Trojaner-Board - Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I (https://www.trojaner-board.de/104924-internet-speed-halbiert-teilweiser-entfernung-trojandownloader-win32-small-gen-i.html)

Internet Speed halbiert nach teilweiser entfernung von TrojanDownloader:Win32/Small.gen!I

Hallo,

ich bin Marcel und habe einen Trojaner.

Dieser hat sich gestern im Laufe des Vormittags bemerkbar gemacht da meine Firewall ständig andere Programme blocken wollte. Einmal war es ebay.exe und auch mal Ploizz.exe .

Ich hab mir da nicht soviel Gedanken gemacht und gesehen das eine 0kb SVCHOST da ist erstellt in users/mein Name/App Data/ Roaming/Microsoft/
Diese + alle weiteren die das Programm erstellt hat hab ich gelöscht. DANACH am Abend hat mich Windows Defender erst drauf aufmerksam gemacht das

TrojanDownloader:Win32/Small.gen!I

hier nicht sein sollte. Seitdem ist mein Downspeed auf 350kb anstatt ca 800 (PERMANENT) und der Upstream auf 35 von 75. Hab geschaut ob ichs allein irgendwie lösen kann, aber, hier bin ich nun.

Es gab auch zeitgleich mehrere TCP & UDP Flood Angriffe auif meinen Router wenn ich das richtig gelesen habe. Die Logfile ist mit in der Zip in welcher auch Scans sind.

Betriebssystem Windows 7 + Avira Professional + Windows Defender + CCleaner & Tweak Me!

OTL:

Code:

OTL logfile created on: 08.11.2011 11:44:00 - Run 1

OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\xxx\Desktop

 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,00 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 69,68% Memory free

6,00 Gb Paging File | 4,93 Gb Available in Paging File | 82,25% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files

Drive C: | 232,88 Gb Total Space | 13,65 Gb Free Space | 5,86% Space Free | Partition Type: NTFS

Drive D: | 465,70 Gb Total Space | 5,06 Gb Free Space | 1,09% Space Free | Partition Type: FAT32

 

Computer Name: xxx | User Name: xxx | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2011.11.08 11:40:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe

PRC - [2011.11.08 11:33:51 | 000,050,477 | ---- | M] () -- C:\Users\xxx\Desktop\Defogger.exe

PRC - [2011.11.05 13:37:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe

PRC - [2011.11.05 13:34:56 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe

PRC - [2011.11.05 13:34:50 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe

PRC - [2011.11.05 13:34:33 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe

PRC - [2011.11.05 13:34:21 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe

PRC - [2011.11.05 13:34:15 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe

PRC - [2011.11.05 13:34:11 | 000,616,400 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avfwsvc.exe

PRC - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe

PRC - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

PRC - [2011.08.03 12:50:00 | 000,812,648 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe

PRC - [2011.08.03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2011.08.01 14:56:42 | 001,821,576 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe

PRC - [2011.07.29 20:31:40 | 001,249,064 | ---- | M] () -- C:\ProgramData\TVersity\Media Server\MediaServer.exe

PRC - [2011.06.24 05:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe

PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

PRC - [2010.12.10 18:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe

PRC - [2010.12.10 18:29:30 | 000,238,944 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe

PRC - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe

PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe

PRC - [2010.01.09 20:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

PRC - [2009.10.02 13:14:48 | 000,643,592 | ---- | M] (Avid Technology, Inc.) -- C:\Windows\System32\M-AudioTaskBarIcon.exe

PRC - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe

PRC - [2008.09.29 12:15:00 | 000,155,648 | ---- | M] (NVIDIA) -- C:\Programme\NVIDIA Corporation\nTune\nTuneService.exe

PRC - [2008.09.10 12:31:36 | 000,114,688 | ---- | M] (NVIDIA) -- C:\Programme\NVIDIA Corporation\System Update\UpdateCenterService.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2011.11.08 11:33:51 | 000,050,477 | ---- | M] () -- C:\Users\xxx\Desktop\Defogger.exe

MOD - [2011.07.18 22:04:08 | 000,296,448 | ---- | M] () -- C:\Programme\Notepad++\NppShell_04.dll

MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF

MOD - [2010.03.15 10:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll

MOD - [2008.07.24 22:51:32 | 000,299,008 | ---- | M] () -- C:\Programme\IconChanger\IconChng.dll

MOD - [2005.07.18 16:46:08 | 000,074,240 | ---- | M] () -- C:\Programme\iPhone Folders\zlibwapi.dll

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [On_Demand | Stopped] --  -- (FileZilla Server)

SRV - [2011.11.05 13:37:18 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)

SRV - [2011.11.05 13:34:56 | 000,463,824 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)

SRV - [2011.11.05 13:34:33 | 000,342,480 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)

SRV - [2011.11.05 13:34:21 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)

SRV - [2011.11.05 13:34:11 | 000,616,400 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)

SRV - [2011.10.12 22:30:31 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2011.08.30 17:18:30 | 002,358,656 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)

SRV - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)

SRV - [2011.08.03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2011.07.29 20:31:40 | 001,249,064 | ---- | M] () [Auto | Running] -- C:\ProgramData\TVersity\Media Server\MediaServer.exe -- (TVersityMediaServer)

SRV - [2011.06.12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)

SRV - [2010.12.28 09:00:34 | 001,296,728 | ---- | M] (www.BitComet.com) [On_Demand | Stopped] -- C:\Program Files\BitComet\tools\BitCometService.exe -- (BITCOMET_HELPER_SERVICE)

SRV - [2009.08.27 16:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Unknown | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)

SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)

SRV - [2008.09.29 12:15:00 | 000,155,648 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe -- (nTuneService)

SRV - [2008.09.10 12:31:36 | 000,114,688 | ---- | M] (NVIDIA) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\System Update\UpdateCenterService.exe -- (UpdateCenterService)

SRV - [2008.08.07 10:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - [2011.11.05 13:38:12 | 000,111,160 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avfwot.sys -- (avfwot)

DRV - [2011.11.05 13:38:12 | 000,091,096 | ---- | M] (Avira GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avfwim.sys -- (avfwim)

DRV - [2011.10.11 14:00:01 | 000,134,344 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)

DRV - [2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)

DRV - [2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)

DRV - [2011.08.03 12:50:00 | 010,304,104 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)

DRV - [2011.07.29 12:54:56 | 000,014,216 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\epmntdrv.sys -- (epmntdrv)

DRV - [2011.07.29 12:54:56 | 000,008,456 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\EuGdiDrv.sys -- (EuGdiDrv)

DRV - [2011.05.18 07:09:04 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)

DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmbus.sys -- (vmbus)

DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\storvsc.sys -- (storvsc)

DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2010.11.20 11:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (winusb)

DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\vms3cap.sys -- (s3cap)

DRV - [2010.06.17 14:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)

DRV - [2010.05.07 06:49:28 | 000,061,824 | ---- | M] (SCM Microsystems Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SCL01132.sys -- (SCL01132)

DRV - [2009.10.02 13:14:42 | 000,042,248 | ---- | M] (M-Audio) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioConectiv_DFU.sys -- (MADFUCONECTIV)

DRV - [2009.10.02 13:14:38 | 000,158,344 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MAudioConectiv.sys -- (MAUSBCONECTIV)

DRV - [2009.07.13 23:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2008.09.29 12:17:06 | 000,029,952 | ---- | M] (NVIDIA Corp.) [Kernel | On_Demand | Running] -- C:\Windows\nvoclock.sys -- (NVR0Dev)

DRV - [2008.09.10 12:28:48 | 000,036,896 | ---- | M] (NVidia Corp.) [Kernel | Auto | Running] -- C:\Windows\nvflash.sys -- (NVR0FLASHDev)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 6E 2B 63 8B 71 CC 01  [binary data]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.11.03 16:22:51 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.11.07 07:01:44 | 000,000,000 | ---D | M]

 

[2011.06.20 17:49:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions

[2011.06.20 17:49:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2011.11.06 13:35:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\nxh9q5dv.default\extensions

[2011.11.06 02:42:31 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\nxh9q5dv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

[2011.11.04 23:39:04 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\nxh9q5dv.default\extensions\foxmarks@kei.com

[2011.11.05 13:56:20 | 000,000,000 | ---D | M] (LastPass) -- C:\Users\xxx\AppData\Roaming\mozilla\Firefox\Profiles\nxh9q5dv.default\extensions\support@lastpass.com

[2011.10.25 14:42:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2011.10.25 14:42:21 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}

() (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NXH9Q5DV.DEFAULT\EXTENSIONS\{023E9CA0-63F3-47B1-BCB2-9BADF9D9EF28}.XPI

() (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NXH9Q5DV.DEFAULT\EXTENSIONS\{578E7CAA-210F-4967-A0D3-88FE5B59A39F}.XPI

() (No name found) -- C:\USERS\xxx\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\NXH9Q5DV.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

[2011.10.28 19:16:39 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2011.09.09 05:49:04 | 001,037,112 | ---- | M] (BitComet) -- C:\Program Files\mozilla firefox\plugins\npBitCometAgent.dll

[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll

[2011.10.28 19:16:37 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011.10.28 19:16:37 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2011.10.28 19:16:37 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2011.10.28 19:16:37 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2011.10.28 19:16:37 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2011.10.28 19:16:37 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011.09.11 07:57:32 | 000,001,411 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 activate.adobe.com

O1 - Hosts: 127.0.0.1 adobe.activate.com

O1 - Hosts: 127.0.0.1 practivate.adobe.com

O1 - Hosts: 127.0.0.1 ereg.adobe.com

O1 - Hosts: 127.0.0.1 adobeereg.com

O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com

O1 - Hosts: 127.0.0.1 wip3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-3.adobe.com

O1 - Hosts: 127.0.0.1 3dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com

O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com

O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com

O1 - Hosts: 127.0.0.1 activate-sea.adobe.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com

O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)

O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)

O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)

O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)

O4 - HKCU..\Run: [ncid.Net] C:\Programme\ncid.Net\ncid.Net.exe (Gerhard Junker)

O4 - HKCU..\Run: [Pidgin] C:\Program Files\Pidgin\pidgin.exe (The Pidgin developer community)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousMachineGroupPolicy = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: SynchronousUserGroupPolicy = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 0

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0

O8 - Extra context menu item: &Alles mit BitComet herunterladen - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)

O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O8 - Extra context menu item: Mit BitComet herunter&laden - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)

O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)

O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O10 - Protocol_Catalog9\Catalog_Entries\000000000027 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)

O13 - gopher Prefix: missing

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{42C4B1FC-554F-4648-B813-04C89BADD8D0}: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9C5B3D2D-DB52-402B-AEC3-0285D1BECEC7}: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) -  File not found

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{05978b59-c5d8-11e0-850e-406186c2d919}\Shell - "" = AutoRun

O33 - MountPoints2\{05978b59-c5d8-11e0-850e-406186c2d919}\Shell\AutoRun\command - "" = "L:\WD SmartWare.exe" autoplay=true

O33 - MountPoints2\{8f7f0038-9b51-11e0-8582-406186c2d919}\Shell - "" = AutoRun

O33 - MountPoints2\{8f7f0038-9b51-11e0-8582-406186c2d919}\Shell\AutoRun\command - "" = J:\autorun\autorun.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {B8DB38AA-C10B-9756-993B-9481422BFC9C} - Browser Customizations

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpReg: NVIDIA nTune - hkey= - key= - C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe (NVIDIA)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2011.11.08 11:40:51 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe

[2011.11.08 00:02:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2011.11.07 18:47:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Gerhard Junker

[2011.11.07 18:47:14 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Gerhard_Junker

[2011.11.07 18:43:03 | 000,000,000 | ---D | C] -- C:\ProgramData\ncid.Net

[2011.11.07 18:43:03 | 000,000,000 | ---D | C] -- C:\Program Files\ncid.Net

[2011.11.07 18:02:01 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Network Monitor 3

[2011.11.07 17:48:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NET Traffic Meter

[2011.11.07 17:48:47 | 000,000,000 | ---D | C] -- C:\Program Files\NET Traffic Meter

[2011.11.07 17:38:31 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\NetMeter

[2011.11.07 17:38:29 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeter

[2011.11.07 17:26:11 | 000,000,000 | ---D | C] -- C:\ProgramData\DeskSoft

[2011.11.07 17:25:35 | 000,024,816 | ---- | C] (DeskSoft) -- C:\Windows\System32\drivers\dsnpfd.sys

[2011.11.07 17:25:34 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\DeskSoft

[2011.11.07 15:05:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Axence NetTools Pro 4.0

[2011.11.07 15:05:13 | 000,000,000 | ---D | C] -- C:\Program Files\Axence

[2011.11.07 08:56:03 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\gtk-2.0

[2011.11.07 08:38:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy

[2011.11.07 08:36:57 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2

[2011.11.07 07:42:42 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\.purple

[2011.11.07 07:39:12 | 000,000,000 | ---D | C] -- C:\Program Files\Pidgin

[2011.11.07 03:54:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache

[2011.11.07 03:52:54 | 000,000,000 | ---D | C] -- C:\Program Settings

[2011.11.06 00:08:44 | 000,000,000 | ---D | C] -- C:\Windows\W7SBC

[2011.11.05 23:59:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock

[2011.11.05 23:58:58 | 000,000,000 | ---D | C] -- C:\Program Files\RocketDock

[2011.11.05 23:58:26 | 000,000,000 | ---D | C] -- C:\Program Files\foobar2000

[2011.11.05 23:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IconChanger

[2011.11.05 23:58:09 | 000,000,000 | ---D | C] -- C:\Program Files\IconChanger

[2011.11.05 23:57:52 | 000,000,000 | ---D | C] -- C:\Program Files\Rainmeter

[2011.11.05 18:34:08 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Stardock

[2011.11.05 18:33:55 | 000,042,672 | ---- | C] (Stardock.Net, Inc) -- C:\Windows\System32\wbsys.dll

[2011.11.05 18:33:49 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock

[2011.11.05 18:18:29 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Auslogics

[2011.11.05 18:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics

[2011.11.05 18:18:22 | 000,000,000 | ---D | C] -- C:\Program Files\Auslogics

[2011.11.05 17:55:40 | 000,000,000 | ---D | C] -- C:\Program Files\Setup Files

[2011.11.05 16:17:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Verknüpfungen

[2011.11.05 15:27:10 | 000,000,000 | ---D | C] -- C:\Program Files\Dr. Hardware 2011

[2011.11.05 14:46:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TweakMe!

[2011.11.05 14:46:59 | 000,000,000 | ---D | C] -- C:\Program Files\TweakMe!

[2011.11.05 14:35:17 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Frameworkx.com

[2011.11.05 14:20:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\NeoSmart_Technologies

[2011.11.05 14:17:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies

[2011.11.05 14:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\NeoSmart Technologies

[2011.11.05 13:43:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira

[2011.11.05 13:43:05 | 000,111,160 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys

[2011.11.05 13:43:05 | 000,091,096 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys

[2011.11.05 06:01:46 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Xilisoft

[2011.11.05 01:32:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free FLV Converter

[2011.11.05 01:32:47 | 000,307,200 | ---- | C] (FLV.com) -- C:\Windows\System32\TubeFinder.exe

[2011.11.05 01:32:42 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\FreeFLVConverter

[2011.11.05 01:32:42 | 000,000,000 | ---D | C] -- C:\Program Files\Free FLV Converter

[2011.11.04 14:57:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn

[2011.11.03 17:55:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2

[2011.11.03 16:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitComet

[2011.11.03 16:22:39 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\BitComet

[2011.11.03 16:22:37 | 000,000,000 | ---D | C] -- C:\Program Files\BitComet

[2011.11.03 10:56:49 | 000,000,000 | ---D | C] -- C:\Windows\pss

[2011.11.03 10:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

[2011.11.03 10:34:47 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight

[2011.11.02 17:46:53 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Installer5804

[2011.11.02 17:40:09 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Installer5848

[2011.11.01 11:18:44 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Outlook-Dateien

[2011.11.01 09:05:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime

[2011.11.01 09:05:27 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime

[2011.11.01 09:03:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

[2011.11.01 09:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod

[2011.10.31 09:36:17 | 009,925,160 | ---- | C] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe

[2011.10.31 09:36:14 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass

[2011.10.31 09:36:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass

[2011.10.31 09:36:10 | 000,000,000 | ---D | C] -- C:\Program Files\LastPass

[2011.10.28 07:18:56 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\MicroVision Applications

[2011.10.28 07:17:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SureThing

[2011.10.28 07:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SureThing Shared

[2011.10.28 07:17:29 | 000,000,000 | ---D | C] -- C:\Program Files\SureThing

[2011.10.28 07:17:29 | 000,000,000 | ---D | C] -- C:\Windows\MVUNINST

[2011.10.25 13:07:00 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\iZotope

[2011.10.23 20:59:33 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\backup

[2011.10.22 23:53:57 | 000,000,000 | -H-D | C] -- C:\ProgramData\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}

[2011.10.22 23:49:26 | 000,000,000 | -H-D | C] -- C:\ProgramData\{C78336EC-F2EB-4640-99A4-DFE96581B90B}

[2011.10.18 11:35:45 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Avira

[2011.10.18 11:35:06 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys

[2011.10.18 11:35:05 | 000,134,344 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011.10.18 11:35:05 | 000,074,640 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2011.10.18 11:35:05 | 000,036,000 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

[2011.10.18 11:34:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira

[2011.10.18 11:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\Avira

[2011.10.14 00:59:16 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\TempDIR

[2011.10.13 23:59:43 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlexyDeskop

[2011.10.13 23:59:43 | 000,000,000 | ---D | C] -- C:\Program Files\plexydesk

[2011.10.13 23:51:24 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Bump Technologies, Inc

[2011.10.13 23:46:52 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Bump Technologies, Inc

[2011.10.13 23:41:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\directx

[2011.10.13 21:51:11 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\MediaMonkey

[2011.10.13 21:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\MediaMonkey

[2011.10.13 21:37:56 | 000,000,000 | -H-D | C] -- C:\$WINDOWS.~BT

[2011.10.13 21:13:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EASEUS Partition Master 9.1.0 Home Edition

[2011.10.13 21:12:51 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS

[2011.10.12 22:30:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone

[2011.10.12 22:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Rosetta Stone

[2011.10.12 22:30:18 | 000,000,000 | ---D | C] -- C:\Program Files\Rosetta Stone

[2011.10.12 18:34:42 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\GForce

[2011.10.12 18:34:42 | 000,000,000 | ---D | C] -- C:\Program Files\GForce

[2011.10.12 18:20:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Arturia

[2011.10.12 08:20:05 | 000,000,000 | ---D | C] -- C:\Users\xxx\Documents\Kontakte Alt

 
 ========== Files - Modified Within 30 Days ==========

 

[2011.11.08 11:40:54 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe

[2011.11.08 11:39:39 | 000,000,000 | ---- | M] () -- C:\Users\xxx\defogger_reenable

[2011.11.08 11:39:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2011.11.08 11:33:51 | 000,050,477 | ---- | M] () -- C:\Users\xxx\Desktop\Defogger.exe

[2011.11.08 11:23:23 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2011.11.08 11:16:17 | 000,020,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011.11.08 11:16:17 | 000,020,800 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011.11.08 11:09:00 | 000,000,843 | ---- | M] () -- C:\Windows\System32\tversity.cookies

[2011.11.08 11:08:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2011.11.08 07:18:48 | 000,233,472 | ---- | M] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.11.07 22:47:07 | 000,717,336 | ---- | M] () -- C:\Windows\System32\perfh007.dat

[2011.11.07 22:47:07 | 000,667,932 | ---- | M] () -- C:\Windows\System32\perfh009.dat

[2011.11.07 22:47:07 | 000,155,856 | ---- | M] () -- C:\Windows\System32\perfc007.dat

[2011.11.07 22:47:07 | 000,125,766 | ---- | M] () -- C:\Windows\System32\perfc009.dat

[2011.11.07 18:47:16 | 000,000,081 | ---- | M] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

[2011.11.07 18:19:03 | 000,003,124 | ---- | M] () -- C:\Users\xxx\Documents\cc_20111107_181859.reg

[2011.11.07 17:25:35 | 000,024,816 | ---- | M] (DeskSoft) -- C:\Windows\System32\drivers\dsnpfd.sys

[2011.11.07 10:50:13 | 000,013,326 | ---- | M] () -- C:\Users\xxx\Documents\cc_20111107_105010.reg

[2011.11.07 08:28:57 | 000,007,608 | ---- | M] () -- C:\Users\xxx\AppData\Local\Resmon.ResmonCfg

[2011.11.07 07:39:37 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Pidgin.lnk

[2011.11.07 07:04:43 | 000,001,886 | ---- | M] () -- C:\Users\xxx\Documents\cc_20111107_070440.reg

[2011.11.06 13:40:46 | 000,001,516 | ---- | M] () -- C:\Users\xxx\Documents\cc_20111106_134043.reg

[2011.11.06 10:13:12 | 002,281,928 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT

[2011.11.06 10:05:56 | 000,091,306 | ---- | M] () -- C:\Users\xxx\Documents\cc_20111106_100546.reg

[2011.11.05 20:51:55 | 000,005,554 | ---- | M] () -- C:\Windows\System32\Utility.xml

[2011.11.05 14:08:27 | 000,000,466 | ---- | M] () -- C:\Users\xxx\Documents\bibo.reg

[2011.11.05 13:38:12 | 000,111,160 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwot.sys

[2011.11.05 13:38:12 | 000,091,096 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avfwim.sys

[2011.11.05 02:25:07 | 000,000,176 | ---- | M] () -- C:\Windows\System32\w3data.vss

[2011.11.05 02:25:07 | 000,000,176 | ---- | M] () -- C:\Windows\System32\msvcsv60.dll

[2011.11.05 02:25:07 | 000,000,176 | ---- | M] () -- C:\Windows\msocreg32.dat

[2011.11.03 10:59:16 | 000,000,600 | ---- | M] () -- C:\Users\xxx\AppData\Roaming\winscp.rnd

[2011.11.02 14:48:47 | 000,049,382 | ---- | M] () -- C:\Users\xxx\Documents\dragon age 2.rtf

[2011.10.31 09:36:17 | 009,925,160 | ---- | M] (LastPass) -- C:\Program Files\Common Files\lpuninstall.exe

[2011.10.28 07:25:35 | 000,054,444 | ---- | M] () -- C:\Users\xxx\Documents\cordless1.std

[2011.10.20 17:04:23 | 001,866,317 | ---- | M] () -- C:\Users\xxx\Documents\IMG_0235.JPG

[2011.10.20 17:04:22 | 001,751,155 | ---- | M] () -- C:\Users\xxx\Documents\IMG_0230.JPG

[2011.10.20 17:04:22 | 001,708,458 | ---- | M] () -- C:\Users\xxx\Documents\IMG_0231.JPG

[2011.10.20 16:58:00 | 000,055,926 | ---- | M] () -- C:\Users\xxx\Documents\Unbenanntes Dokument 2.pdf

[2011.10.20 16:58:00 | 000,000,032 | ---- | M] () -- C:\Users\xxx\Documents\Teil 1.3

[2011.10.16 15:10:03 | 000,399,876 | RHS- | M] () -- C:\TOGMY

[2011.10.16 15:10:03 | 000,000,000 | RHS- | M] () -- C:\jkcv.ld

[2011.10.14 08:42:17 | 000,008,192 | RHS- | M] () -- C:\BOOTSECT.BAK

[2011.10.13 21:47:23 | 000,001,908 | ---- | M] () -- C:\Windows\diagwrn.xml

[2011.10.13 21:47:23 | 000,001,908 | ---- | M] () -- C:\Windows\diagerr.xml

[2011.10.13 21:22:38 | 000,001,119 | -H-- | M] () -- C:\Windows\EPMBatch.ept

[2011.10.12 17:57:27 | 000,022,648 | ---- | M] () -- C:\Users\xxx\Documents\cc_20111012_185722.reg

[2011.10.11 14:00:01 | 000,134,344 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys

[2011.10.11 14:00:01 | 000,074,640 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys

[2011.10.11 14:00:01 | 000,036,000 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avkmgr.sys

 
 ========== Files Created - No Company Name ==========

 

[2011.11.08 11:39:39 | 000,000,000 | ---- | C] () -- C:\Users\xxx\defogger_reenable

[2011.11.08 11:33:47 | 000,050,477 | ---- | C] () -- C:\Users\xxx\Desktop\Defogger.exe

[2011.11.07 18:47:16 | 000,000,081 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

[2011.11.07 18:19:01 | 000,003,124 | ---- | C] () -- C:\Users\xxx\Documents\cc_20111107_181859.reg

[2011.11.07 10:50:11 | 000,013,326 | ---- | C] () -- C:\Users\xxx\Documents\cc_20111107_105010.reg

[2011.11.07 08:28:57 | 000,007,608 | ---- | C] () -- C:\Users\xxx\AppData\Local\Resmon.ResmonCfg

[2011.11.07 07:39:37 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Pidgin.lnk

[2011.11.07 07:04:42 | 000,001,886 | ---- | C] () -- C:\Users\xxx\Documents\cc_20111107_070440.reg

[2011.11.06 13:40:44 | 000,001,516 | ---- | C] () -- C:\Users\xxx\Documents\cc_20111106_134043.reg

[2011.11.06 10:05:48 | 000,091,306 | ---- | C] () -- C:\Users\xxx\Documents\cc_20111106_100546.reg

[2011.11.05 20:51:55 | 000,005,554 | ---- | C] () -- C:\Windows\System32\Utility.xml

[2011.11.05 18:34:05 | 000,057,904 | ---- | C] () -- C:\Windows\System32\wbload.dll

[2011.11.05 14:08:27 | 000,000,466 | ---- | C] () -- C:\Users\xxx\Documents\bibo.reg

[2011.11.05 13:42:28 | 000,000,512 | R--- | C] () -- C:\Users\xxx\Documents\HBEDV.KEY

[2011.11.05 01:32:44 | 000,208,500 | ---- | C] () -- C:\Windows\System32\ReyXpBasics.tlb

[2011.11.05 01:32:43 | 000,364,544 | ---- | C] () -- C:\Windows\System32\PropertyGrid.ocx

[2011.11.05 01:32:42 | 000,024,576 | ---- | C] () -- C:\Windows\System32\ControlSubX.ocx

[2011.11.02 17:41:24 | 000,001,361 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit 2.lnk

[2011.11.02 14:48:46 | 000,049,382 | ---- | C] () -- C:\Users\xxx\Documents\dragon age 2.rtf

[2011.10.28 07:25:35 | 000,054,444 | ---- | C] () -- C:\Users\xxx\Documents\cordless1.std

[2011.10.20 17:04:23 | 001,866,317 | ---- | C] () -- C:\Users\xxx\Documents\IMG_0235.JPG

[2011.10.20 17:04:22 | 001,751,155 | ---- | C] () -- C:\Users\xxx\Documents\IMG_0230.JPG

[2011.10.20 17:04:22 | 001,708,458 | ---- | C] () -- C:\Users\xxx\Documents\IMG_0231.JPG

[2011.10.20 16:57:39 | 000,000,032 | ---- | C] () -- C:\Users\xxx\Documents\Teil 1.3

[2011.10.20 16:57:34 | 000,055,926 | ---- | C] () -- C:\Users\xxx\Documents\Unbenanntes Dokument 2.pdf

[2011.10.16 15:10:03 | 000,000,000 | RHS- | C] () -- C:\jkcv.ld

[2011.10.16 15:10:02 | 000,399,876 | RHS- | C] () -- C:\TOGMY

[2011.10.14 08:42:15 | 000,000,001 | -HS- | C] () -- C:\BOOTNXT

[2011.10.13 21:19:26 | 000,001,119 | -H-- | C] () -- C:\Windows\EPMBatch.ept

[2011.10.13 21:13:10 | 000,019,840 | ---- | C] () -- C:\Windows\System32\EuEpmGdi.dll

[2011.10.13 21:13:09 | 002,469,760 | ---- | C] () -- C:\Windows\System32\BootMan.exe

[2011.10.13 21:13:09 | 000,086,408 | ---- | C] () -- C:\Windows\System32\setupempdrv03.exe

[2011.10.13 21:13:09 | 000,014,216 | ---- | C] () -- C:\Windows\System32\epmntdrv.sys

[2011.10.13 21:13:09 | 000,008,456 | ---- | C] () -- C:\Windows\System32\EuGdiDrv.sys

[2011.10.12 21:56:35 | 000,001,908 | ---- | C] () -- C:\Windows\diagwrn.xml

[2011.10.12 21:56:35 | 000,001,908 | ---- | C] () -- C:\Windows\diagerr.xml

[2011.10.12 17:57:24 | 000,022,648 | ---- | C] () -- C:\Users\xxx\Documents\cc_20111012_185722.reg

[2011.09.26 10:54:25 | 000,000,072 | ---- | C] () -- C:\Windows\SSB.ini

[2011.09.25 23:24:05 | 000,000,000 | -H-- | C] () -- C:\Users\xxx\AppData\Roaming\.51BEE852859F7D89.sys

[2011.09.25 22:11:27 | 000,000,034 | ---- | C] () -- C:\Windows\System32\mnprxpd2e.bin

[2011.09.12 13:19:03 | 000,403,912 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat

[2011.09.11 08:27:55 | 000,000,600 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\winscp.rnd

[2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe

[2011.07.16 03:32:11 | 000,002,756 | ---- | C] () -- C:\Windows\System32\ssolekuy.dll

[2011.07.16 03:32:11 | 000,002,756 | ---- | C] () -- C:\Windows\System32\ssoleht.dll

[2011.07.16 03:32:11 | 000,002,756 | ---- | C] () -- C:\Windows\System32\sslibkh.dll

[2011.07.16 03:32:11 | 000,002,756 | ---- | C] () -- C:\Windows\System32\sslibjy.dll

[2011.07.16 03:32:11 | 000,002,756 | ---- | C] () -- C:\Windows\System32\sslibfg.dll

[2011.07.16 03:32:11 | 000,002,756 | ---- | C] () -- C:\Windows\System32\sslibeh.dll

[2011.07.16 03:32:11 | 000,002,756 | ---- | C] () -- C:\Windows\System32\slibff.dll

[2011.07.16 03:32:11 | 000,002,756 | ---- | C] () -- C:\Windows\System32\slibddf.dll

[2011.07.16 03:32:06 | 000,678,746 | ---- | C] () -- C:\Windows\unins000.exe

[2011.07.16 03:32:05 | 000,021,007 | ---- | C] () -- C:\Windows\unins000.dat

[2011.07.07 03:19:44 | 000,000,176 | ---- | C] () -- C:\Windows\System32\msvcsv60.dll

[2011.07.07 03:19:44 | 000,000,176 | ---- | C] () -- C:\Windows\msocreg32.dat

[2011.07.06 12:06:29 | 000,040,960 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\TweetAdder

[2011.07.05 08:42:31 | 000,210,944 | ---- | C] () -- C:\Windows\System32\MSVCRT10.DLL

[2011.06.27 22:21:31 | 000,002,892 | ---- | C] () -- C:\Windows\System32\audcon.sys

[2011.06.27 22:19:29 | 000,000,045 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe.cfg

[2011.06.27 22:19:27 | 000,086,016 | ---- | C] () -- C:\Windows\System32\SYNSOPOS.exe

[2011.06.27 19:05:28 | 000,058,141 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\SQLite3.dll

[2011.06.27 18:53:25 | 001,032,266 | ---- | C] () -- C:\Windows\System32\libmmd.dll

[2011.06.27 18:36:27 | 000,163,840 | ---- | C] () -- C:\Windows\System32\ArtFfct.dll

[2011.06.26 20:43:31 | 000,233,472 | ---- | C] () -- C:\Users\xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2011.06.20 18:41:22 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe

[2011.06.20 18:40:28 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe

[2011.06.20 17:49:07 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat

[2011.06.20 17:35:57 | 000,067,584 | ---- | C] () -- C:\Users\xxx\AppData\Roaming\chrtmp

[2011.06.20 17:32:53 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini

[2011.06.20 17:32:52 | 000,644,608 | ---- | C] () -- C:\Windows\System32\xvidcore.dll

[2011.06.20 17:32:52 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll

[2011.06.20 17:32:52 | 000,073,216 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll

[2011.06.20 17:27:03 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll

[2011.06.20 16:47:42 | 000,111,104 | ---- | C] () -- C:\Windows\System32\Uharc.exe

[2011.06.20 16:47:42 | 000,008,636 | ---- | C] () -- C:\Windows\System32\modifype.exe

[2011.06.20 14:45:46 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin

[2011.06.20 14:45:46 | 000,000,000 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat

[2010.12.06 14:58:56 | 002,496,715 | ---- | C] () -- C:\Windows\System32\abgx360.exe

[2009.11.17 16:13:12 | 000,208,896 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll

[2009.11.17 16:11:26 | 000,303,104 | ---- | C] () -- C:\Windows\System32\dnt27VC8.dll

[2009.11.17 16:09:36 | 000,143,360 | ---- | C] () -- C:\Windows\System32\dntvmc27VC8.dll

[2009.11.17 16:09:20 | 000,086,016 | ---- | C] () -- C:\Windows\System32\dntvm27VC8.dll

[2009.07.28 21:46:36 | 000,717,336 | ---- | C] () -- C:\Windows\System32\perfh007.dat

[2009.07.28 21:46:36 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat

[2009.07.28 21:46:36 | 000,155,856 | ---- | C] () -- C:\Windows\System32\perfc007.dat

[2009.07.28 21:46:36 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat

[2009.07.14 05:57:37 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat

[2009.07.14 05:33:53 | 002,281,928 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT

[2009.07.14 03:05:48 | 000,667,932 | ---- | C] () -- C:\Windows\System32\perfh009.dat

[2009.07.14 03:05:48 | 000,291,294 | ---- | C] () -- C:\Windows\System32\perfi009.dat

[2009.07.14 03:05:48 | 000,125,766 | ---- | C] () -- C:\Windows\System32\perfc009.dat

[2009.07.14 03:05:48 | 000,031,548 | ---- | C] () -- C:\Windows\System32\perfd009.dat

[2009.07.14 03:05:05 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT

[2009.07.14 03:04:11 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat

[2009.07.14 00:55:01 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin

[2009.07.14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll

[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll

[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat

[2007.04.27 09:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll

[2005.04.04 19:56:28 | 000,229,536 | -H-- | C] () -- C:\Users\xxx\AppData\Roaming\logs.dat

 
 ========== LOP Check ==========

 

[2011.11.08 11:42:51 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\.purple

[2011.07.06 21:09:26 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Ableton

[2011.08.16 02:02:15 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Anvil Studio

[2011.11.05 18:18:29 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Auslogics

[2011.11.05 15:52:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\BitComet

[2011.10.13 23:46:52 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Bump Technologies, Inc

[2011.08.11 19:13:22 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Canneverbe Limited

[2011.11.07 17:25:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\DeskSoft

[2011.07.16 02:42:20 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FabFilter

[2011.06.28 18:06:24 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FlashFXP

[2011.06.20 20:45:15 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Foxit Software

[2011.11.05 03:22:09 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\FreeFLVConverter

[2011.11.07 08:56:03 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\gtk-2.0

[2011.08.12 06:34:09 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\ImgBurn

[2011.08.15 06:30:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Intermedia Software

[2011.10.13 04:59:52 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\iZotope

[2011.08.08 09:01:54 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Lexware

[2011.08.02 09:32:34 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\MAGIX

[2011.09.12 00:50:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\MotionDSP

[2011.08.16 04:55:09 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Music Recognition

[2011.11.07 17:43:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\NetMeter

[2011.11.08 08:05:02 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Notepad++

[2011.07.27 15:46:44 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\SongManager

[2011.08.28 01:58:19 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TeamViewer

[2011.06.27 18:55:48 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Teragon Audio

[2011.06.20 17:49:07 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Thunderbird

[2011.06.20 16:29:59 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Trillian

[2011.07.26 18:52:46 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\TuneUp Software

[2011.06.27 18:50:16 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Waves Audio

[2011.09.28 22:30:40 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\WindSolutions

[2011.11.05 06:01:46 | 000,000,000 | ---D | M] -- C:\Users\xxx\AppData\Roaming\Xilisoft

[2011.11.07 09:38:15 | 000,032,630 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 

 
 < %SYSTEMDRIVE%\*. >

[2011.07.06 08:04:45 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin

[2011.10.13 21:37:56 | 000,000,000 | -H-D | M] -- C:\$WINDOWS.~BT

[2011.11.08 19:47:34 | 000,000,000 | -HSD | M] -- C:\Boot

[2011.11.08 03:01:07 | 000,000,000 | -HSD | M] -- C:\Config.Msi

[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings

[2011.06.20 15:08:44 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen

[2011.11.07 12:29:29 | 000,000,000 | ---D | M] -- C:\Downloads

[2011.09.12 21:40:38 | 000,000,000 | ---D | M] -- C:\HP Universal Print Driver

[2011.09.14 14:12:01 | 000,000,000 | RH-D | M] -- C:\MSOCache

[2011.09.12 01:08:33 | 000,000,000 | ---D | M] -- C:\NVIDIA

[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs

[2011.11.07 18:43:03 | 000,000,000 | R--D | M] -- C:\Program Files

[2011.11.07 03:52:54 | 000,000,000 | ---D | M] -- C:\Program Settings

[2011.11.07 18:47:16 | 000,000,000 | -H-D | M] -- C:\ProgramData

[2011.06.20 15:08:44 | 000,000,000 | -HSD | M] -- C:\Programme

[2011.10.13 22:58:43 | 000,000,000 | -HSD | M] -- C:\Recovery

[2011.11.08 11:45:26 | 000,000,000 | -HSD | M] -- C:\System Volume Information

[2011.09.12 01:05:03 | 000,000,000 | R--D | M] -- C:\Users

[2011.11.08 10:08:26 | 000,000,000 | ---D | M] -- C:\Windows

 
 < %PROGRAMFILES%\*.exe >

 
 < %LOCALAPPDATA%\*.exe >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.manifest /3 >

 

 
 < MD5 for: EXPLORER.EXE  >

[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe

[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe

[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe

[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe

[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe

[2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe

[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe

[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe

[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe

[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe

[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

 
 < MD5 for: REGEDIT.EXE  >

[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe

[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\x86_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_f4050b883d2c3c08\regedit.exe

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.10.28 07:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009.10.28 06:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010.11.20 13:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009.07.14 02:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

"NoAutoRebootWithLoggedOnUsers" = 1

 
 < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-11-07 23:04:42

 
 <           >

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:8CE646EE

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:24721E3C
 

< End of report >

Bin euch schonmal im vorraus dankbar. Wenn es nicht anders geht mach ich Ihn halt Platt am Ende. Aber es wäre toll wenn ihr eine Lösung hättet.

Marcel

Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Hallo & Danke für die rasche Antwort :)

Malwarebytes:

Code:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org
 

Datenbank Version: 8114
 

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514
 

08.11.2011 16:26:43

mbam-log-2011-11-08 (16-26-43).txt
 

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 210983

Laufzeit: 3 Minute(n), 28 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 1
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

c:\Users\xxx\AppData\Roaming\logs.dat (Bifrose.Trace) -> Quarantined and deleted successfully.

Der Andere folgt

Hat etwas gedauert ^^

Code:

ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=ba306feb600c8b44ade34fefa7d73618

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-11-08 05:53:53

# local_time=2011-11-08 06:53:53 (+0100, Mitteleuropäische Zeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1792 16777215 100 0 1832761 1832761 0 0

# compatibility_mode=5893 16776573 100 94 4146 72398019 0 0

# compatibility_mode=8192 67108863 100 0 3794 3794 0 0

# scanned=441657

# found=3

# cleaned=0

# scan_time=8005

C:\Users\xxx\AppData\Local\Temp\ICReinstall\cnet_NetTrafficMeter_exe.exe        a variant of Win32/InstallCore.D application (unable to clean)        00000000000000000000000000000000        I

C:\Users\xxx\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\4875e6ca-71f85835        a variant of Win32/Injector.KRN trojan (unable to clean)        00000000000000000000000000000000        I

C:\Users\xxx\Downloads\SoftonicDownloader_fuer_du-meter.exe.part        a variant of Win32/SoftonicDownloader.A application (unable to clean)        00000000000000000000000000000000        I

Zitat:

Art des Suchlaufs: Quick-Scan

Sry aber ich wollte einen Vollscan sehen...bitte nachholen und Log posten!
Denk dran vorher die Signaturen von Malwarebytes zu aktualisieren, da gibt es sehr häufig neue Updates!

Hallo,

hab ich wohl überlesen :(

Hier der Scan:

Code:

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org
 

Datenbank Version: 8122
 

Windows 6.1.7601 Service Pack 1

Internet Explorer 8.0.7601.17514
 

09.11.2011 15:44:13

mbam-log-2011-11-09 (15-44-13).txt
 

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)

Durchsuchte Objekte: 477963

Laufzeit: 2 Stunde(n), 42 Minute(n), 8 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 1
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

c:\Users\marcel fink\AppData\LocalLow\Sun\Java\deployment\cache\6.0\10\4875e6ca-71f85835 (Trojan.VBKrypt) -> Quarantined and deleted successfully.

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:OTL

SRV - File not found [On_Demand | Stopped] --  -- (FileZilla Server)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 6E 2B 63 8B 71 CC 01  [binary data]

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Programme\BitComet\tools\BitCometBHO_1.5.4.11.dll (BitComet)

O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O33 - MountPoints2\{05978b59-c5d8-11e0-850e-406186c2d919}\Shell - "" = AutoRun

O33 - MountPoints2\{05978b59-c5d8-11e0-850e-406186c2d919}\Shell\AutoRun\command - "" = "L:\WD SmartWare.exe" autoplay=true

O33 - MountPoints2\{8f7f0038-9b51-11e0-8582-406186c2d919}\Shell - "" = AutoRun

O33 - MountPoints2\{8f7f0038-9b51-11e0-8582-406186c2d919}\Shell\AutoRun\command - "" = J:\autorun\autorun.exe

@Alternate Data Stream - 170 bytes -> C:\ProgramData\TEMP:8CE646EE

@Alternate Data Stream - 136 bytes -> C:\ProgramData\TEMP:24721E3C

:Files

c:\Users\marcel fink\AppData\LocalLow\Sun\Java\deployment\cache\6.0

C:\Users\xxx\Downloads\Softonic*

:Commands

[emptytemp]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Code:

All processes killed

========== OTL ==========

Service FileZilla Server stopped successfully!

Service FileZilla Server deleted successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}\ deleted successfully.

C:\Programme\BitComet\tools\BitCometBHO_1.5.4.11.dll moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05978b59-c5d8-11e0-850e-406186c2d919}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05978b59-c5d8-11e0-850e-406186c2d919}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{05978b59-c5d8-11e0-850e-406186c2d919}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{05978b59-c5d8-11e0-850e-406186c2d919}\ not found.

File "L:\WD SmartWare.exe" autoplay=true not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f7f0038-9b51-11e0-8582-406186c2d919}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f7f0038-9b51-11e0-8582-406186c2d919}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{8f7f0038-9b51-11e0-8582-406186c2d919}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8f7f0038-9b51-11e0-8582-406186c2d919}\ not found.

File J:\autorun\autorun.exe not found.

ADS C:\ProgramData\TEMP:8CE646EE deleted successfully.

ADS C:\ProgramData\TEMP:24721E3C deleted successfully.

========== FILES ==========

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\tmp folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\muffin folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\host folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\9 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\8 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\7 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\63 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\62 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\61 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\60 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\6 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\59 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\58 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\57 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\56 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\55 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\54 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\53 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\52 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\51 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\50 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\5 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\49 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\48 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\47 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\46 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\45 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\44 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\43 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\42 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\41 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\40 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\4 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\39 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\38 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\37 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\36 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\35 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\34 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\33 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\32 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\31 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\30 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\3 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\29 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\28 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\27 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\26 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\25 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\24 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\23 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\22 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\21 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\20 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\2 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\19 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\18 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\17 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\16 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\15 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\14 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\13 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\12 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\11 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\10 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\1 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0\0 folder moved successfully.

c:\Users\xxx\AppData\LocalLow\Sun\Java\deployment\cache\6.0 folder moved successfully.

File\Folder C:\Users\xxx\Downloads\Softonic* not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: xxx

->Temp folder emptied: 5794906 bytes

->Temporary Internet Files folder emptied: 17185738 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 187560412 bytes

->Flash cache emptied: 3603 bytes

 

User: Mcx1-xxx-PC

->Temp folder emptied: 516 bytes

->Temporary Internet Files folder emptied: 146847 bytes

 

User: Public

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 1065410 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 202,00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.31.0 log created on 11102011_214800
 

Files\Folders moved on Reboot...
 

Registry entries deleted on Reboot...

Herzlichen dank schonmal. Ich kann jetzt garnicht sagen ob Sich was verändert hat.

Sollte es das gewesen sein, was sollt ich behalten von den vielen tools?

Ich habe hier auch wieder das UAC angemacht und eure Tipps befolgt zum sicher machen.

Hab natürlich auch ne Spende fertig gemacht grad. Ist ja ein Hammer Board.

Bitte nun dieses Tool von Kaspersky ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

Done:

Code:

22:32:16.0557 5316        TDSS rootkit removing tool 2.6.17.0 Nov  9 2011 16:48:26

22:32:18.0558 5316        ============================================================

22:32:18.0558 5316        Current date / time: 2011/11/10 22:32:18.0558

22:32:18.0558 5316        SystemInfo:

22:32:18.0558 5316        

22:32:18.0558 5316        OS Version: 6.1.7601 ServicePack: 1.0

22:32:18.0558 5316        Product type: Workstation

22:32:18.0559 5316        ComputerName: xxx-PC

22:32:18.0559 5316        UserName: xxx

22:32:18.0559 5316        Windows directory: C:\Windows

22:32:18.0559 5316        System windows directory: C:\Windows

22:32:18.0559 5316        Processor architecture: Intel x86

22:32:18.0559 5316        Number of processors: 1

22:32:18.0559 5316        Page size: 0x1000

22:32:18.0559 5316        Boot type: Normal boot

22:32:18.0559 5316        ============================================================

22:32:24.0272 5316        Initialize success

22:34:09.0979 3044        ============================================================

22:34:09.0979 3044        Scan started

22:34:09.0979 3044        Mode: Manual; SigCheck; TDLFS; 

22:34:09.0979 3044        ============================================================

22:34:11.0446 3044        1394ohci        (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys

22:34:11.0539 3044        1394ohci - ok

22:34:11.0633 3044        ACPI            (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys

22:34:11.0649 3044        ACPI - ok

22:34:11.0711 3044        AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys

22:34:11.0789 3044        AcpiPmi - ok

22:34:11.0898 3044        adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys

22:34:11.0992 3044        adp94xx - ok

22:34:12.0085 3044        adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys

22:34:12.0117 3044        adpahci - ok

22:34:12.0163 3044        adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys

22:34:12.0195 3044        adpu320 - ok

22:34:12.0319 3044        AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys

22:34:12.0397 3044        AFD - ok

22:34:12.0460 3044        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys

22:34:12.0491 3044        agp440 - ok

22:34:12.0569 3044        aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys

22:34:12.0600 3044        aic78xx - ok

22:34:12.0725 3044        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys

22:34:12.0725 3044        aliide - ok

22:34:12.0772 3044        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys

22:34:12.0772 3044        amdagp - ok

22:34:12.0819 3044        amdide          (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys

22:34:12.0834 3044        amdide - ok

22:34:12.0897 3044        AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys

22:34:13.0021 3044        AmdK8 - ok

22:34:13.0131 3044        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys

22:34:13.0146 3044        AmdPPM - ok

22:34:13.0271 3044        amdsata         (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys

22:34:13.0302 3044        amdsata - ok

22:34:13.0396 3044        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys

22:34:13.0427 3044        amdsbs - ok

22:34:13.0474 3044        amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys

22:34:13.0505 3044        amdxata - ok

22:34:13.0677 3044        AppID           (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys

22:34:13.0817 3044        AppID - ok

22:34:13.0989 3044        arc             (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys

22:34:14.0004 3044        arc - ok

22:34:14.0051 3044        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys

22:34:14.0082 3044        arcsas - ok

22:34:14.0145 3044        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys

22:34:14.0254 3044        AsyncMac - ok

22:34:14.0347 3044        atapi           (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys

22:34:14.0347 3044        atapi - ok

22:34:14.0472 3044        atikmdag        (712d8a95e45b070114c5309ada7358ff) C:\Windows\system32\drivers\atikmdag.sys

22:34:14.0722 3044        atikmdag - ok

22:34:14.0815 3044        avfwim          (83d71e1911f235e9c0d2f53d54df3129) C:\Windows\system32\DRIVERS\avfwim.sys

22:34:14.0878 3044        avfwim - ok

22:34:15.0003 3044        avfwot          (ae0c5d218e815af8f38670a8c5773e6e) C:\Windows\system32\DRIVERS\avfwot.sys

22:34:15.0018 3044        avfwot - ok

22:34:15.0143 3044        avgntflt        (7713e4eb0276702faa08e52a6e23f2a6) C:\Windows\system32\DRIVERS\avgntflt.sys

22:34:15.0174 3044        avgntflt - ok

22:34:15.0237 3044        avipbb          (912d23140cd05980f6cdae790ddafc8d) C:\Windows\system32\DRIVERS\avipbb.sys

22:34:15.0268 3044        avipbb - ok

22:34:15.0361 3044        avkmgr          (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys

22:34:15.0393 3044        avkmgr - ok

22:34:15.0471 3044        b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys

22:34:15.0533 3044        b06bdrv - ok

22:34:15.0627 3044        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys

22:34:15.0705 3044        b57nd60x - ok

22:34:15.0829 3044        Beep            (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys

22:34:15.0876 3044        Beep - ok

22:34:16.0001 3044        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys

22:34:16.0048 3044        blbdrive - ok

22:34:16.0110 3044        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys

22:34:16.0173 3044        bowser - ok

22:34:16.0266 3044        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys

22:34:16.0297 3044        BrFiltLo - ok

22:34:16.0329 3044        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys

22:34:16.0360 3044        BrFiltUp - ok

22:34:16.0422 3044        Brserid         (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys

22:34:16.0516 3044        Brserid - ok

22:34:16.0594 3044        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys

22:34:16.0641 3044        BrSerWdm - ok

22:34:16.0687 3044        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys

22:34:16.0750 3044        BrUsbMdm - ok

22:34:16.0843 3044        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys

22:34:16.0890 3044        BrUsbSer - ok

22:34:16.0999 3044        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys

22:34:17.0031 3044        BTHMODEM - ok

22:34:17.0109 3044        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys

22:34:17.0171 3044        cdfs - ok

22:34:17.0265 3044        cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\DRIVERS\cdrom.sys

22:34:17.0311 3044        cdrom - ok

22:34:17.0374 3044        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys

22:34:17.0405 3044        circlass - ok

22:34:17.0499 3044        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys

22:34:17.0545 3044        CLFS - ok

22:34:17.0670 3044        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys

22:34:17.0733 3044        CmBatt - ok

22:34:17.0795 3044        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys

22:34:17.0795 3044        cmdide - ok

22:34:17.0857 3044        CNG             (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys

22:34:17.0920 3044        CNG - ok

22:34:17.0998 3044        Compbatt        (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys

22:34:18.0045 3044        Compbatt - ok

22:34:18.0091 3044        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys

22:34:18.0154 3044        CompositeBus - ok

22:34:18.0263 3044        crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys

22:34:18.0294 3044        crcdisk - ok

22:34:18.0435 3044        CSC             (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys

22:34:18.0497 3044        CSC - ok

22:34:18.0575 3044        dc3d            (7caaf4af453ef3582fef65dd72caa0aa) C:\Windows\system32\DRIVERS\dc3d.sys

22:34:18.0669 3044        dc3d - ok

22:34:18.0762 3044        DfsC            (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys

22:34:18.0856 3044        DfsC - ok

22:34:18.0981 3044        discache        (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys

22:34:19.0027 3044        discache - ok

22:34:19.0121 3044        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys

22:34:19.0152 3044        Disk - ok

22:34:19.0246 3044        dot4            (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys

22:34:19.0293 3044        dot4 - ok

22:34:19.0371 3044        Dot4Print       (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys

22:34:19.0417 3044        Dot4Print - ok

22:34:19.0464 3044        dot4usb         (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys

22:34:19.0511 3044        dot4usb - ok

22:34:19.0620 3044        drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys

22:34:19.0667 3044        drmkaud - ok

22:34:19.0761 3044        DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys

22:34:19.0792 3044        DXGKrnl - ok

22:34:19.0917 3044        ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys

22:34:20.0057 3044        ebdrv - ok

22:34:20.0166 3044        ElbyCDIO        (44996a2addd2db7454f2ca40b67d8941) C:\Windows\system32\Drivers\ElbyCDIO.sys

22:34:20.0197 3044        ElbyCDIO - ok

22:34:20.0260 3044        elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys

22:34:20.0291 3044        elxstor - ok

22:34:20.0369 3044        epmntdrv        (539ca34fbc74ec366a0d751028c32a08) C:\Windows\system32\epmntdrv.sys

22:34:20.0447 3044        epmntdrv ( UnsignedFile.Multi.Generic ) - warning

22:34:20.0447 3044        epmntdrv - detected UnsignedFile.Multi.Generic (1)

22:34:20.0541 3044        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys

22:34:20.0587 3044        ErrDev - ok

22:34:20.0712 3044        EuGdiDrv        (1f2f4ab15ce03ecc257feb2f6dc5a013) C:\Windows\system32\EuGdiDrv.sys

22:34:20.0743 3044        EuGdiDrv ( UnsignedFile.Multi.Generic ) - warning

22:34:20.0743 3044        EuGdiDrv - detected UnsignedFile.Multi.Generic (1)

22:34:20.0821 3044        exfat           (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys

22:34:20.0884 3044        exfat - ok

22:34:20.0993 3044        fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys

22:34:21.0055 3044        fastfat - ok

22:34:21.0133 3044        fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys

22:34:21.0180 3044        fdc - ok

22:34:21.0243 3044        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys

22:34:21.0274 3044        FileInfo - ok

22:34:21.0336 3044        Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys

22:34:21.0383 3044        Filetrace - ok

22:34:21.0477 3044        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys

22:34:21.0508 3044        flpydisk - ok

22:34:21.0539 3044        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys

22:34:21.0586 3044        FltMgr - ok

22:34:21.0664 3044        FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys

22:34:21.0695 3044        FsDepends - ok

22:34:21.0742 3044        Fs_Rec          (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys

22:34:21.0773 3044        Fs_Rec - ok

22:34:21.0835 3044        fvevol          (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys

22:34:21.0898 3044        fvevol - ok

22:34:21.0991 3044        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys

22:34:22.0023 3044        gagp30kx - ok

22:34:22.0085 3044        GEARAspiWDM     (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys

22:34:22.0116 3044        GEARAspiWDM - ok

22:34:22.0241 3044        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys

22:34:22.0319 3044        hcw85cir - ok

22:34:22.0413 3044        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys

22:34:22.0444 3044        HdAudAddService - ok

22:34:22.0506 3044        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys

22:34:22.0522 3044        HDAudBus - ok

22:34:22.0569 3044        HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys

22:34:22.0600 3044        HidBatt - ok

22:34:22.0647 3044        HidBth          (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys

22:34:22.0693 3044        HidBth - ok

22:34:22.0771 3044        HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys

22:34:22.0818 3044        HidIr - ok

22:34:22.0943 3044        HidUsb          (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys

22:34:22.0959 3044        HidUsb - ok

22:34:23.0037 3044        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys

22:34:23.0068 3044        HpSAMD - ok

22:34:23.0130 3044        HTTP            (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys

22:34:23.0224 3044        HTTP - ok

22:34:23.0317 3044        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys

22:34:23.0349 3044        hwpolicy - ok

22:34:23.0395 3044        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys

22:34:23.0442 3044        i8042prt - ok

22:34:23.0536 3044        iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys

22:34:23.0583 3044        iaStorV - ok

22:34:23.0629 3044        iirsp           (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys

22:34:23.0661 3044        iirsp - ok

22:34:23.0723 3044        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys

22:34:23.0754 3044        intelide - ok

22:34:23.0817 3044        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys

22:34:23.0863 3044        intelppm - ok

22:34:23.0973 3044        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys

22:34:24.0066 3044        IpFilterDriver - ok

22:34:24.0191 3044        IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys

22:34:24.0238 3044        IPMIDRV - ok

22:34:24.0300 3044        IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys

22:34:24.0347 3044        IPNAT - ok

22:34:24.0456 3044        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys

22:34:24.0534 3044        IRENUM - ok

22:34:24.0597 3044        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys

22:34:24.0612 3044        isapnp - ok

22:34:24.0659 3044        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys

22:34:24.0706 3044        iScsiPrt - ok

22:34:24.0815 3044        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys

22:34:24.0846 3044        kbdclass - ok

22:34:24.0909 3044        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys

22:34:24.0940 3044        kbdhid - ok

22:34:25.0002 3044        KSecDD          (412cea1aa78cc02a447f5c9e62b32ff1) C:\Windows\system32\Drivers\ksecdd.sys

22:34:25.0033 3044        KSecDD - ok

22:34:25.0080 3044        KSecPkg         (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys

22:34:25.0127 3044        KSecPkg - ok

22:34:25.0221 3044        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys

22:34:25.0283 3044        lltdio - ok

22:34:25.0377 3044        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys

22:34:25.0408 3044        LSI_FC - ok

22:34:25.0470 3044        LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys

22:34:25.0501 3044        LSI_SAS - ok

22:34:25.0564 3044        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys

22:34:25.0595 3044        LSI_SAS2 - ok

22:34:25.0657 3044        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys

22:34:25.0689 3044        LSI_SCSI - ok

22:34:25.0751 3044        luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys

22:34:25.0829 3044        luafv - ok

22:34:25.0891 3044        MADFUCONECTIV   (ee28e121821a2b1aed99cff4eba72fb0) C:\Windows\system32\DRIVERS\MAudioConectiv_DFU.sys

22:34:25.0923 3044        MADFUCONECTIV - ok

22:34:25.0969 3044        MAUSBCONECTIV   (c266d86b15bcd1a1b1e2633c15ac9212) C:\Windows\system32\DRIVERS\MAudioConectiv.sys

22:34:25.0969 3044        MAUSBCONECTIV - ok

22:34:26.0063 3044        MBAMSwissArmy - ok

22:34:26.0110 3044        megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys

22:34:26.0141 3044        megasas - ok

22:34:26.0203 3044        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys

22:34:26.0266 3044        MegaSR - ok

22:34:26.0375 3044        Modem           (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys

22:34:26.0422 3044        Modem - ok

22:34:26.0515 3044        monitor         (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys

22:34:26.0547 3044        monitor - ok

22:34:26.0593 3044        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys

22:34:26.0625 3044        mouclass - ok

22:34:26.0703 3044        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys

22:34:26.0749 3044        mouhid - ok

22:34:26.0812 3044        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys

22:34:26.0827 3044        mountmgr - ok

22:34:26.0905 3044        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys

22:34:26.0937 3044        mpio - ok

22:34:27.0030 3044        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys

22:34:27.0077 3044        mpsdrv - ok

22:34:27.0124 3044        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys

22:34:27.0202 3044        MRxDAV - ok

22:34:27.0295 3044        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys

22:34:27.0358 3044        mrxsmb - ok

22:34:27.0451 3044        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys

22:34:27.0514 3044        mrxsmb10 - ok

22:34:27.0561 3044        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys

22:34:27.0607 3044        mrxsmb20 - ok

22:34:27.0701 3044        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys

22:34:27.0732 3044        msahci - ok

22:34:27.0795 3044        msdsm           (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys

22:34:27.0841 3044        msdsm - ok

22:34:27.0935 3044        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys

22:34:27.0982 3044        Msfs - ok

22:34:28.0029 3044        mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys

22:34:28.0091 3044        mshidkmdf - ok

22:34:28.0153 3044        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys

22:34:28.0185 3044        msisadrv - ok

22:34:28.0263 3044        MSI_MSIBIOS_010507 - ok

22:34:28.0356 3044        MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys

22:34:28.0419 3044        MSKSSRV - ok

22:34:28.0512 3044        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys

22:34:28.0575 3044        MSPCLOCK - ok

22:34:28.0621 3044        MSPQM           (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys

22:34:28.0668 3044        MSPQM - ok

22:34:28.0731 3044        MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys

22:34:28.0762 3044        MsRPC - ok

22:34:28.0840 3044        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys

22:34:28.0855 3044        mssmbios - ok

22:34:28.0918 3044        MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys

22:34:28.0980 3044        MSTEE - ok

22:34:29.0074 3044        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys

22:34:29.0121 3044        MTConfig - ok

22:34:29.0167 3044        Mup             (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys

22:34:29.0214 3044        Mup - ok

22:34:29.0277 3044        NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys

22:34:29.0339 3044        NativeWifiP - ok

22:34:29.0417 3044        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys

22:34:29.0464 3044        NDIS - ok

22:34:29.0526 3044        NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys

22:34:29.0589 3044        NdisCap - ok

22:34:29.0667 3044        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys

22:34:29.0729 3044        NdisTapi - ok

22:34:29.0791 3044        Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys

22:34:29.0854 3044        Ndisuio - ok

22:34:29.0916 3044        NdisWan         (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys

22:34:29.0947 3044        NdisWan - ok

22:34:30.0025 3044        NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys

22:34:30.0088 3044        NDProxy - ok

22:34:30.0150 3044        NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys

22:34:30.0213 3044        NetBIOS - ok

22:34:30.0291 3044        NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys

22:34:30.0337 3044        NetBT - ok

22:34:30.0462 3044        nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys

22:34:30.0509 3044        nfrd960 - ok

22:34:30.0634 3044        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys

22:34:30.0696 3044        Npfs - ok

22:34:30.0805 3044        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys

22:34:30.0852 3044        nsiproxy - ok

22:34:30.0930 3044        Ntfs            (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys

22:34:31.0039 3044        Ntfs - ok

22:34:31.0086 3044        NTIOLib_1_0_4 - ok

22:34:31.0211 3044        NuidFltr        (37be10ff10a92031fc5a01e8363925cc) C:\Windows\system32\DRIVERS\NuidFltr.sys

22:34:31.0242 3044        NuidFltr - ok

22:34:31.0305 3044        Null            (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys

22:34:31.0367 3044        Null - ok

22:34:31.0617 3044        nvlddmkm        (4152708c0c24e30dae7fa87d5afe1d7b) C:\Windows\system32\DRIVERS\nvlddmkm.sys

22:34:31.0975 3044        nvlddmkm - ok

22:34:32.0022 3044        NVR0Dev         (d396332f9d7b71c10b3b83da030690f0) C:\Windows\nvoclock.sys

22:34:32.0069 3044        NVR0Dev ( UnsignedFile.Multi.Generic ) - warning

22:34:32.0069 3044        NVR0Dev - detected UnsignedFile.Multi.Generic (1)

22:34:32.0100 3044        NVR0FLASHDev    (318c9b917f6080f5dcc34d889bb42113) C:\Windows\nvflash.sys

22:34:32.0116 3044        NVR0FLASHDev - ok

22:34:32.0209 3044        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys

22:34:32.0241 3044        nvraid - ok

22:34:32.0303 3044        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys

22:34:32.0319 3044        nvstor - ok

22:34:32.0397 3044        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys

22:34:32.0428 3044        nv_agp - ok

22:34:32.0506 3044        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys

22:34:32.0521 3044        ohci1394 - ok

22:34:32.0631 3044        Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys

22:34:32.0662 3044        Parport - ok

22:34:32.0724 3044        partmgr         (bf8f6af06da75b336f07e23aef97d93b) C:\Windows\system32\drivers\partmgr.sys

22:34:32.0755 3044        partmgr - ok

22:34:32.0833 3044        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys

22:34:32.0880 3044        Parvdm - ok

22:34:32.0927 3044        pci             (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys

22:34:32.0958 3044        pci - ok

22:34:33.0021 3044        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys

22:34:33.0021 3044        pciide - ok

22:34:33.0067 3044        pcmcia          (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys

22:34:33.0099 3044        pcmcia - ok

22:34:33.0192 3044        pcw             (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys

22:34:33.0223 3044        pcw - ok

22:34:33.0286 3044        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys

22:34:33.0395 3044        PEAUTH - ok

22:34:33.0535 3044        Point32         (896d916de06f5502d301e8c4dc442ae8) C:\Windows\system32\DRIVERS\point32.sys

22:34:33.0535 3044        Point32 - ok

22:34:33.0598 3044        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys

22:34:33.0660 3044        PptpMiniport - ok

22:34:33.0754 3044        Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys

22:34:33.0785 3044        Processor - ok

22:34:33.0910 3044        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys

22:34:33.0941 3044        Psched - ok

22:34:34.0019 3044        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys

22:34:34.0113 3044        ql2300 - ok

22:34:34.0191 3044        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys

22:34:34.0222 3044        ql40xx - ok

22:34:34.0269 3044        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys

22:34:34.0315 3044        QWAVEdrv - ok

22:34:34.0378 3044        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys

22:34:34.0425 3044        RasAcd - ok

22:34:34.0518 3044        RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys

22:34:34.0581 3044        RasAgileVpn - ok

22:34:34.0674 3044        Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys

22:34:34.0737 3044        Rasl2tp - ok

22:34:34.0846 3044        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys

22:34:34.0893 3044        RasPppoe - ok

22:34:34.0971 3044        RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys

22:34:35.0033 3044        RasSstp - ok

22:34:35.0080 3044        rdbss           (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys

22:34:35.0127 3044        rdbss - ok

22:34:35.0189 3044        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys

22:34:35.0220 3044        rdpbus - ok

22:34:35.0267 3044        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys

22:34:35.0314 3044        RDPCDD - ok

22:34:35.0392 3044        RDPDR           (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys

22:34:35.0439 3044        RDPDR - ok

22:34:35.0517 3044        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys

22:34:35.0563 3044        RDPENCDD - ok

22:34:35.0610 3044        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys

22:34:35.0673 3044        RDPREFMP - ok

22:34:35.0766 3044        RdpVideoMiniport (68a0387f58e226deee23d9715955572a) C:\Windows\system32\drivers\rdpvideominiport.sys

22:34:35.0797 3044        RdpVideoMiniport - ok

22:34:35.0875 3044        RDPWD           (288b06960d78428ff89e811632684e20) C:\Windows\system32\drivers\RDPWD.sys

22:34:35.0891 3044        RDPWD - ok

22:34:35.0985 3044        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys

22:34:36.0016 3044        rdyboost - ok

22:34:36.0141 3044        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys

22:34:36.0187 3044        rspndr - ok

22:34:36.0234 3044        RTL8167         (3983cea05bb855351d75f5482b6c42ce) C:\Windows\system32\DRIVERS\Rt86win7.sys

22:34:36.0281 3044        RTL8167 - ok

22:34:36.0359 3044        s3cap           (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys

22:34:36.0421 3044        s3cap - ok

22:34:36.0515 3044        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys

22:34:36.0531 3044        sbp2port - ok

22:34:36.0593 3044        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys

22:34:36.0640 3044        scfilter - ok

22:34:36.0765 3044        SCL01132        (7a0db9bc5b3e9cdf3b53a67ebdd8a5db) C:\Windows\system32\DRIVERS\SCL01132.sys

22:34:36.0796 3044        SCL01132 - ok

22:34:36.0889 3044        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys

22:34:36.0936 3044        secdrv - ok

22:34:37.0045 3044        Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys

22:34:37.0061 3044        Serenum - ok

22:34:37.0108 3044        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys

22:34:37.0155 3044        Serial - ok

22:34:37.0248 3044        sermouse        (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys

22:34:37.0279 3044        sermouse - ok

22:34:37.0342 3044        sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys

22:34:37.0389 3044        sffdisk - ok

22:34:37.0467 3044        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys

22:34:37.0513 3044        sffp_mmc - ok

22:34:37.0576 3044        sffp_sd         (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys

22:34:37.0623 3044        sffp_sd - ok

22:34:37.0685 3044        sfloppy         (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys

22:34:37.0732 3044        sfloppy - ok

22:34:37.0810 3044        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys

22:34:37.0810 3044        sisagp - ok

22:34:37.0872 3044        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys

22:34:37.0888 3044        SiSRaid2 - ok

22:34:37.0935 3044        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys

22:34:37.0981 3044        SiSRaid4 - ok

22:34:38.0044 3044        Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys

22:34:38.0091 3044        Smb - ok

22:34:38.0200 3044        spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys

22:34:38.0231 3044        spldr - ok

22:34:38.0340 3044        srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys

22:34:38.0418 3044        srv - ok

22:34:38.0481 3044        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys

22:34:38.0543 3044        srv2 - ok

22:34:38.0605 3044        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys

22:34:38.0668 3044        srvnet - ok

22:34:38.0793 3044        ssmdrv          (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys

22:34:38.0839 3044        ssmdrv - ok

22:34:38.0886 3044        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys

22:34:38.0917 3044        stexstor - ok

22:34:39.0011 3044        storflt         (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys

22:34:39.0027 3044        storflt - ok

22:34:39.0058 3044        storvsc         (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys

22:34:39.0073 3044        storvsc - ok

22:34:39.0105 3044        swenum          (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys

22:34:39.0105 3044        swenum - ok

22:34:39.0183 3044        Synth3dVsc - ok

22:34:39.0261 3044        Tcpip           (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\drivers\tcpip.sys

22:34:39.0385 3044        Tcpip - ok

22:34:39.0526 3044        TCPIP6          (65d10b191c59c5501a1263fc33f6894b) C:\Windows\system32\DRIVERS\tcpip.sys

22:34:39.0557 3044        TCPIP6 - ok

22:34:39.0619 3044        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys

22:34:39.0666 3044        tcpipreg - ok

22:34:39.0760 3044        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys

22:34:39.0822 3044        TDPIPE - ok

22:34:39.0900 3044        TDTCP           (2c10395baa4847f83042813c515cc289) C:\Windows\system32\drivers\tdtcp.sys

22:34:39.0931 3044        TDTCP - ok

22:34:39.0994 3044        tdx             (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys

22:34:40.0041 3044        tdx - ok

22:34:40.0150 3044        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys

22:34:40.0181 3044        TermDD - ok

22:34:40.0321 3044        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys

22:34:40.0368 3044        tssecsrv - ok

22:34:40.0431 3044        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys

22:34:40.0493 3044        TsUsbFlt - ok

22:34:40.0555 3044        tsusbhub - ok

22:34:40.0618 3044        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys

22:34:40.0680 3044        tunnel - ok

22:34:40.0789 3044        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys

22:34:40.0836 3044        uagp35 - ok

22:34:40.0899 3044        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys

22:34:40.0945 3044        udfs - ok

22:34:41.0008 3044        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys

22:34:41.0023 3044        uliagpkx - ok

22:34:41.0070 3044        umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys

22:34:41.0117 3044        umbus - ok

22:34:41.0211 3044        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys

22:34:41.0257 3044        UmPass - ok

22:34:41.0320 3044        USBAAPL         (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys

22:34:41.0382 3044        USBAAPL - ok

22:34:41.0460 3044        usbaudio        (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys

22:34:41.0523 3044        usbaudio - ok

22:34:41.0585 3044        usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys

22:34:41.0632 3044        usbccgp - ok

22:34:41.0725 3044        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys

22:34:41.0741 3044        usbcir - ok

22:34:41.0788 3044        usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys

22:34:41.0819 3044        usbehci - ok

22:34:41.0897 3044        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys

22:34:41.0944 3044        usbhub - ok

22:34:41.0975 3044        usbohci         (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys

22:34:42.0006 3044        usbohci - ok

22:34:42.0053 3044        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys

22:34:42.0100 3044        usbprint - ok

22:34:42.0147 3044        USBSTOR         (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS

22:34:42.0193 3044        USBSTOR - ok

22:34:42.0240 3044        usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys

22:34:42.0271 3044        usbuhci - ok

22:34:42.0318 3044        VClone          (94d73b62e458fb56c9ce60aa96d914f9) C:\Windows\system32\DRIVERS\VClone.sys

22:34:42.0381 3044        VClone - ok

22:34:42.0459 3044        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys

22:34:42.0474 3044        vdrvroot - ok

22:34:42.0537 3044        vga             (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys

22:34:42.0583 3044        vga - ok

22:34:42.0661 3044        VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys

22:34:42.0708 3044        VgaSave - ok

22:34:42.0786 3044        VGPU - ok

22:34:42.0833 3044        vhdmp           (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys

22:34:42.0849 3044        vhdmp - ok

22:34:42.0911 3044        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys

22:34:42.0911 3044        viaagp - ok

22:34:42.0958 3044        ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys

22:34:42.0989 3044        ViaC7 - ok

22:34:43.0051 3044        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys

22:34:43.0083 3044        viaide - ok

22:34:43.0145 3044        vmbus           (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys

22:34:43.0192 3044        vmbus - ok

22:34:43.0223 3044        VMBusHID        (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys

22:34:43.0254 3044        VMBusHID - ok

22:34:43.0285 3044        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys

22:34:43.0317 3044        volmgr - ok

22:34:43.0379 3044        volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys

22:34:43.0395 3044        volmgrx - ok

22:34:43.0441 3044        volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys

22:34:43.0504 3044        volsnap - ok

22:34:43.0566 3044        vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys

22:34:43.0582 3044        vsmraid - ok

22:34:43.0644 3044        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys

22:34:43.0660 3044        vwifibus - ok

22:34:43.0738 3044        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys

22:34:43.0800 3044        WacomPen - ok

22:34:43.0863 3044        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

22:34:43.0909 3044        WANARP - ok

22:34:43.0925 3044        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys

22:34:43.0941 3044        Wanarpv6 - ok

22:34:44.0050 3044        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys

22:34:44.0050 3044        Wd - ok

22:34:44.0097 3044        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys

22:34:44.0143 3044        Wdf01000 - ok

22:34:44.0284 3044        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys

22:34:44.0331 3044        WfpLwf - ok

22:34:44.0409 3044        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys

22:34:44.0424 3044        WIMMount - ok

22:34:44.0502 3044        winusb          (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\winusb.sys

22:34:44.0549 3044        winusb - ok

22:34:44.0627 3044        WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys

22:34:44.0643 3044        WmiAcpi - ok

22:34:44.0767 3044        ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys

22:34:44.0830 3044        ws2ifsl - ok

22:34:44.0908 3044        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys

22:34:44.0939 3044        WudfPf - ok

22:34:45.0017 3044        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys

22:34:45.0064 3044        WUDFRd - ok

22:34:45.0111 3044        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

22:34:45.0173 3044        \Device\Harddisk0\DR0 - ok

22:34:45.0173 3044        MBR (0x1B8)     (c06575b18b90345ce86ab291b56db94d) \Device\Harddisk1\DR1

22:34:45.0423 3044        \Device\Harddisk1\DR1 - ok

22:34:45.0423 3044        MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk2\DR2

22:34:59.0010 3044        \Device\Harddisk2\DR2 - ok

22:34:59.0010 3044        Boot (0x1200)   (082efc9b48237b95b4522a53a43a879a) \Device\Harddisk0\DR0\Partition0

22:34:59.0010 3044        \Device\Harddisk0\DR0\Partition0 - ok

22:34:59.0026 3044        Boot (0x1200)   (e76bb398c7fa517656528f53fca37d72) \Device\Harddisk2\DR2\Partition0

22:34:59.0026 3044        \Device\Harddisk2\DR2\Partition0 - ok

22:34:59.0026 3044        ============================================================

22:34:59.0026 3044        Scan finished

22:34:59.0026 3044        ============================================================

22:34:59.0041 2468        Detected object count: 3

22:34:59.0041 2468        Actual detected object count: 3

22:35:22.0379 2468        epmntdrv ( UnsignedFile.Multi.Generic ) - skipped by user

22:35:22.0379 2468        epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 

22:35:22.0379 2468        EuGdiDrv ( UnsignedFile.Multi.Generic ) - skipped by user

22:35:22.0379 2468        EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 

22:35:22.0379 2468        NVR0Dev ( UnsignedFile.Multi.Generic ) - skipped by user

22:35:22.0379 2468        NVR0Dev ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hallo,

bitte sehr:

[CODE]
Combofix Logfile:

Code:

ComboFix 11-11-11.06 - xxx 11.11.2011  20:39:03.1.1 - x86

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3071.1968 [GMT 1:00]

ausgeführt von:: c:\users\xxx\Desktop\ComboFix.exe

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

FW: FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\xxx\AppData\Local\TempDIR

c:\users\xxx\AppData\Local\TempDIR\BetterInstaller.exe

c:\users\xxx\AppData\Roaming\chrtmp

c:\users\xxx\AppData\Roaming\SQLite3.dll

c:\windows\iun6002.exe

c:\windows\system32\msvcsv60.dll

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-10-11 bis 2011-11-11  ))))))))))))))))))))))))))))))

.

.

2011-11-11 17:15 . 2011-11-11 17:15        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B0CC4C8-53FC-40A4-B5F1-0E9C92E1C51B}\offreg.dll

2011-11-11 17:15 . 2011-10-07 03:48        6668624        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B0CC4C8-53FC-40A4-B5F1-0E9C92E1C51B}\mpengine.dll

2011-11-11 02:22 . 2011-11-11 02:22        --------        d-----w-        c:\program files\ZDF

2011-11-11 02:11 . 2011-11-11 02:11        --------        d-----w-        c:\program files\maxdome - Online Videothek

2011-11-11 02:03 . 2011-11-11 02:03        --------        d-----w-        c:\program files\BMWi

2011-11-11 01:32 . 2011-11-11 01:32        --------        d-----w-        c:\program files\n-tv

2011-11-11 01:32 . 2011-11-11 01:32        --------        d-----w-        c:\program files\BILD

2011-11-10 20:48 . 2011-11-10 20:48        --------        d-----w-        C:\_OTL

2011-11-10 12:23 . 2011-11-10 12:23        --------        d-----w-        c:\users\Public\Transcode360

2011-11-10 12:23 . 2011-11-11 01:05        --------        d-----w-        c:\program files\Transcode360

2011-11-10 12:14 . 2011-11-10 12:14        --------        d-----w-        c:\program files\MediaBrowser

2011-11-10 12:14 . 2011-11-11 17:14        --------        d-----w-        c:\programdata\MediaBrowser

2011-11-10 11:43 . 2011-11-10 11:43        --------        d-----w-        c:\users\Mcx1-xxx-PC

2011-11-10 10:50 . 2011-11-10 10:50        --------        d-----w-        c:\users\xxx\AppData\Roaming\BID

2011-11-10 07:34 . 2011-11-10 07:35        --------        d-----w-        c:\program files\Jtag Tool

2011-11-10 01:09 . 2011-11-10 01:09        1092400        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-11-09 16:27 . 2011-11-09 16:28        --------        d-----w-        c:\program files\Gavotte RamDisk

2011-11-09 07:19 . 2011-10-01 04:37        708608        ----a-w-        c:\program files\Common Files\System\wab32.dll

2011-11-09 07:19 . 2011-09-29 16:03        1290608        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2011-11-09 07:18 . 2011-09-29 03:37        2341888        ----a-w-        c:\windows\system32\win32k.sys

2011-11-08 15:37 . 2011-11-08 15:37        --------        d-----w-        c:\program files\ESET

2011-11-08 15:10 . 2011-11-08 15:10        --------        d-----w-        c:\users\xxx\AppData\Roaming\Malwarebytes

2011-11-08 15:09 . 2011-11-08 15:09        --------        d-----w-        c:\programdata\Malwarebytes

2011-11-08 15:09 . 2011-11-08 15:09        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-11-08 15:09 . 2011-08-31 16:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-11-07 17:47 . 2011-11-07 17:47        --------        d-----w-        c:\programdata\Gerhard Junker

2011-11-07 17:47 . 2011-11-07 17:47        --------        d-----w-        c:\users\xxx\AppData\Local\Gerhard_Junker

2011-11-07 17:43 . 2011-11-09 14:52        --------        d-----w-        c:\program files\ncid.Net

2011-11-07 17:43 . 2011-11-07 17:48        --------        d-----w-        c:\programdata\ncid.Net

2011-11-07 16:48 . 2011-11-07 16:55        --------        d-----w-        c:\program files\NET Traffic Meter

2011-11-07 16:38 . 2011-11-07 16:43        --------        d-----w-        c:\users\xxx\AppData\Roaming\NetMeter

2011-11-07 16:38 . 2011-11-07 16:44        --------        d-----w-        c:\program files\NetMeter

2011-11-07 16:26 . 2011-11-07 16:26        --------        d-----w-        c:\programdata\DeskSoft

2011-11-07 16:25 . 2011-11-07 16:25        24816        ----a-w-        c:\windows\system32\drivers\dsnpfd.sys

2011-11-07 16:25 . 2011-11-07 16:25        --------        d-----w-        c:\users\xxx\AppData\Roaming\DeskSoft

2011-11-07 14:05 . 2011-11-07 14:05        --------        d-----w-        c:\program files\Axence

2011-11-07 07:56 . 2011-11-07 07:56        --------        d-----w-        c:\users\xxx\AppData\Roaming\gtk-2.0

2011-11-07 07:38 . 2011-11-07 08:16        --------        d-----w-        c:\programdata\Spybot - Search & Destroy

2011-11-07 07:36 . 2011-11-07 13:51        --------        d-----w-        c:\program files\Spybot - Search & Destroy 2

2011-11-07 06:42 . 2011-11-11 19:33        --------        d-----w-        c:\users\xxx\AppData\Roaming\.purple

2011-11-07 06:39 . 2011-11-07 06:39        --------        d-----w-        c:\program files\Pidgin

2011-11-07 02:54 . 2011-11-07 02:54        --------        d-----w-        c:\program files\MSECache

2011-11-07 02:52 . 2011-11-07 02:52        --------        d-----w-        C:\Program Settings

2011-11-05 23:08 . 2011-11-05 23:08        --------        d-----w-        c:\windows\W7SBC

2011-11-05 23:08 . 2011-02-25 05:30        2616320        ----a-w-        c:\windows\explorer_edit_w7sbc.exe

2011-11-05 23:08 . 2011-02-25 05:30        2616320        ----a-w-        c:\windows\explorer_backup_w7sbc.exe

2011-11-05 22:58 . 2011-11-05 22:59        --------        d-----w-        c:\program files\RocketDock

2011-11-05 22:58 . 2011-11-05 22:58        --------        d-----w-        c:\program files\IconChanger

2011-11-05 22:57 . 2011-11-07 06:00        --------        d-----w-        c:\program files\Rainmeter

2011-11-05 17:34 . 2010-06-07 13:59        57904        ----a-w-        c:\windows\system32\wbload.dll

2011-11-05 17:33 . 2008-04-26 14:14        42672        ----a-w-        c:\windows\system32\wbsys.dll

2011-11-05 17:33 . 2011-11-05 17:33        --------        d-----w-        c:\program files\Stardock

2011-11-05 17:18 . 2011-11-05 17:18        --------        d-----w-        c:\users\xxx\AppData\Roaming\Auslogics

2011-11-05 17:18 . 2011-11-05 17:18        --------        d-----w-        c:\program files\Auslogics

2011-11-05 16:55 . 2011-11-05 16:55        --------        d-----w-        c:\program files\Setup Files

2011-11-05 14:27 . 2011-11-06 09:01        --------        d-----w-        c:\program files\Dr. Hardware 2011

2011-11-05 13:46 . 2011-11-05 13:52        --------        d-----w-        c:\program files\TweakMe!

2011-11-05 13:35 . 2011-11-05 13:35        --------        d-----w-        c:\users\xxx\AppData\Local\Frameworkx.com

2011-11-05 13:20 . 2011-11-05 13:20        --------        d-----w-        c:\users\xxx\AppData\Local\NeoSmart_Technologies

2011-11-05 13:17 . 2011-11-05 13:17        --------        d-----w-        c:\program files\NeoSmart Technologies

2011-11-05 12:43 . 2011-11-05 12:38        91096        ----a-w-        c:\windows\system32\drivers\avfwim.sys

2011-11-05 12:43 . 2011-11-05 12:38        111160        ----a-w-        c:\windows\system32\drivers\avfwot.sys

2011-11-05 05:01 . 2011-11-05 05:01        --------        d-----w-        c:\users\xxx\AppData\Roaming\Xilisoft

2011-11-05 00:32 . 2011-08-05 14:59        307200        ----a-w-        c:\windows\system32\TubeFinder.exe

2011-11-05 00:32 . 2009-06-19 18:51        119568        ----a-w-        c:\windows\system32\VB6FR.DLL

2011-11-05 00:32 . 2009-06-19 18:51        101888        ----a-w-        c:\windows\system32\VB6STKIT.DLL

2011-11-05 00:32 . 2009-06-19 18:51        9728        ----a-w-        c:\windows\system32\PCCLPFR.DLL

2011-11-05 00:32 . 2009-06-19 18:51        84512        ----a-w-        c:\windows\system32\PICCLP32.OCX

2011-11-05 00:32 . 2009-06-19 18:51        364544        ----a-w-        c:\windows\system32\PropertyGrid.ocx

2011-11-05 00:32 . 2009-06-19 18:51        141312        ----a-w-        c:\windows\system32\MSCMCFR.DLL

2011-11-05 00:32 . 2011-11-05 02:22        --------        d-----w-        c:\users\xxx\AppData\Roaming\FreeFLVConverter

2011-11-05 00:32 . 2011-11-05 00:33        --------        d-----w-        c:\program files\Free FLV Converter

2011-11-05 00:32 . 2009-06-19 18:51        32768        ----a-w-        c:\windows\system32\CMDLGFR.DLL

2011-11-05 00:32 . 2009-06-19 18:51        24576        ----a-w-        c:\windows\system32\ControlSubX.ocx

2011-11-03 16:55 . 2011-11-03 16:55        --------        d-----w-        c:\program files\Microsoft CAPICOM 2.1.0.2

2011-11-03 15:22 . 2011-11-05 14:52        --------        d-----w-        c:\users\xxx\AppData\Roaming\BitComet

2011-11-03 15:22 . 2011-11-03 15:22        --------        d-----w-        c:\program files\BitComet

2011-11-03 09:34 . 2011-11-03 09:34        --------        d-----w-        c:\program files\Microsoft Silverlight

2011-11-02 16:46 . 2011-11-02 16:46        --------        d-----w-        c:\users\xxx\AppData\Local\Installer5804

2011-11-02 16:40 . 2011-11-02 16:40        --------        d-----w-        c:\users\xxx\AppData\Local\Installer5848

2011-11-01 08:05 . 2011-11-01 08:05        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll

2011-11-01 08:05 . 2011-11-01 08:05        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll

2011-11-01 08:05 . 2011-11-01 08:05        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll

2011-11-01 08:05 . 2011-11-01 08:05        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll

2011-11-01 08:05 . 2011-11-01 08:05        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll

2011-11-01 08:05 . 2011-11-01 08:05        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll

2011-11-01 08:05 . 2011-11-01 08:05        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin.dll

2011-11-01 08:05 . 2011-11-01 08:05        --------        d-----w-        c:\program files\QuickTime

2011-11-01 08:02 . 2011-11-01 08:02        --------        d-----w-        c:\program files\iPod

2011-10-31 08:36 . 2011-10-31 08:36        9925160        ----a-w-        c:\program files\Common Files\lpuninstall.exe

2011-10-31 08:36 . 2011-10-31 08:36        --------        d-----w-        c:\program files\LastPass

2011-10-28 06:18 . 2011-10-28 06:18        --------        d-----w-        c:\users\xxx\AppData\Local\MicroVision Applications

2011-10-28 06:17 . 2011-10-28 06:17        --------        d-----w-        c:\program files\Common Files\SureThing Shared

2011-10-28 06:17 . 2011-10-28 06:17        --------        d-----w-        c:\program files\SureThing

2011-10-28 06:17 . 2011-10-28 06:17        --------        d-----w-        c:\windows\MVUNINST

2011-10-28 06:17 . 2002-01-05 01:37        344064        ----a-w-        c:\windows\system32\msvcr70.dll

2011-10-28 06:17 . 1996-08-24 10:11        289552        ----a-w-        c:\windows\system32\temp.001

2011-10-28 06:17 . 1993-10-14 16:51        28672        ----a-w-        c:\windows\system32\temp.000

2011-10-25 13:42 . 2011-10-03 03:06        476904        ----a-w-        c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-10-24 13:29 . 2011-10-24 13:29        94208        ----a-w-        c:\windows\system32\QuickTimeVR.qtx

2011-10-24 13:29 . 2011-10-24 13:29        69632        ----a-w-        c:\windows\system32\QuickTime.qts

2011-10-22 22:53 . 2011-10-22 22:54        --------        dc-h--w-        c:\programdata\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}

2011-10-22 22:49 . 2011-10-22 22:49        --------        dc-h--w-        c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B}

2011-10-18 10:35 . 2011-10-18 10:35        --------        d-----w-        c:\users\xxx\AppData\Roaming\Avira

2011-10-18 10:35 . 2011-10-11 13:00        74640        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2011-10-18 10:35 . 2011-10-11 13:00        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2011-10-18 10:35 . 2011-10-11 13:00        134344        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-10-18 10:34 . 2011-11-05 12:43        --------        d-----w-        c:\programdata\Avira

2011-10-18 10:34 . 2011-10-18 10:34        --------        d-----w-        c:\program files\Avira

2011-10-16 17:55 . 2011-10-16 17:55        18139008        ----a-w-        c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL

2011-10-14 00:01 . 2010-11-20 12:17        941568        ----a-w-        c:\windows\system32\mblctr.exe

2011-10-14 00:00 . 2010-11-20 12:21        750080        ----a-w-        c:\windows\system32\sdcpl.dll

2011-10-13 23:59 . 2009-07-14 01:16        379904        ----a-w-        c:\windows\system32\pnpui.dll

2011-10-13 23:59 . 2010-11-20 12:20        2494464        ----a-w-        c:\windows\system32\netshell.dll

2011-10-13 23:59 . 2009-07-14 01:06        9053696        ----a-w-        c:\windows\system32\mmres.dll

2011-10-13 23:59 . 2009-07-14 01:06        705536        ----a-w-        c:\windows\system32\imagesp1.dll

2011-10-13 23:59 . 2009-07-14 01:15        56320        ----a-w-        c:\windows\system32\hotplug.dll

2011-10-13 23:59 . 2010-11-20 12:18        744448        ----a-w-        c:\windows\system32\ActionCenter.dll

2011-10-13 22:59 . 2011-10-13 23:01        --------        d-----w-        c:\program files\plexydesk

2011-10-13 22:51 . 2011-10-13 22:51        --------        d-----w-        c:\users\xxx\AppData\Local\Bump Technologies, Inc

2011-10-13 20:51 . 2011-11-03 09:58        --------        d-----w-        c:\users\xxx\AppData\Local\MediaMonkey

2011-10-13 20:51 . 2011-11-03 09:58        --------        d-----w-        c:\program files\MediaMonkey

2011-10-13 20:37 . 2011-10-13 20:37        --------        d-----w-        C:\$WINDOWS.~BT

2011-10-13 20:13 . 2011-07-29 11:54        19840        ----a-w-        c:\windows\system32\EuEpmGdi.dll

2011-10-13 20:13 . 2011-09-09 16:23        2469760        ----a-w-        c:\windows\system32\BootMan.exe

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-23 12:09 . 2011-08-09 04:43        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-03 03:06 . 2011-06-20 16:19        472808        ----a-w-        c:\windows\system32\deployJava1.dll

2011-09-25 22:24 . 2011-09-25 22:24        0        ---ha-w-        c:\users\xxx\AppData\Roaming\.51BEE852859F7D89.sys

2011-09-25 22:12 . 2011-09-25 22:12        49152        ----a-r-        c:\users\xxx\AppData\Roaming\Microsoft\Installer\{2D314071-26CD-47EA-A01E-82FADDE951C5}\LiquidInstrument.exe_2D31407126CD47EAA01E82FADDE951C5.exe

2011-08-30 22:05 . 2011-08-30 22:05        83816        ----a-w-        c:\windows\system32\dns-sd.exe

2011-08-30 22:05 . 2011-08-30 22:05        73064        ----a-w-        c:\windows\system32\dnssd.dll

2011-08-30 22:05 . 2011-08-30 22:05        50536        ----a-w-        c:\windows\system32\jdns_sd.dll

2011-08-30 22:05 . 2011-08-30 22:05        178536        ----a-w-        c:\windows\system32\dnssdX.dll

2011-11-09 20:22 . 2011-08-09 03:18        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Pidgin"="c:\program files\Pidgin\pidgin.exe" [2011-08-20 48618]

"ncid.Net"="c:\program files\ncid.Net\ncid.Net.exe" [2011-11-03 984064]

"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-09-29 106496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]

"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-10-02 643592]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-11-05 258512]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Media Browser Service.lnk - c:\program files\MediaBrowser\MediaBrowser\MediaBrowserService.exe [2011-10-17 135168]

Media Browser.lnk - c:\windows\ehome\ehshell.exe [2009-7-14 100864]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"SynchronousMachineGroupPolicy"= 0 (0x0)

"SynchronousUserGroupPolicy"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0\0sdnclean.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]

2008-09-29 11:14        106496        ----a-w-        c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Google Update"="c:\users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe" /c

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"LexwareInfoService"=c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-10 136176]

R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 14216]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 8456]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-10 136176]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\MSI\Live Update 5\msibios32_100507.sys [x]

R3 MSSQL$JTLWAWI;SQL Server (JTLWAWI);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]

R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 SCL01132;SCL011 Contactless Reader;c:\windows\system32\DRIVERS\SCL01132.sys [2010-05-07 61824]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2011-11-05 111160]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]

S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2011-11-05 616400]

S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2011-11-05 342480]

S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-11-05 86224]

S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-11-05 463824]

S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]

S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]

S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2011-11-05 91096]

S3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]

S3 MADFUCONECTIV;Service for M-Audio Conectiv DFU;c:\windows\system32\DRIVERS\MAudioConectiv_DFU.sys [2009-10-02 42248]

S3 MAUSBCONECTIV;Service for M-Audio Conectiv;c:\windows\system32\DRIVERS\MAudioConectiv.sys [2009-10-02 158344]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]

.

.

Inhalt des "geplante Tasks" Ordners

.

2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-10 13:15]

.

2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-10 13:15]

.

.

------- Zusätzlicher Suchlauf -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Alles mit BitComet herunterladen - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105

IE: BID Link Explorer: Öffne aktuelle Seite - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm

IE: BID: Link in Queue einreihen - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm

IE: BID: Seite in &Queue einreihen - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm

IE: BID: Öffne aktuelle Seite - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm

IE: BID: Öffne diesen &Link - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm

IE: Mit BitComet herunter&laden - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\nxh9q5dv.default\

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

.

------- Dateityp-Verknüpfung -------

.

.txt=Notepad++_file

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

HKCU-Run-BID Drop Box - c:\program files\Bulk Image Downloader\BIDDropBox.exe

AddRemove-PSP_Nitro - c:\windows\iun6002.exe

.

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-3208466087-60621075-3746657911-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{721F34D6-177E-0B5A-100D-6F2E2FB2D6A9}*]

"hagdjmlmbgfojoff"=hex:6a,61,61,63,69,67,69,6a,6e,65,6d,64,63,6b,6d,68,6f,64,

   6f,65,00,d4

"iamcdoknakfgojhdhg"=hex:6a,61,61,63,6e,61,6a,6a,67,6f,66,67,6e,62,6f,6f,61,6d,

   6c,6d,00,00

.

[HKEY_USERS\S-1-5-21-3208466087-60621075-3746657911-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A225EC91-5397-517E-C9B1-973E71617067}*]

"iaecmhkjhjfchkkjhp"=hex:6b,61,69,64,6e,69,6d,67,6a,61,62,65,6e,67,6d,68,66,63,

   6b,61,66,65,00,00

"hakbgomlhamfaklm"=hex:6b,61,69,64,6e,69,6d,67,6a,61,62,65,6e,67,6d,68,66,63,

   6b,61,66,65,00,00

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Xanthic\{1246792F-C12E-81AE-FE96-35D2FC917677}*_]

"fr"="078D534A595D51"

"lr"="078D4C40445D51"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2011-11-11  20:51:58

ComboFix-quarantined-files.txt  2011-11-11 19:51

.

Vor Suchlauf: 9 Verzeichnis(se), 15.784.644.608 Bytes frei

Nach Suchlauf: 15 Verzeichnis(se), 15.696.977.920 Bytes frei

.

- - End Of File - - 900F9AEFA343D44E6B605B5B9E1DC5B8

--- --- ---

Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

Dirlook::

c:\users\xxx\AppData\Roaming\BID

c:\windows\W7SBC

3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Auch erledigt :)

[CODE]
Combofix Logfile:

Code:

ComboFix 11-11-11.06 - xxx 11.11.2011  23:20:09.2.1 - x86

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.3071.2024 [GMT 1:00]

ausgeführt von:: c:\users\xxx\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\users\xxx\Desktop\CFScript.txt

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

FW: FireWall *Disabled* {CE40CCC0-8ADB-6D67-25A0-C5B6438E4B57}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((   Dateien erstellt von 2011-10-11 bis 2011-11-11  ))))))))))))))))))))))))))))))

.

.

2011-11-11 22:29 . 2011-11-11 22:29        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2011-11-11 22:29 . 2011-11-11 22:29        --------        d-----w-        c:\users\Default\AppData\Local\temp

2011-11-11 21:15 . 2011-11-11 21:15        56200        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B0CC4C8-53FC-40A4-B5F1-0E9C92E1C51B}\offreg.dll

2011-11-11 19:52 . 2011-11-11 22:29        --------        d-----w-        c:\users\xxx\AppData\Local\temp

2011-11-11 17:15 . 2011-10-07 03:48        6668624        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{9B0CC4C8-53FC-40A4-B5F1-0E9C92E1C51B}\mpengine.dll

2011-11-11 02:22 . 2011-11-11 02:22        --------        d-----w-        c:\program files\ZDF

2011-11-11 02:11 . 2011-11-11 02:11        --------        d-----w-        c:\program files\maxdome - Online Videothek

2011-11-11 02:03 . 2011-11-11 02:03        --------        d-----w-        c:\program files\BMWi

2011-11-11 01:32 . 2011-11-11 01:32        --------        d-----w-        c:\program files\n-tv

2011-11-11 01:32 . 2011-11-11 01:32        --------        d-----w-        c:\program files\BILD

2011-11-10 20:48 . 2011-11-10 20:48        --------        d-----w-        C:\_OTL

2011-11-10 12:23 . 2011-11-10 12:23        --------        d-----w-        c:\users\Public\Transcode360

2011-11-10 12:14 . 2011-11-11 21:30        --------        d-----w-        c:\programdata\MediaBrowser

2011-11-10 11:43 . 2011-11-10 11:43        --------        d-----w-        c:\users\Mcx1-xxx-PC

2011-11-10 10:50 . 2011-11-10 10:50        --------        d-----w-        c:\users\xxx\AppData\Roaming\BID

2011-11-10 07:34 . 2011-11-10 07:35        --------        d-----w-        c:\program files\Jtag Tool

2011-11-10 01:09 . 2011-11-10 01:09        1092400        ----a-w-        c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll

2011-11-09 16:27 . 2011-11-09 16:28        --------        d-----w-        c:\program files\Gavotte RamDisk

2011-11-09 07:19 . 2011-10-01 04:37        708608        ----a-w-        c:\program files\Common Files\System\wab32.dll

2011-11-09 07:19 . 2011-09-29 16:03        1290608        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2011-11-09 07:18 . 2011-09-29 03:37        2341888        ----a-w-        c:\windows\system32\win32k.sys

2011-11-08 15:37 . 2011-11-08 15:37        --------        d-----w-        c:\program files\ESET

2011-11-08 15:10 . 2011-11-08 15:10        --------        d-----w-        c:\users\xxx\AppData\Roaming\Malwarebytes

2011-11-08 15:09 . 2011-11-08 15:09        --------        d-----w-        c:\programdata\Malwarebytes

2011-11-08 15:09 . 2011-11-08 15:09        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2011-11-08 15:09 . 2011-08-31 16:00        22216        ----a-w-        c:\windows\system32\drivers\mbam.sys

2011-11-07 17:47 . 2011-11-07 17:47        --------        d-----w-        c:\programdata\Gerhard Junker

2011-11-07 17:47 . 2011-11-07 17:47        --------        d-----w-        c:\users\xxx\AppData\Local\Gerhard_Junker

2011-11-07 17:43 . 2011-11-09 14:52        --------        d-----w-        c:\program files\ncid.Net

2011-11-07 17:43 . 2011-11-07 17:48        --------        d-----w-        c:\programdata\ncid.Net

2011-11-07 16:48 . 2011-11-07 16:55        --------        d-----w-        c:\program files\NET Traffic Meter

2011-11-07 16:38 . 2011-11-07 16:43        --------        d-----w-        c:\users\xxx\AppData\Roaming\NetMeter

2011-11-07 16:38 . 2011-11-07 16:44        --------        d-----w-        c:\program files\NetMeter

2011-11-07 16:26 . 2011-11-07 16:26        --------        d-----w-        c:\programdata\DeskSoft

2011-11-07 16:25 . 2011-11-07 16:25        24816        ----a-w-        c:\windows\system32\drivers\dsnpfd.sys

2011-11-07 16:25 . 2011-11-07 16:25        --------        d-----w-        c:\users\xxx\AppData\Roaming\DeskSoft

2011-11-07 14:05 . 2011-11-07 14:05        --------        d-----w-        c:\program files\Axence

2011-11-07 07:56 . 2011-11-07 07:56        --------        d-----w-        c:\users\xxx\AppData\Roaming\gtk-2.0

2011-11-07 07:38 . 2011-11-07 08:16        --------        d-----w-        c:\programdata\Spybot - Search & Destroy

2011-11-07 07:36 . 2011-11-07 13:51        --------        d-----w-        c:\program files\Spybot - Search & Destroy 2

2011-11-07 06:42 . 2011-11-11 22:28        --------        d-----w-        c:\users\xxx\AppData\Roaming\.purple

2011-11-07 06:39 . 2011-11-07 06:39        --------        d-----w-        c:\program files\Pidgin

2011-11-07 02:54 . 2011-11-07 02:54        --------        d-----w-        c:\program files\MSECache

2011-11-07 02:52 . 2011-11-07 02:52        --------        d-----w-        C:\Program Settings

2011-11-05 23:08 . 2011-11-05 23:08        --------        d-----w-        c:\windows\W7SBC

2011-11-05 23:08 . 2011-02-25 05:30        2616320        ----a-w-        c:\windows\explorer_edit_w7sbc.exe

2011-11-05 23:08 . 2011-02-25 05:30        2616320        ----a-w-        c:\windows\explorer_backup_w7sbc.exe

2011-11-05 22:58 . 2011-11-05 22:59        --------        d-----w-        c:\program files\RocketDock

2011-11-05 22:58 . 2011-11-05 22:58        --------        d-----w-        c:\program files\IconChanger

2011-11-05 22:57 . 2011-11-07 06:00        --------        d-----w-        c:\program files\Rainmeter

2011-11-05 17:34 . 2010-06-07 13:59        57904        ----a-w-        c:\windows\system32\wbload.dll

2011-11-05 17:33 . 2008-04-26 14:14        42672        ----a-w-        c:\windows\system32\wbsys.dll

2011-11-05 17:33 . 2011-11-05 17:33        --------        d-----w-        c:\program files\Stardock

2011-11-05 17:18 . 2011-11-05 17:18        --------        d-----w-        c:\users\xxx\AppData\Roaming\Auslogics

2011-11-05 17:18 . 2011-11-05 17:18        --------        d-----w-        c:\program files\Auslogics

2011-11-05 16:55 . 2011-11-05 16:55        --------        d-----w-        c:\program files\Setup Files

2011-11-05 14:27 . 2011-11-06 09:01        --------        d-----w-        c:\program files\Dr. Hardware 2011

2011-11-05 13:46 . 2011-11-05 13:52        --------        d-----w-        c:\program files\TweakMe!

2011-11-05 13:35 . 2011-11-05 13:35        --------        d-----w-        c:\users\xxx\AppData\Local\Frameworkx.com

2011-11-05 13:20 . 2011-11-05 13:20        --------        d-----w-        c:\users\xxx\AppData\Local\NeoSmart_Technologies

2011-11-05 13:17 . 2011-11-05 13:17        --------        d-----w-        c:\program files\NeoSmart Technologies

2011-11-05 12:43 . 2011-11-05 12:38        91096        ----a-w-        c:\windows\system32\drivers\avfwim.sys

2011-11-05 12:43 . 2011-11-05 12:38        111160        ----a-w-        c:\windows\system32\drivers\avfwot.sys

2011-11-05 05:01 . 2011-11-05 05:01        --------        d-----w-        c:\users\xxx\AppData\Roaming\Xilisoft

2011-11-05 00:32 . 2011-08-05 14:59        307200        ----a-w-        c:\windows\system32\TubeFinder.exe

2011-11-05 00:32 . 2009-06-19 18:51        119568        ----a-w-        c:\windows\system32\VB6FR.DLL

2011-11-05 00:32 . 2009-06-19 18:51        101888        ----a-w-        c:\windows\system32\VB6STKIT.DLL

2011-11-05 00:32 . 2009-06-19 18:51        9728        ----a-w-        c:\windows\system32\PCCLPFR.DLL

2011-11-05 00:32 . 2009-06-19 18:51        84512        ----a-w-        c:\windows\system32\PICCLP32.OCX

2011-11-05 00:32 . 2009-06-19 18:51        364544        ----a-w-        c:\windows\system32\PropertyGrid.ocx

2011-11-05 00:32 . 2009-06-19 18:51        141312        ----a-w-        c:\windows\system32\MSCMCFR.DLL

2011-11-05 00:32 . 2011-11-05 02:22        --------        d-----w-        c:\users\xxx\AppData\Roaming\FreeFLVConverter

2011-11-05 00:32 . 2011-11-05 00:33        --------        d-----w-        c:\program files\Free FLV Converter

2011-11-05 00:32 . 2009-06-19 18:51        32768        ----a-w-        c:\windows\system32\CMDLGFR.DLL

2011-11-05 00:32 . 2009-06-19 18:51        24576        ----a-w-        c:\windows\system32\ControlSubX.ocx

2011-11-03 16:55 . 2011-11-03 16:55        --------        d-----w-        c:\program files\Microsoft CAPICOM 2.1.0.2

2011-11-03 15:22 . 2011-11-05 14:52        --------        d-----w-        c:\users\xxx\AppData\Roaming\BitComet

2011-11-03 15:22 . 2011-11-03 15:22        --------        d-----w-        c:\program files\BitComet

2011-11-03 09:34 . 2011-11-03 09:34        --------        d-----w-        c:\program files\Microsoft Silverlight

2011-11-02 16:46 . 2011-11-02 16:46        --------        d-----w-        c:\users\xxx\AppData\Local\Installer5804

2011-11-02 16:40 . 2011-11-02 16:40        --------        d-----w-        c:\users\xxx\AppData\Local\Installer5848

2011-11-01 08:05 . 2011-11-01 08:05        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin7.dll

2011-11-01 08:05 . 2011-11-01 08:05        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin6.dll

2011-11-01 08:05 . 2011-11-01 08:05        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin5.dll

2011-11-01 08:05 . 2011-11-01 08:05        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin4.dll

2011-11-01 08:05 . 2011-11-01 08:05        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin3.dll

2011-11-01 08:05 . 2011-11-01 08:05        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin2.dll

2011-11-01 08:05 . 2011-11-01 08:05        159744        ----a-w-        c:\program files\Mozilla Firefox\plugins\npqtplugin.dll

2011-11-01 08:05 . 2011-11-01 08:05        --------        d-----w-        c:\program files\QuickTime

2011-11-01 08:02 . 2011-11-01 08:02        --------        d-----w-        c:\program files\iPod

2011-10-31 08:36 . 2011-10-31 08:36        9925160        ----a-w-        c:\program files\Common Files\lpuninstall.exe

2011-10-31 08:36 . 2011-10-31 08:36        --------        d-----w-        c:\program files\LastPass

2011-10-28 06:18 . 2011-10-28 06:18        --------        d-----w-        c:\users\xxx\AppData\Local\MicroVision Applications

2011-10-28 06:17 . 2011-10-28 06:17        --------        d-----w-        c:\program files\Common Files\SureThing Shared

2011-10-28 06:17 . 2011-10-28 06:17        --------        d-----w-        c:\program files\SureThing

2011-10-28 06:17 . 2011-10-28 06:17        --------        d-----w-        c:\windows\MVUNINST

2011-10-28 06:17 . 2002-01-05 01:37        344064        ----a-w-        c:\windows\system32\msvcr70.dll

2011-10-28 06:17 . 1996-08-24 10:11        289552        ----a-w-        c:\windows\system32\temp.001

2011-10-28 06:17 . 1993-10-14 16:51        28672        ----a-w-        c:\windows\system32\temp.000

2011-10-25 13:42 . 2011-10-03 03:06        476904        ----a-w-        c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll

2011-10-24 13:29 . 2011-10-24 13:29        94208        ----a-w-        c:\windows\system32\QuickTimeVR.qtx

2011-10-24 13:29 . 2011-10-24 13:29        69632        ----a-w-        c:\windows\system32\QuickTime.qts

2011-10-22 22:53 . 2011-10-22 22:54        --------        dc-h--w-        c:\programdata\{E26B3878-7CEC-469C-B449-5CAA336DF8CD}

2011-10-22 22:49 . 2011-10-22 22:49        --------        dc-h--w-        c:\programdata\{C78336EC-F2EB-4640-99A4-DFE96581B90B}

2011-10-18 10:35 . 2011-10-18 10:35        --------        d-----w-        c:\users\xxx\AppData\Roaming\Avira

2011-10-18 10:35 . 2011-10-11 13:00        74640        ----a-w-        c:\windows\system32\drivers\avgntflt.sys

2011-10-18 10:35 . 2011-10-11 13:00        36000        ----a-w-        c:\windows\system32\drivers\avkmgr.sys

2011-10-18 10:35 . 2011-10-11 13:00        134344        ----a-w-        c:\windows\system32\drivers\avipbb.sys

2011-10-18 10:34 . 2011-11-05 12:43        --------        d-----w-        c:\programdata\Avira

2011-10-18 10:34 . 2011-10-18 10:34        --------        d-----w-        c:\program files\Avira

2011-10-16 17:55 . 2011-10-16 17:55        18139008        ----a-w-        c:\program files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL

2011-10-14 00:01 . 2010-11-20 12:17        941568        ----a-w-        c:\windows\system32\mblctr.exe

2011-10-14 00:00 . 2010-11-20 12:21        750080        ----a-w-        c:\windows\system32\sdcpl.dll

2011-10-13 23:59 . 2009-07-14 01:16        379904        ----a-w-        c:\windows\system32\pnpui.dll

2011-10-13 23:59 . 2010-11-20 12:20        2494464        ----a-w-        c:\windows\system32\netshell.dll

2011-10-13 23:59 . 2009-07-14 01:06        9053696        ----a-w-        c:\windows\system32\mmres.dll

2011-10-13 23:59 . 2009-07-14 01:06        705536        ----a-w-        c:\windows\system32\imagesp1.dll

2011-10-13 23:59 . 2009-07-14 01:15        56320        ----a-w-        c:\windows\system32\hotplug.dll

2011-10-13 23:59 . 2010-11-20 12:18        744448        ----a-w-        c:\windows\system32\ActionCenter.dll

2011-10-13 22:59 . 2011-10-13 23:01        --------        d-----w-        c:\program files\plexydesk

2011-10-13 22:51 . 2011-10-13 22:51        --------        d-----w-        c:\users\xxx\AppData\Local\Bump Technologies, Inc

2011-10-13 20:51 . 2011-11-03 09:58        --------        d-----w-        c:\users\xxx\AppData\Local\MediaMonkey

2011-10-13 20:51 . 2011-11-03 09:58        --------        d-----w-        c:\program files\MediaMonkey

2011-10-13 20:37 . 2011-10-13 20:37        --------        d-----w-        C:\$WINDOWS.~BT

2011-10-13 20:13 . 2011-07-29 11:54        19840        ----a-w-        c:\windows\system32\EuEpmGdi.dll

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-10-23 12:09 . 2011-08-09 04:43        414368        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2011-10-03 03:06 . 2011-06-20 16:19        472808        ----a-w-        c:\windows\system32\deployJava1.dll

2011-09-25 22:24 . 2011-09-25 22:24        0        ---ha-w-        c:\users\xxx\AppData\Roaming\.51BEE852859F7D89.sys

2011-09-25 22:12 . 2011-09-25 22:12        49152        ----a-r-        c:\users\xxx\AppData\Roaming\Microsoft\Installer\{2D314071-26CD-47EA-A01E-82FADDE951C5}\LiquidInstrument.exe_2D31407126CD47EAA01E82FADDE951C5.exe

2011-08-30 22:05 . 2011-08-30 22:05        83816        ----a-w-        c:\windows\system32\dns-sd.exe

2011-08-30 22:05 . 2011-08-30 22:05        73064        ----a-w-        c:\windows\system32\dnssd.dll

2011-08-30 22:05 . 2011-08-30 22:05        50536        ----a-w-        c:\windows\system32\jdns_sd.dll

2011-08-30 22:05 . 2011-08-30 22:05        178536        ----a-w-        c:\windows\system32\dnssdX.dll

2011-11-09 20:22 . 2011-08-09 03:18        134104        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((((((((((   Look   )))))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

---- Directory of c:\users\xxx\AppData\Roaming\BID ----

.

2011-11-10 10:51 . 2011-11-10 10:53        4422        ----a-w-        c:\users\xxx\AppData\Roaming\BID\Log\BID.LOG

2011-11-10 10:50 . 2011-11-10 11:36        29786        ----a-w-        c:\users\xxx\AppData\Roaming\BID\bim.ini

.

---- Directory of c:\windows\W7SBC ----

.

2011-11-05 23:08 . 2011-11-05 23:08        35046        ----a-w-        c:\windows\W7SBC\cur.bmp

2011-11-05 23:08 . 2011-11-05 23:08        65        ----a-w-        c:\windows\W7SBC\res.ini

2011-11-05 23:08 . 2011-11-05 23:08        160        ----a-w-        c:\windows\W7SBC\res.log

2011-11-05 23:08 . 2011-11-05 23:08        238        ----a-w-        c:\windows\W7SBC\restore.bat

2011-11-05 23:08 . 2011-11-05 23:08        218        ----a-w-        c:\windows\W7SBC\change.bat

2011-11-05 23:08 . 2011-11-05 23:08        755        ----a-w-        c:\windows\W7SBC\scr

2011-11-05 23:08 . 2011-11-05 23:08        822272        ----a-w-        c:\windows\W7SBC\res.exe

.

.

(((((((((((((((((((((((((((((   SnapShot@2011-11-11_19.48.47   )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-06-20 15:27 . 2011-11-11 21:19        52158              c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 04:55 . 2011-11-11 21:19        43594              c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-06-20 14:16 . 2011-11-11 21:19        15512              c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3208466087-60621075-3746657911-1002_UserData.bin

- 2011-06-20 13:48 . 2011-11-11 19:28        16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-06-20 13:48 . 2011-11-11 21:15        16384              c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-06-20 13:48 . 2011-11-11 19:28        32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2011-06-20 13:48 . 2011-11-11 21:15        32768              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:41 . 2011-11-11 21:15        16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:41 . 2011-11-11 19:28        16384              c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-06-20 14:09 . 2011-11-11 21:17        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-06-20 14:09 . 2011-11-11 17:12        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:34 . 2011-11-11 21:19        81216              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat

+ 2011-06-20 14:09 . 2011-11-11 21:17        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-06-20 14:09 . 2011-11-11 17:12        32768              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-06-20 14:09 . 2011-11-11 17:12        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-06-20 14:09 . 2011-11-11 21:17        16384              c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-06-20 14:15 . 2011-11-11 22:04        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-06-20 14:15 . 2011-11-11 19:03        16384              c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-06-20 14:15 . 2011-11-11 19:03        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-06-20 14:15 . 2011-11-11 22:04        16384              c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2011-11-11 21:15 . 2011-11-11 21:15        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-11-11 17:10 . 2011-11-11 17:10        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-11-11 21:15 . 2011-11-11 21:15        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-11-11 17:10 . 2011-11-11 17:10        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-07-14 04:47 . 2011-11-11 21:09        835280              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2009-07-14 04:47 . 2011-11-11 03:38        835280              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 04:34 . 2011-11-11 21:18        5981801              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

- 2009-07-14 04:34 . 2011-11-09 16:50        5981801              c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat

+ 2011-11-10 12:48 . 2011-11-11 21:09        1052544              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

- 2011-11-10 12:48 . 2011-11-11 03:38        1052544              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat

+ 2011-11-09 16:43 . 2011-11-11 21:09        7230372              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3208466087-60621075-3746657911-1002-8192.dat

+ 2011-07-28 03:10 . 2011-11-11 21:09        8649220              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3208466087-60621075-3746657911-1002-12288.dat

- 2011-07-28 03:10 . 2011-11-09 15:03        8649220              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3208466087-60621075-3746657911-1002-12288.dat

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Pidgin"="c:\program files\Pidgin\pidgin.exe" [2011-08-20 48618]

"ncid.Net"="c:\program files\ncid.Net\ncid.Net.exe" [2011-11-03 984064]

"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2008-09-29 106496]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 1821576]

"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2009-10-02 643592]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-11-05 258512]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"SynchronousMachineGroupPolicy"= 0 (0x0)

"SynchronousUserGroupPolicy"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute        REG_MULTI_SZ           autocheck autochk *\0\0sdnclean.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]

2008-09-29 11:14        106496        ----a-w-        c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]

"Google Update"="c:\users\xxx\AppData\Local\Google\Update\GoogleUpdate.exe" /c

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

"LexwareInfoService"=c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

.

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-10 136176]

R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files\BitComet\tools\BitCometService.exe [2010-12-28 1296728]

R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-07-29 14216]

R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-07-29 8456]

R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-07-10 136176]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [x]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]

R3 MSI_MSIBIOS_010507;MSI_MSIBIOS_010507;c:\program files\MSI\Live Update 5\msibios32_100507.sys [x]

R3 MSSQL$JTLWAWI;SQL Server (JTLWAWI);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]

R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files\MSI\Live Update 5\NTIOLib.sys [x]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]

R3 SCL01132;SCL011 Contactless Reader;c:\windows\system32\DRIVERS\SCL01132.sys [2010-05-07 61824]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2011-11-05 111160]

S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 36000]

S2 AntiVirFirewallService;Avira FireWall;c:\program files\Avira\AntiVir Desktop\avfwsvc.exe [2011-11-05 616400]

S2 AntiVirMailService;Avira Email Schutz;c:\program files\Avira\AntiVir Desktop\avmailc.exe [2011-11-05 342480]

S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-11-05 86224]

S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [2011-11-05 463824]

S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]

S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]

S2 TeamViewer6;TeamViewer 6;c:\program files\TeamViewer\Version6\TeamViewer_Service.exe [2011-08-30 2358656]

S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2011-11-05 91096]

S3 dc3d;Microsoft-Hardware – Geräteerkennungstreiber;c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 40320]

S3 MADFUCONECTIV;Service for M-Audio Conectiv DFU;c:\windows\system32\DRIVERS\MAudioConectiv_DFU.sys [2009-10-02 42248]

S3 MAUSBCONECTIV;Service for M-Audio Conectiv;c:\windows\system32\DRIVERS\MAudioConectiv.sys [2009-10-02 158344]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]

.

.

Inhalt des "geplante Tasks" Ordners

.

2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-10 13:15]

.

2011-11-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-10 13:15]

.

.

------- Zusätzlicher Suchlauf -------

.

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Alles mit BitComet herunterladen - c:\program files\BitComet\BitComet.exe/AddAllLink.htm

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: An OneNote s&enden - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105

IE: BID Link Explorer: Öffne aktuelle Seite - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkexplorer.htm

IE: BID: Link in Queue einreihen - file://c:\program files\Bulk Image Downloader\iemenu\iebidlinkqueue.htm

IE: BID: Seite in &Queue einreihen - file://c:\program files\Bulk Image Downloader\iemenu\iebidqueue.htm

IE: BID: Öffne aktuelle Seite - file://c:\program files\Bulk Image Downloader\iemenu\iebid.htm

IE: BID: Öffne diesen &Link - file://c:\program files\Bulk Image Downloader\iemenu\iebidlink.htm

IE: Mit BitComet herunter&laden - c:\program files\BitComet\BitComet.exe/AddLink.htm

IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000

LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll

TCP: DhcpNameServer = 192.168.2.1

FF - ProfilePath - c:\users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\nxh9q5dv.default\

FF - user.js: network.http.max-persistent-connections-per-server - 4

FF - user.js: nglayout.initialpaint.delay - 600

FF - user.js: content.notify.interval - 600000

FF - user.js: content.max.tokenizing.time - 1800000

FF - user.js: content.switch.threshold - 600000

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-3208466087-60621075-3746657911-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{721F34D6-177E-0B5A-100D-6F2E2FB2D6A9}*]

"hagdjmlmbgfojoff"=hex:6a,61,61,63,69,67,69,6a,6e,65,6d,64,63,6b,6d,68,6f,64,

   6f,65,00,d4

"iamcdoknakfgojhdhg"=hex:6a,61,61,63,6e,61,6a,6a,67,6f,66,67,6e,62,6f,6f,61,6d,

   6c,6d,00,00

.

[HKEY_USERS\S-1-5-21-3208466087-60621075-3746657911-1002\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A225EC91-5397-517E-C9B1-973E71617067}*]

"iaecmhkjhjfchkkjhp"=hex:6b,61,69,64,6e,69,6d,67,6a,61,62,65,6e,67,6d,68,66,63,

   6b,61,66,65,00,00

"hakbgomlhamfaklm"=hex:6b,61,69,64,6e,69,6d,67,6a,61,62,65,6e,67,6d,68,66,63,

   6b,61,66,65,00,00

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Xanthic\{1246792F-C12E-81AE-FE96-35D2FC917677}*_]

"fr"="078D534A595D51"

"lr"="078D4C40445D51"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Zeit der Fertigstellung: 2011-11-11  23:31:53

ComboFix-quarantined-files.txt  2011-11-11 22:31

ComboFix2.txt  2011-11-11 19:54

.

Vor Suchlauf: 14 Verzeichnis(se), 13.989.175.296 Bytes frei

Nach Suchlauf: 15 Verzeichnis(se), 13.909.458.944 Bytes frei

.

- - End Of File - - 006F126DF472882EE38027C88E150C85

--- --- ---

Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).