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-03-29 19:55 . 2013-03-29 19:55	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-03-29 19:55 . 2013-03-29 19:55	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-03-29 19:55 . 2013-03-29 19:55	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-03-29 19:55 . 2013-03-29 19:55	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-03-29 19:55 . 2013-03-29 19:55	197120	----a-w-	c:\windows\system32\msrating.dll
2013-03-29 19:55 . 2013-03-29 19:55	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-03-29 19:55 . 2013-03-29 19:55	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-03-29 19:55 . 2013-03-29 19:55	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-03-29 19:55 . 2013-03-29 19:55	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-03-29 19:55 . 2013-03-29 19:55	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-03-29 19:55 . 2013-03-29 19:55	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-03-29 19:55 . 2013-03-29 19:55	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-03-29 19:55 . 2013-03-29 19:55	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-03-29 19:55 . 2013-03-29 19:55	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-03-29 19:55 . 2013-03-29 19:55	81408	----a-w-	c:\windows\system32\icardie.dll
2013-03-29 19:55 . 2013-03-29 19:55	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-03-29 19:55 . 2013-03-29 19:55	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-03-29 19:55 . 2013-03-29 19:55	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-03-29 19:55 . 2013-03-29 19:55	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-03-29 19:55 . 2013-03-29 19:55	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-03-29 19:55 . 2013-03-29 19:55	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-03-29 19:55 . 2013-03-29 19:55	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-03-29 19:55 . 2013-03-29 19:55	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-03-29 19:55 . 2013-03-29 19:55	441856	----a-w-	c:\windows\system32\html.iec
2013-03-29 19:55 . 2013-03-29 19:55	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-03-29 19:55 . 2013-03-29 19:55	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-03-29 19:55 . 2013-03-29 19:55	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-03-29 19:55 . 2013-03-29 19:55	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-03-29 19:55 . 2013-03-29 19:55	235008	----a-w-	c:\windows\system32\url.dll
2013-03-29 19:55 . 2013-03-29 19:55	216064	----a-w-	c:\windows\system32\msls31.dll
2013-03-29 19:55 . 2013-03-29 19:55	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-03-29 19:55 . 2013-03-29 19:55	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-03-29 19:55 . 2013-03-29 19:55	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-03-29 19:55 . 2013-03-29 19:55	149504	----a-w-	c:\windows\system32\occache.dll
2013-03-29 19:55 . 2013-03-29 19:55	144896	----a-w-	c:\windows\system32\wextract.exe
2013-03-29 19:55 . 2013-03-29 19:55	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-03-29 19:55 . 2013-03-29 19:55	13824	----a-w-	c:\windows\system32\mshta.exe
2013-03-29 19:55 . 2013-03-29 19:55	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-03-29 19:55 . 2013-03-29 19:55	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-03-29 19:55 . 2013-03-29 19:55	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-03-29 19:55 . 2013-03-29 19:55	102912	----a-w-	c:\windows\system32\inseng.dll
2013-03-29 19:53 . 2013-03-29 19:53	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-29 19:53 . 2013-03-29 19:53	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-29 19:53 . 2013-03-29 19:53	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-29 19:53 . 2013-03-29 19:53	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-29 19:53 . 2013-03-29 19:53	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-03-29 19:53 . 2013-03-29 19:53	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-03-29 19:53 . 2013-03-29 19:53	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-03-29 19:53 . 2013-03-29 19:53	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-03-29 19:53 . 2013-03-29 19:53	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-03-29 19:53 . 2013-03-29 19:53	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-29 19:53 . 2013-03-29 19:53	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-03-29 19:53 . 2013-03-29 19:53	3928064	----a-w-	c:\windows\system32\d2d1.dll
2013-03-29 19:53 . 2013-03-29 19:53	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-03-29 19:53 . 2013-03-29 19:53	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-29 19:53 . 2013-03-29 19:53	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-03-29 19:53 . 2013-03-29 19:53	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-29 19:53 . 2013-03-29 19:53	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-29 19:53 . 2013-03-29 19:53	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-03-29 19:53 . 2013-03-29 19:53	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-03-29 19:53 . 2013-03-29 19:53	2776576	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-03-29 19:53 . 2013-03-29 19:53	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-03-29 19:53 . 2013-03-29 19:53	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-29 19:53 . 2013-03-29 19:53	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-03-29 19:53 . 2013-03-29 19:53	2284544	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2013-03-29 19:53 . 2013-03-29 19:53	1682432	----a-w-	c:\windows\system32\XpsPrint.dll
2013-03-29 19:53 . 2013-03-29 19:53	1158144	----a-w-	c:\windows\SysWow64\XpsPrint.dll
2013-03-29 19:53 . 2013-03-29 19:53	10752	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-29 19:53 . 2013-03-29 19:53	10752	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-03-29 19:53 . 2013-03-29 19:53	1247744	----a-w-	c:\windows\SysWow64\DWrite.dll
2013-03-29 19:53 . 2013-03-29 19:53	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2013-03-29 19:53 . 2013-03-29 19:53	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2013-03-29 19:53 . 2013-03-29 19:53	363008	----a-w-	c:\windows\system32\dxgi.dll
2013-03-29 19:53 . 2013-03-29 19:53	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2013-03-29 19:53 . 2013-03-29 19:53	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-03-29 19:53 . 2013-03-29 19:53	296960	----a-w-	c:\windows\system32\d3d10core.dll
2013-03-29 19:53 . 2013-03-29 19:53	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SecureBanking"="c:\program files (x86)\Secure Banking\SecureBanking.exe" [2012-09-10 372736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-09-15 98304]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\Update\realsched.exe" [2011-03-13 273544]
"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2012-08-28 143360]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-04-04 356376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BrSerIb;Brother Serial Interface Driver(WDM);c:\windows\system32\DRIVERS\BrSerIb.sys [2012-07-31 95344]
R3 BrUsbSIb;Brother Serial USB Driver(WDM);c:\windows\system32\DRIVERS\BrUsbSIb.sys [2012-06-22 21872]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2012-06-05 266240]
R3 DisplayLinkUsbPort;DisplayLink USB Device;c:\windows\system32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [2011-04-10 17408]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 tsusbhub;tsusbhub;tsusbhub [x]
S0 dlkmdldr;dlkmdldr;c:\windows\system32\drivers\dlkmdldr.sys [2010-11-26 13936]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-04-23 55056]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2013-04-23 178448]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-09-15 203264]
S2 DisplayLinkService;DisplayLinkManager;c:\program files\DisplayLink Core Software\DisplayLinkManager.exe [2010-11-26 9464168]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
S3 dlkmd;dlkmd;c:\windows\system32\drivers\dlkmd.sys [2010-11-26 203376]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-10-25 29016]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-10-25 29528]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [2010-05-20 18:06 96384]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-09 16:06]
.
2013-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-09 17:50]
.
2013-05-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-09 17:50]
.
.
--------- X64 Entries -----------
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Hinzufügen zu Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
DPF: {CEF002D2-5A9F-4656-AA41-85DA2534ACBD} - hxxps://web2mail.bsw-kehl.de/dwa85W.cab
FF - ProfilePath - c:\users\Fabi Katja\AppData\Roaming\Mozilla\Firefox\Profiles\q6ohm84h.default\
FF - prefs.js: browser.search.selectedEngine - 
FF - prefs.js: browser.startup.homepage - www.google.de
FF - ExtSQL: 2013-04-23 16:12; anti_banner@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF - ExtSQL: 2013-04-23 16:12; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF - ExtSQL: 2013-04-23 16:12; online_banking@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF - ExtSQL: 2013-04-23 16:12; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF - ExtSQL: 2013-04-23 16:12; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-iyabpond - c:\users\Fabi Katja\AppData\Roaming\DHCPQECL.dll
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-28  18:25:23
ComboFix-quarantined-files.txt  2013-05-28 16:25
.
Vor Suchlauf: 15 Verzeichnis(se), 11.242.426.368 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 11.033.706.496 Bytes frei
.
- - End Of File - - A3E2D5D6C9878B04D02C59D750839194

Gruß und Danke,

Empijion

cosinus · 28.05.2013, 23:15

JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

Im Anschluss:

adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Danach eine Kontrolle mit OTL bitte:

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Setze oben mittig den Haken bei Scanne alle Benutzer
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt
Poste die Logfiles in CODE-Tags hier in den Thread.

empijion · 29.05.2013, 17:15

Hallo,
danke für die weiteren Anleitungen!

Hier die Logfiles:

1. JRT

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x64
Ran by ***** on 29.05.2013 at 17:06:46,25
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\q6ohm84h.default\minidumps [39 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.05.2013 at 17:12:27,85
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

2. adwcleaner

Code:

ATTFilter

# AdwCleaner v2.301 - Logfile created 05/29/2013 at 17:20:25
# Updated 16/05/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)
# User : **** *** - ******-PC
# Boot Mode : Normal
# Running from : C:\Users\*** ***\Desktop\2_adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (de)

File : C:\Users\*** ***\AppData\Roaming\Mozilla\Firefox\Profiles\q6ohm84h.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v [Unable to get version]

File : C:\Users\*** ***\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [13168 octets] - [12/05/2013 08:11:56]
AdwCleaner[S1].txt - [13346 octets] - [12/05/2013 08:17:28]
AdwCleaner[S2].txt - [1219 octets] - [22/05/2013 21:06:46]
AdwCleaner[S3].txt - [1151 octets] - [22/05/2013 21:46:26]
AdwCleaner[S4].txt - [1211 octets] - [29/05/2013 17:16:11]
AdwCleaner[S5].txt - [1142 octets] - [29/05/2013 17:20:25]

########## EOF - C:\AdwCleaner[S5].txt - [1202 octets] ##########

3. OTL
Extra

Code:

ATTFilter

OTL Extras logfile created on: 29.05.2013 17:26:45 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\******\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 60,54% Memory free
7,49 Gb Paging File | 5,95 Gb Available in Paging File | 79,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 267,66 Gb Total Space | 10,43 Gb Free Space | 3,90% Space Free | Partition Type: NTFS
 
Computer Name: FABI***-PC | User Name: ****** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\dm\dm-Fotowelt\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm-Fotowelt] -- "C:\Program Files (x86)\dm\dm-Fotowelt\dm-Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06CB14DF-9171-4CC9-ADEC-EBD7376B1BF8}" = lport=54925 | protocol=17 | dir=in | name=brothernetwork scanner | 
"{138A4BA8-1F24-4A46-8838-26CFF022213E}" = lport=139 | protocol=6 | dir=in | app=system | 
"{2177F078-E381-4371-944B-5BC88C027E91}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{32EB9FFB-F3CA-4187-9B37-7C2511BD5684}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{41FA6172-8C55-4452-835A-C1879FF01AA4}" = rport=138 | protocol=17 | dir=out | app=system | 
"{4A579F8C-89DE-4190-A5D1-55136521E48D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{569EA542-0247-4AC3-B04A-4AAEF9DF3851}" = rport=137 | protocol=17 | dir=out | app=system | 
"{5ABDD845-ACE6-47DC-98D1-8280E1590474}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6187C0F7-A6F9-4A52-81B3-D3A0E6EE3626}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{639EEC49-D227-45E9-B4CD-4D17CEDB4CF6}" = lport=138 | protocol=17 | dir=in | app=system | 
"{69F14B0A-6BFC-46C6-A633-627FC0FB294D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{7A67B979-64A0-4481-9508-EB10530912A0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{86F1B978-2951-4519-B8F4-B03A4BBDF6D5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8C04C1C0-DB36-457D-A477-305384837078}" = rport=445 | protocol=6 | dir=out | app=system | 
"{913544DE-5940-4D24-8A64-0F312D607C6E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9AECF6CA-4998-4A1C-B936-A8E0EC0C77F2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A493D01F-8CFA-4ABA-9032-0F6BEF46CF87}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AFA8556A-E549-4532-88C3-05884A0915BB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{B6941A40-DF4F-4B33-BD40-401A714354B8}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C65A0DC8-2F56-4474-B2B7-BF305941282D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{C6D28404-3A12-43A9-9927-93405F252AF8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{CF0CF40A-D4D4-4745-BEC1-35272694D959}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{E0EC09CF-5AB1-4F64-A3BE-4F14D6964699}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{FA4B3194-D589-43F7-BE82-51A4D9BA71AA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08AD8B40-D39E-4B0E-A596-630D23B0FF43}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{10B6F987-4ABD-4C04-92A5-35CB32AED954}" = protocol=6 | dir=in | app=c:\program files (x86)\brother\brmfl12b\faxrx.exe | 
"{41217740-E5F5-4331-8E0E-4D39FCA0DAD3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4D34D7EB-3772-402A-9ED1-328DD96F6C65}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{67FAE3B8-EAB2-4DA0-8FE6-648CEE6B1321}" = protocol=6 | dir=out | app=system | 
"{697598A9-4911-46A3-B83D-86881C5D0C2D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6C4D713F-8D19-41F4-9F72-51CD93B8DE14}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7C4DE51F-E717-400E-B7D3-AEB36C8B45CE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8DFE19CB-D366-4A5E-9399-FD3F95D045DE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{947697A4-5951-43B0-9B6F-63E7482416F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{951313B1-DEA3-45C4-B9A5-6B86379038DB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A1F7787E-5172-43FB-BF25-203FEEA5B1F0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A88128E7-67F1-417D-9EAC-779916E1C587}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{AAE10A06-D362-4ED0-8A25-4BD9119AFF76}" = protocol=17 | dir=in | app=c:\program files (x86)\brother\brmfl12b\faxrx.exe | 
"{B6787C79-6128-4CA3-A924-3EB0D420D463}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BC7E02B6-C6BC-44F8-9219-DD5D289FDEA8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{BCFA4841-123A-4F5A-B0D2-A77EE683C578}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E564EC0C-8F41-4961-9FDD-B5AB26E889BA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E6C42109-25B5-4E2D-B0A7-2E144B0853B5}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F0134ECD-8921-4363-BA27-9C0F757D346B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F1E29F03-04BB-46BC-90BC-D7AD3CC68BC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"TCP Query User{5FA28A54-CF59-420C-8B17-3B2F1434F980}C:\windows\syswow64\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe | 
"TCP Query User{9BD9D2C0-54F9-424A-8C8C-C170E4EB93E8}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
"TCP Query User{E23C274D-04E0-4046-842E-F651620956F4}C:\windows\syswow64\rundll32.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\rundll32.exe | 
"UDP Query User{00579D0D-3527-4E39-8E0E-DC0C6DEB8494}C:\windows\syswow64\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe | 
"UDP Query User{19A400C0-1E49-4385-8837-51D821A43E5C}C:\windows\syswow64\rundll32.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\rundll32.exe | 
"UDP Query User{7E8D2529-6645-4D60-96FA-F635C8904C2E}C:\program files (x86)\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files (x86)\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{173D870E-7FB0-7322-7889-807CC9547228}" = ATI Catalyst Install Manager
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{715CAACC-579B-4831-A5F4-A83A8DE3EFE2}" = PaperPort Image Printer 64-bit
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C6258F57-2A15-19B6-3082-F2888D26668C}" = ccc-utility64
"{C7AE4EC3-9C13-4213-8457-74D16B353F91}" = HP Web Camera
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF76E87C-0398-45A2-8D07-D5D11CA12FDF}" = DisplayLink Core Software
"Broadcom 802.11 Wireless LAN Adapter" = Broadcom 802.11 Wireless LAN Adapter
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"PDF Creator" = PDF Creator
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0A2FCCC6-AF02-4FBF-9196-1C0A89FF33A5}" = Catalyst Control Center - Branding
"{0C08C0A5-613F-D1CC-4080-4E4A7646E552}" = CCC Help Spanish
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer 2012
"{0D23ABFF-48D3-54AC-98D9-ABA8C3772B97}" = Catalyst Control Center Localization All
"{154E7CE0-089C-53EC-3BB3-209E6B1A5FE6}" = CCC Help Hungarian
"{1673D965-5ADC-B95C-ABE0-8619EBCFC5EF}" = CCC Help French
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1D61E881-43CD-447B-9E6B-D2C6138B2862}" = HP Webcam
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{207E9B74-F4D3-4FD7-8142-16FF41825BC4}_is1" = Secure Banking Version 1.5.1
"{2091EAF4-C7A3-CADE-0F3C-87A64796FF2B}" = CCC Help Finnish
"{23D81028-77D9-407C-BC47-07B34E732D0D}" = CCC Help Korean
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{265B95FC-342F-8CD7-197F-99B4B1341ECF}" = CCC Help Chinese Standard
"{2861BDF2-B36A-4C9D-7A95-97EF8DFF53EB}" = CCC Help Czech
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{32AFCEB5-DD1F-E879-962F-C43AB003CC1D}" = CCC Help Danish
"{33774E23-CC33-471F-9635-FCDBF78F20B5}" = HP System Default Settings
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3A800300-D395-37A0-D17D-FDC8461F7028}" = CCC Help Italian
"{4422D20B-F530-4E65-8504-31396C9BC066}" = Google SketchUp 8
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"{5E7F872E-3F2A-B40F-0626-B8B671A5F4C3}" = CCC Help Portuguese
"{6218D39A-A825-5438-B23A-A0275D06A973}" = CCC Help Thai
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65792F2F-EB8B-7874-4A89-C1A0C206C9FA}" = Catalyst Control Center InstallProxy
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{676CBF19-35FD-7A3A-5EAA-CB091C0234E8}" = CCC Help Dutch
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{70F5AD48-91B1-40AE-D7A4-0978606F6DE1}" = CCC Help Greek
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90A40407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Web Components
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{BE89AE6B-AFDB-F66F-4766-230CE1721E89}" = CCC Help English
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{CB51A24D-551C-DA4E-894B-8115BF45FCA4}" = CCC Help Turkish
"{CEB1E126-51F9-31BC-73DB-265F06851E32}" = CCC Help Russian
"{D4BF2B2B-D80B-4C35-B8DE-1F444B9C1179}" = CCC Help Japanese
"{D6CC2FAF-F827-4091-96A1-D32CC9B69C79}" = WISO Steuer-Sparbuch 2013
"{DD98C438-D769-4677-AA87-3481FA32D20C}" = Brother MFL-Pro Suite MFC-J4410DW
"{DF2AD7A5-D7BF-1AE8-2621-D704A0A7E4CC}" = CCC Help German
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = HP Webcam Driver
"{E2C553E9-51E5-A195-BF5F-C964CF3DDA70}" = CCC Help Norwegian
"{E7E22D1E-8E4D-7278-BD36-71E2C87F61FE}" = CCC Help Swedish
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EDF396A7-8710-0FAB-505C-BA0B5F367241}" = CCC Help Chinese Traditional
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F367D577-6366-0656-85FE-43249DBEF2ED}" = CCC Help Polish
"{FB72F5B5-C295-845E-3E57-55F0E20E039F}" = ccc-core-static
"7-Zip" = 7-Zip 9.20
"99_is1" = Jawbreaker
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"dm-Fotowelt" = dm-Fotowelt
"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Internet Security 2013
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"RealPlayer 12.0" = RealPlayer
"Schulschriften_is1" = Schulschriften
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2057735315-3883940139-79290062-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.05.2013 11:17:35 | Computer Name = Fabi***-PC | Source = Desktop Window Manager | ID = 9020
Description = Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x88980406)
 festgestellt.
 
Error - 29.05.2013 11:21:51 | Computer Name = Fabi***-PC | Source = Desktop Window Manager | ID = 9020
Description = Der Desktopfenster-Manager hat einen schwerwiegenden Fehler (0x88980406)
 festgestellt.
 
[ System Events ]
Error - 29.05.2013 11:12:50 | Computer Name = Fabi***-PC | Source = bowser | ID = 8003
Description = 
 
Error - 29.05.2013 11:18:49 | Computer Name = Fabi***-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 29.05.2013 11:19:12 | Computer Name = Fabi***-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 29.05.2013 11:22:55 | Computer Name = Fabi***-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 29.05.2013 11:22:58 | Computer Name = Fabi***-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 29.05.2013 11:24:51 | Computer Name = Fabi***-PC | Source = bowser | ID = 8003
Description = 
 
 
< End of report >

Teil 2

Code:

ATTFilter

OTL logfile created on: 29.05.2013 17:26:45 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*** ***\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,75 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 60,54% Memory free
7,49 Gb Paging File | 5,95 Gb Available in Paging File | 79,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 267,66 Gb Total Space | 10,43 Gb Free Space | 3,90% Space Free | Partition Type: NTFS
 
Computer Name: ******-PC | User Name: *** *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*** ***\Desktop\3_OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Secure Banking\SecureBanking.exe (Secure Banking)
PRC - C:\Program Files (x86)\Secure Banking\sbservice.exe ()
PRC - C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Secure Banking\sbservice.exe ()
MOD - C:\Program Files (x86)\Secure Banking\SecureBanking.dll ()
MOD - C:\Program Files (x86)\Secure Banking\funcs.dll ()
MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll ()
MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (DisplayLinkService) -- C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (kneps) -- C:\Windows\SysNative\drivers\kneps.sys (Kaspersky Lab ZAO)
DRV:64bit: - (kltdi) -- C:\Windows\SysNative\drivers\kltdi.sys (Kaspersky Lab ZAO)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab ZAO)
DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\drivers\klmouflt.sys (Kaspersky Lab)
DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\drivers\klkbdflt.sys (Kaspersky Lab)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\drivers\klim6.sys (Kaspersky Lab ZAO)
DRV:64bit: - (BrSerIb) -- C:\Windows\SysNative\drivers\BrSerIb.sys (Brother Industries Ltd.)
DRV:64bit: - (BrUsbSIb) -- C:\Windows\SysNative\drivers\BrUsbSib.sys (Brother Industries Ltd.)
DRV:64bit: - (kl1) -- C:\Windows\SysNative\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (AX88772) -- C:\Windows\SysNative\drivers\ax88772.sys (ASIX Electronics Corp.)
DRV:64bit: - (DisplayLinkUsbPort) -- C:\Windows\SysNative\drivers\DisplayLinkUsbPort_5.6.31854.0.sys (hxxp://libusb-win32.sourceforge.net)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dlkmd) -- C:\Windows\SysNative\drivers\dlkmd.sys (DisplayLink Corp.)
DRV:64bit: - (dlkmdldr) -- C:\Windows\SysNative\drivers\dlkmdldr.sys (DisplayLink Corp.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (rtsuvc) -- C:\Windows\SysNative\drivers\rtsuvc.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie64.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (netr7364) -- C:\Windows\SysNative\drivers\netr7364.sys (Ralink Technology, Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2057735315-3883940139-79290062-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2057735315-3883940139-79290062-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2057735315-3883940139-79290062-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D9 AD C9 EE 95 D5 CB 01  [binary data]
IE - HKU\S-1-5-21-2057735315-3883940139-79290062-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2057735315-3883940139-79290062-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADRA_de
IE - HKU\S-1-5-21-2057735315-3883940139-79290062-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.03.13 20:53:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013.04.23 16:12:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013.04.23 16:12:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013.04.23 16:12:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\anti_banner@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013.04.23 16:12:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\online_banking@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013.04.23 16:12:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.08.24 19:15:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*** ***\AppData\Roaming\mozilla\Extensions
[2013.05.22 17:41:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*** ***\AppData\Roaming\mozilla\Firefox\Profiles\q6ohm84h.default\extensions
[2011.08.24 19:15:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.05.23 17:55:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2013.05.23 17:55:34 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60129.0\npctrl.dll
CHR - Extension: Modul zur Link-Untersuchung = C:\Users\*** ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\
CHR - Extension: Sicherer Zahlungsverkehr = C:\Users\*** ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh\13.0.1.4190_0\
CHR - Extension: Modul f\u00FCr das Blockieren gef\u00E4hrlicher Webseiten = C:\Users\*** ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\
CHR - Extension: Virtuelle Tastatur = C:\Users\*** ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4292_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\*** ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3\
CHR - Extension: Anti-Banner = C:\Users\*** ***\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\13.0.1.4190_0\
 
O1 HOSTS File: ([2013.05.28 18:07:50 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O2 - BHO: (Safe Money Plugin) - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKU\S-1-5-21-2057735315-3883940139-79290062-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKU\S-1-5-21-2057735315-3883940139-79290062-1000..\Run: [SecureBanking] C:\Program Files (x86)\Secure Banking\SecureBanking.exe (Secure Banking)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2057735315-3883940139-79290062-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2057735315-3883940139-79290062-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O16 - DPF: {CEF002D2-5A9F-4656-AA41-85DA2534ACBD} https://web2mail.bsw-kehl.de/dwa85W.cab (IBM Lotus iNotes 8.5 Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E008A543-CEFB-4559-912F-C27C2B89F13B} hxxp://webmail.bsw-kehl.de/dwa7W.cab (Domino Web Access 7 Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8D377D2A-D953-4647-B42D-C832C8D7E881}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.29 17:06:40 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.29 17:06:17 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.29 17:06:17 | 000,000,000 | ---D | C] -- \JRT
[2013.05.29 17:05:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*** ***\Desktop\3_OTL.exe
[2013.05.29 17:04:46 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\*** ***\Desktop\1_JRT.exe
[2013.05.28 19:39:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.05.28 19:39:44 | 000,000,000 | -HSD | C] -- \$RECYCLE.BIN
[2013.05.28 18:25:50 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.28 17:22:55 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.28 17:22:55 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.28 17:22:55 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.28 17:22:48 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.28 17:22:48 | 000,000,000 | ---D | C] -- \Qoobox
[2013.05.28 17:22:30 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.28 17:21:11 | 005,073,758 | R--- | C] (Swearware) -- C:\Users\*** ***\Desktop\ComboFix.exe
[2013.05.24 14:30:45 | 000,000,000 | ---D | C] -- C:\Users\*** ***\Desktop\mbar-1.05.0.1001
[2013.05.24 06:01:50 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\*** ***\Desktop\tdsskiller.exe
[2013.05.24 06:00:31 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\*** ***\Desktop\aswMBR.exe
[2013.05.23 17:55:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.05.23 17:55:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.05.22 20:10:59 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013.05.22 20:09:50 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2013.05.22 20:09:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2013.05.22 20:09:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2013.05.22 20:09:49 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2013.05.22 20:09:49 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2013.05.22 20:09:46 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.05.22 20:09:46 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2013.05.22 20:09:46 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2013.05.22 20:09:45 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2013.05.22 20:09:45 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2013.05.22 20:09:45 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2013.05.22 20:09:45 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2013.05.22 20:09:45 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.05.22 20:09:45 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.05.22 20:09:45 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2013.05.22 20:09:45 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2013.05.22 20:09:45 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2013.05.22 20:09:45 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2013.05.22 20:09:45 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2013.05.22 20:09:45 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2013.05.22 20:09:45 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.05.22 20:09:45 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2013.05.22 20:09:44 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.05.22 20:09:44 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.05.22 20:08:13 | 000,514,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qdvd.dll
[2013.05.22 20:08:12 | 000,366,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qdvd.dll
[2013.05.22 20:08:00 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013.05.21 21:09:59 | 000,000,000 | ---D | C] -- C:\Users\*** ***\Documents\ProcAlyzer Dumps
[2013.05.21 20:48:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.05.21 20:34:03 | 000,000,000 | ---D | C] -- C:\Users\*** ***\Documents\CCleaner_Sicherungsdateien
[2013.05.15 20:36:50 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.15 20:36:50 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.15 20:36:49 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.15 20:36:48 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.15 20:36:48 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.05.15 20:36:48 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.05.15 20:36:48 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.05.15 20:36:48 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.15 20:36:48 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.05.15 20:36:48 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.05.15 20:36:48 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.05.15 20:36:48 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.05.15 20:36:45 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.15 20:36:45 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.15 20:36:44 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.15 06:23:11 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.15 06:23:11 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.15 06:22:52 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.15 06:22:51 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.15 06:22:49 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.15 06:22:49 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.15 06:22:37 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.12 09:10:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secure Banking
[2013.05.12 09:10:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secure Banking
[2013.05.12 08:48:50 | 000,700,783 | R--- | C] (Swearware) -- C:\Users\*** ***\Desktop\dds+.exe
[2013.05.11 19:24:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt
[2013.05.06 19:34:02 | 000,000,000 | ---D | C] -- C:\Temp
[2013.05.06 19:34:02 | 000,000,000 | ---D | C] -- \Temp
[2010.01.23 02:59:40 | 002,495,080 | ---- | C] (Amazon.com) -- C:\Program Files\AmazonMP3Downloader.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.29 17:29:47 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.29 17:29:47 | 000,014,192 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.29 17:22:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.29 17:21:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.29 17:21:37 | 4022,923,264 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.29 17:07:02 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.29 17:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.29 17:03:56 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.29 17:03:56 | 000,652,240 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.29 17:03:56 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.29 17:03:56 | 000,129,908 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.29 17:03:56 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.29 06:43:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*** ***\Desktop\3_OTL.exe
[2013.05.29 06:41:22 | 000,632,031 | ---- | M] () -- C:\Users\*** ***\Desktop\2_adwcleaner.exe
[2013.05.29 06:40:46 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\*** ***\Desktop\1_JRT.exe
[2013.05.28 18:07:50 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.28 17:21:34 | 005,073,758 | R--- | M] (Swearware) -- C:\Users\*** ***\Desktop\ComboFix.exe
[2013.05.24 16:06:43 | 000,000,512 | ---- | M] () -- C:\Users\*** ***\Desktop\MBR.dat
[2013.05.24 14:16:54 | 012,917,756 | ---- | M] () -- C:\Users\*** ***\Desktop\mbar-1.05.0.1001.zip
[2013.05.24 06:02:03 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\*** ***\Desktop\aswMBR.exe
[2013.05.24 06:01:52 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\*** ***\Desktop\tdsskiller.exe
[2013.05.22 22:01:10 | 000,000,000 | ---- | M] () -- C:\Users\*** ***\defogger_reenable
[2013.05.22 20:11:52 | 001,049,314 | ---- | M] () -- C:\Windows\SysNative\oem30.inf
[2013.05.22 20:11:13 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013.05.22 19:31:40 | 000,000,017 | ---- | M] () -- C:\Users\*** ***\AppData\Local\resmon.resmoncfg
[2013.05.22 18:01:43 | 000,002,723 | ---- | M] () -- C:\Users\*** ***\Desktop\Microsoft Office PowerPoint 2003.lnk
[2013.05.22 18:01:33 | 000,002,735 | ---- | M] () -- C:\Users\*** ***\Desktop\Microsoft Office Excel 2003.lnk
[2013.05.18 08:32:59 | 000,310,817 | ---- | M] () -- C:\Users\*** ***\Desktop\Laufzettel.pdf
[2013.05.18 08:32:36 | 000,173,203 | ---- | M] () -- C:\Users\*** ***\Desktop\Indianer Deckblatt.pdf
[2013.05.16 16:04:24 | 000,465,672 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.15 18:06:25 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.15 18:06:25 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.12 09:10:14 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\Secure Banking.lnk
[2013.05.12 08:48:57 | 000,700,783 | R--- | M] (Swearware) -- C:\Users\*** ***\Desktop\dds+.exe
[2013.05.11 19:19:04 | 000,000,866 | ---- | M] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.04.29 19:18:41 | 000,026,120 | ---- | M] () -- C:\Windows\BRRBCOM.INI
 
========== Files Created - No Company Name ==========
 
[2013.05.29 17:04:49 | 000,632,031 | ---- | C] () -- C:\Users\*** ***\Desktop\2_adwcleaner.exe
[2013.05.28 17:22:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.28 17:22:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.28 17:22:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.28 17:22:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.28 17:22:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.24 16:06:43 | 000,000,512 | ---- | C] () -- C:\Users\*** ***\Desktop\MBR.dat
[2013.05.24 05:59:19 | 012,917,756 | ---- | C] () -- C:\Users\*** ***\Desktop\mbar-1.05.0.1001.zip
[2013.05.22 22:01:10 | 000,000,000 | ---- | C] () -- C:\Users\*** ***\defogger_reenable
[2013.05.22 20:12:06 | 001,049,314 | ---- | C] () -- C:\Windows\SysNative\oem30.inf
[2013.05.22 20:11:13 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013.05.22 19:31:40 | 000,000,017 | ---- | C] () -- C:\Users\*** ***\AppData\Local\resmon.resmoncfg
[2013.05.22 18:01:43 | 000,002,723 | ---- | C] () -- C:\Users\*** ***\Desktop\Microsoft Office PowerPoint 2003.lnk
[2013.05.22 18:01:33 | 000,002,735 | ---- | C] () -- C:\Users\*** ***\Desktop\Microsoft Office Excel 2003.lnk
[2013.05.18 08:33:02 | 000,310,817 | ---- | C] () -- C:\Users\*** ***\Desktop\Laufzettel.pdf
[2013.05.18 08:32:42 | 000,173,203 | ---- | C] () -- C:\Users\*** ***\Desktop\Indianer Deckblatt.pdf
[2013.05.12 09:10:14 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\Secure Banking.lnk
[2013.05.06 19:29:48 | 000,000,866 | ---- | C] () -- C:\Windows\SysWow64\InstallUtil.InstallLog
[2013.03.08 20:08:34 | 000,000,092 | ---- | C] () -- C:\Windows\brpcfx.ini
[2013.03.08 20:08:34 | 000,000,024 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2013.03.08 20:06:10 | 000,000,066 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2013.03.08 20:01:16 | 000,026,120 | ---- | C] () -- C:\Windows\BRRBCOM.INI
[2012.08.06 08:33:12 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL
[2012.08.06 08:33:12 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI
[2012.03.10 12:03:18 | 000,000,151 | ---- | C] () -- C:\Windows\wiso.ini
[2012.02.06 20:56:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd9.dll
[2012.02.06 20:56:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd11.dll
[2012.02.06 20:56:17 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\dlumd10.dll
[2012.01.23 20:18:59 | 000,000,419 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2012.01.23 20:18:59 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011.03.14 19:48:16 | 000,004,096 | -H-- | C] () -- C:\Users\*** ***\AppData\Local\keyfile3.drm
[2011.03.07 21:53:23 | 000,382,077 | RHS- | C] () -- \YIZCJ
[2011.03.07 21:53:23 | 000,000,020 | RHS- | C] () -- \win7.ld
[2011.02.26 10:28:42 | 000,000,065 | ---- | C] () -- C:\Users\*** ***\_dataoracleclientperfcounters_shared12_neutral_d.ini
[2011.02.25 07:56:43 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2011.02.25 07:56:41 | 000,383,786 | RHS- | C] () -- \bootmgr
[2011.02.24 22:57:25 | 4022,923,264 | -HS- | C] () -- \hiberfil.sys
[2010.01.21 23:59:14 | 000,009,107 | ---- | C] () -- C:\Program Files\Readme.html
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.07.21 12:32:38 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Amazon
[2013.03.08 20:18:29 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\ControlCenter4
[2013.03.08 19:52:46 | 000,000,000 | ---D | M] -- C:\Users\*** ***\AppData\Roaming\Nuance
 
========== Purity Check ==========
 
 

< End of report >

Bei Mozilla Firefox leiten die Google Links jetzt wieder auf die richtigen Seiten weiter, ebenfalls beim Internet Explorer nur funktioniert hier seltsamerweise der "Zurück-"Button nicht mehr?! WEiterleitungen innerhalb der dann aktuellen Seite funktionert einwandfrei. Auch wenn ich auf Startseite (ist google eingestellt) klicke, regt sich der Internet Explorer nicht. Kann das was mit der Säuberungsaktion zu tun haben oder habe ich eine Einstellung übersehen, die ich noch ändern müsste?

Gruß

empijion

cosinus · 30.05.2013, 08:59

Zurücksetzen von Internet Explorer-Einstellungen

empijion · 30.05.2013, 15:52

Super - alles wieder im Lot!
Nochmals VIELEN DANK für die professionelle Hilfe und eure Zeit!

Der Rechner war zuvor in einem "Fachgeschäft" - Kosten 120 € und Trojaner nach wie vor auf dem PC! Dieser wurde nur dank eurer Hilfe beseitigt!

DANKE!

Gruß,

empijion

23.05.2013, 11:52	#6
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Virus/Trojaner? Google Links Weiterleitung auf Monstermarketplace.com Lies doch auch bitte mal alles, v.a. was ich auch verlinkt habe Die Logs der anderen Scanner wie zB Malwarebytes fehlen immer noch. Und mach keine neuen Scans, nur schon vorhandene hier posten __________________ --> Virus/Trojaner? Google Links Weiterleitung auf Monstermarketplace.com

30.05.2013, 08:59	#14
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	Virus/Trojaner? Google Links Weiterleitung auf Monstermarketplace.com Zurücksetzen von Internet Explorer-Einstellungen __________________ Logfiles bitte immer in CODE-Tags posten

Virus/Trojaner? Google Links Weiterleitung auf Monstermarketplace.com

Plagegeister aller Art und deren Bekämpfung: Virus/Trojaner? Google Links Weiterleitung auf Monstermarketplace.com