Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   schwarzer Desktop, fehlende Icons und Ordner, delayed writed failed (https://www.trojaner-board.de/110236-schwarzer-desktop-fehlende-icons-ordner-delayed-writed-failed.html)

sunny2227 20.02.2012 22:44
schwarzer Desktop, fehlende Icons und Ordner, delayed writed failed
 
Hallo Zusammen,

ich hoffe jemand kann mir helfen.

Ich habe gestern im Internet gesurft und dann sind auf einmal 20 Fenster mit "delayed write failed" auf dem Bildschirm erschienen. Danach hat ein Systemscan begonnen und ein Haufen Felder mit Fehler bezogen auf Fehlfunktionen der Festplatte sind aufgetaucht.

Ich hänge mal das Ergebnis von Exterminate an.

Danke im voraus.


Database: 20.02.2012 (7953698 signatures)
www.exterminate-it.com

System Information:

Windows: 6.1.7601 Service Pack 1
Internet Explorer: 8.0.7601.17514
Firefox: 9.0.1.4371
Chrome: 17.0.963.56

Scan Type: Full Scan
Folders:
C:\

Scan Log:

20:13:59.004 Start Scan
20:18:13.479 Found Trojan.Agent.ATFF Trojan <Process 0x00000cac>=>c:\programdata\bhmmhjykmacfj.exe [3244] (memory dump)
20:18:13.500 Found Gen:Variant.Kazy.57089 Malware <Process 0x00000cac>=>c:\programdata\bhmmhjykmacfj.exe [3244] (disk)
20:18:13.508 Found Trojan.Agent.ATFF Trojan <Process 0x00000cac>=>c:\programdata\bhmmhjykmacfj.exe [3244] (full dump)
20:18:30.755 Found Gen:Variant.Kazy.57089 Malware C:\ProgramData\BHMmHjYKMAcfJ.exe
20:20:25.366 Found Gen:Variant.Kazy.57089 Malware <Process 0x00000fb8>=>c:\programdata\qfqpu6fc3bwt7y.exe [4024] (disk)
20:20:25.378 Found Trojan.Fakealert.CPS Trojan <Process 0x00000fb8>=>c:\programdata\qfqpu6fc3bwt7y.exe [4024] (full dump)
20:20:41.710 Found Gen:Variant.Kazy.57089 Malware C:\ProgramData\QFqPu6fC3BwT7Y.exe
20:21:29.834 Found Mail.ru Tracking Cookie C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\franzi@mail[1].txt
20:21:29.928 Found quantserve.com Tracking Cookie C:\Users\Franzi\AppData\Local\Google\Chrome\User Data\Default\Cookies: quantserve.com
20:21:41.287 Found Disabled Control Panel Menu Hijacker HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, Start_ShowControlPanel
20:21:41.309 Found Disabled My Computer Menu Hijacker HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, Start_ShowMyComputer
20:21:41.331 Found Disabled My Documents Menu Hijacker HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, Start_ShowMyDocs
20:21:41.355 Found Disabled My Music Menu Hijacker HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, Start_ShowMyMusic
20:21:41.389 Found Disabled My Pictures Menu Hijacker HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, Start_ShowMyPics
20:21:41.423 Found Disabled Network Connections Menu Hijacker HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, Start_ShowNetConn
20:21:41.458 Found Disabled Set Program Access And Defaults Menu Hijacker HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced, Start_ShowSetProgramAccessAndDefaults
20:21:41.495 Found Disabled Signature Check Hijacker HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download, CheckExeSignatures
21:04:18.170 Found Gen:Variant.TDss.77 Malware C:\ProgramData\Avira\AntiVir Desktop\INFECTED\490c9288.qua=>(Quarantine-8)
21:04:18.518 Found Gen:Variant.TDss.77 Malware C:\ProgramData\Avira\AntiVir Desktop\INFECTED\4a979119.qua=>(Quarantine-8)
21:09:07.671 Found Gen:Variant.Kazy.57089 Malware C:\Users\Franzi\AppData\Local\Temp\mFYNBx0UNVzIMI.exe.tmp
21:09:10.131 Found Gen:Variant.Kazy.56982 Malware C:\Users\Franzi\AppData\Local\Temp\ncxswoaemr.exe
22:08:29.683 End Scan

Summary:
Scan Duration: 1:54:31.142
Threats Detected: 21

cosinus 21.02.2012 19:33
Zitat:
C:\ProgramData\Avira\AntiVir Desktop
Wenn du schon AntIVir einsetzt und dies auch offensichtlich Funde hatte, dann poste auch alle Logs von AntiVir

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

sunny2227 21.02.2012 20:34
Code:

Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Sonntag, 19. Februar 2012  19:26

Es wird nach 3475161 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira AntiVir Personal - Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows 7 x64
Windowsversion : (Service Pack 1)  [6.1.7601]
Boot Modus    : Normal gebootet
Benutzername  : SYSTEM
Computername  : FRANZI-PC

Versionsinformationen:
BUILD.DAT      : 10.2.0.707    36070 Bytes  25.01.2012 12:53:00
AVSCAN.EXE    : 10.3.0.7      484008 Bytes  28.06.2011 19:16:51
AVSCAN.DLL    : 10.0.5.0      57192 Bytes  28.06.2011 19:16:51
LUKE.DLL      : 10.3.0.5      45416 Bytes  28.06.2011 19:16:52
LUKERES.DLL    : 10.0.0.0      13672 Bytes  14.01.2010 10:59:47
AVSCPLR.DLL    : 10.3.0.7      119656 Bytes  28.06.2011 19:16:52
AVREG.DLL      : 10.3.0.9      88833 Bytes  17.07.2011 10:28:19
VBASE000.VDF  : 7.10.0.0    19875328 Bytes  06.11.2009 08:05:36
VBASE001.VDF  : 7.11.0.0    13342208 Bytes  14.12.2010 18:59:46
VBASE002.VDF  : 7.11.19.170 14374912 Bytes  20.12.2011 17:55:34
VBASE003.VDF  : 7.11.21.238  4472832 Bytes  01.02.2012 20:17:18
VBASE004.VDF  : 7.11.21.239    2048 Bytes  01.02.2012 20:17:18
VBASE005.VDF  : 7.11.21.240    2048 Bytes  01.02.2012 20:17:18
VBASE006.VDF  : 7.11.21.241    2048 Bytes  01.02.2012 20:17:18
VBASE007.VDF  : 7.11.21.242    2048 Bytes  01.02.2012 20:17:18
VBASE008.VDF  : 7.11.21.243    2048 Bytes  01.02.2012 20:17:18
VBASE009.VDF  : 7.11.21.244    2048 Bytes  01.02.2012 20:17:18
VBASE010.VDF  : 7.11.21.245    2048 Bytes  01.02.2012 20:17:18
VBASE011.VDF  : 7.11.21.246    2048 Bytes  01.02.2012 20:17:18
VBASE012.VDF  : 7.11.21.247    2048 Bytes  01.02.2012 20:17:18
VBASE013.VDF  : 7.11.22.33  1486848 Bytes  03.02.2012 20:17:22
VBASE014.VDF  : 7.11.22.56    687616 Bytes  03.02.2012 20:17:24
VBASE015.VDF  : 7.11.22.92    178176 Bytes  06.02.2012 20:17:25
VBASE016.VDF  : 7.11.22.154  144896 Bytes  08.02.2012 07:34:43
VBASE017.VDF  : 7.11.22.220  183296 Bytes  13.02.2012 19:03:32
VBASE018.VDF  : 7.11.23.34    202752 Bytes  15.02.2012 16:15:35
VBASE019.VDF  : 7.11.23.98    126464 Bytes  17.02.2012 16:15:36
VBASE020.VDF  : 7.11.23.99      2048 Bytes  17.02.2012 16:15:36
VBASE021.VDF  : 7.11.23.100    2048 Bytes  17.02.2012 16:15:37
VBASE022.VDF  : 7.11.23.101    2048 Bytes  17.02.2012 16:15:37
VBASE023.VDF  : 7.11.23.102    2048 Bytes  17.02.2012 16:15:37
VBASE024.VDF  : 7.11.23.103    2048 Bytes  17.02.2012 16:15:37
VBASE025.VDF  : 7.11.23.104    2048 Bytes  17.02.2012 16:15:37
VBASE026.VDF  : 7.11.23.105    2048 Bytes  17.02.2012 16:15:37
VBASE027.VDF  : 7.11.23.106    2048 Bytes  17.02.2012 16:15:37
VBASE028.VDF  : 7.11.23.107    2048 Bytes  17.02.2012 16:15:37
VBASE029.VDF  : 7.11.23.108    2048 Bytes  17.02.2012 16:15:38
VBASE030.VDF  : 7.11.23.109    2048 Bytes  17.02.2012 16:15:38
VBASE031.VDF  : 7.11.23.122    40448 Bytes  19.02.2012 16:15:38
Engineversion  : 8.2.10.4 
AEVDF.DLL      : 8.1.2.2      106868 Bytes  26.10.2011 17:40:33
AESCRIPT.DLL  : 8.1.4.5      442745 Bytes  13.02.2012 07:35:48
AESCN.DLL      : 8.1.8.2      131444 Bytes  28.01.2012 19:57:18
AESBX.DLL      : 8.2.4.5      434549 Bytes  02.12.2011 20:31:01
AERDL.DLL      : 8.1.9.15      639348 Bytes  13.09.2011 19:36:02
AEPACK.DLL    : 8.2.16.3      799094 Bytes  13.02.2012 07:35:42
AEOFFICE.DLL  : 8.1.2.25      201084 Bytes  01.01.2012 17:27:37
AEHEUR.DLL    : 8.1.3.31    4395383 Bytes  19.02.2012 16:15:46
AEHELP.DLL    : 8.1.19.0      254327 Bytes  24.01.2012 20:23:52
AEGEN.DLL      : 8.1.5.21      409971 Bytes  06.02.2012 20:17:26
AEEXP.DLL      : 8.1.0.22      70005 Bytes  19.02.2012 16:15:46
AEEMU.DLL      : 8.1.3.0      393589 Bytes  28.11.2010 16:16:38
AECORE.DLL    : 8.1.25.4      201079 Bytes  14.02.2012 19:03:33
AEBB.DLL      : 8.1.1.0        53618 Bytes  07.10.2010 17:17:51
AVWINLL.DLL    : 10.0.0.0      19304 Bytes  14.01.2010 10:59:10
AVPREF.DLL    : 10.0.3.2      44904 Bytes  28.06.2011 19:16:51
AVREP.DLL      : 10.0.0.10    174120 Bytes  19.05.2011 15:19:48
AVARKT.DLL    : 10.0.26.1    255336 Bytes  28.06.2011 19:16:51
AVEVTLOG.DLL  : 10.0.0.9      203112 Bytes  28.06.2011 19:16:51
SQLITE3.DLL    : 3.6.19.0      355688 Bytes  28.01.2010 11:57:53
AVSMTP.DLL    : 10.0.0.17      63848 Bytes  16.03.2010 14:38:54
NETNT.DLL      : 10.0.0.0      11624 Bytes  19.02.2010 13:40:55
RCIMAGE.DLL    : 10.0.0.35    2589544 Bytes  28.06.2011 19:16:50
RCTEXT.DLL    : 10.0.64.0      98664 Bytes  28.06.2011 19:16:50

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: avguard_async_scan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_4f5662e8\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig

Beginn des Suchlaufs: Sonntag, 19. Februar 2012  19:26

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqToaster.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'Com4QLBEx.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqwmiex.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'CLMLSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'fpassist.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AdobeARM.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuschd2.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'QLBCTRL.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeaTimer.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPAdvisor.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDWinSec.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeamViewer_Service.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'RichVideo.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'StartManSvc.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'NBService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'MDM.EXE' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\Franzi\AppData\Local\Temp\MRT.exe'
C:\Users\Franzi\AppData\Local\Temp\MRT.exe
  [FUND]      Ist das Trojanische Pferd TR/Crypt.XPACK.Gen3
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4a979119.qua' verschoben!


Ende des Suchlaufs: Sonntag, 19. Februar 2012  19:26
Benötigte Zeit: 00:03 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
    28 Dateien wurden geprüft
      1 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
    27 Dateien ohne Befall
      0 Archive wurden durchsucht
      0 Warnungen

sunny2227 21.02.2012 20:35
Danke für die schnelle Antwort!

cosinus 21.02.2012 21:07
Da sind besimmt noch andere Logs von AntIVir

sunny2227 21.02.2012 21:15
Bei den LOGs sind nur noch Updates dabei.

Bei Ereignissen habe ich noch folgendes gefunden:
In der Datei 'C:\Users\Franzi\AppData\Local\Temp\tmp0000157f\tmp000698a2'
wurde ein Virus oder unerwünschtes Programm 'TR/Patched.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff erlauben

Was brauchst Du genau?

Vielen Dank für die Hilfe!

cosinus 21.02.2012 21:20
Bitte nun routinemäßig einen Vollscan mit malwarebytes machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

sunny2227 22.02.2012 20:34
Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.22.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Franzi :: FRANZI-PC [Administrator]

Schutz: Aktiviert

22.02.2012 18:57:00
mbam-log-2012-02-22 (20-30-38).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 410640
Laufzeit: 1 Stunde(n), 32 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Keine Aktion durchgeführt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

sunny2227 22.02.2012 20:35
Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.22.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Franzi :: FRANZI-PC [Administrator]

Schutz: Aktiviert

22.02.2012 18:57:00
mbam-log-2012-02-22 (18-57-00).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 410640
Laufzeit: 1 Stunde(n), 32 Minute(n), 2 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced|Start_ShowSearch (PUM.Hijack.StartMenu) -> Bösartig: (0) Gut: (1) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 22.02.2012 20:56
Eset machst du noch?

sunny2227 22.02.2012 21:00
Mache ich gerade. :)

Danke für Deine Hilfe!

sunny2227 23.02.2012 22:20
Endlich geschafft ! :)
Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=957a5b158e6fd242b8d607f371fb755c
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-02-23 09:16:10
# local_time=2012-02-23 10:16:10 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1797 16775165 100 94 91618 66477026 84322 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776573 100 94 88892 81570020 0 0
# compatibility_mode=8192 67108863 100 0 4111 4111 0 0
# scanned=241114
# found=4
# cleaned=0
# scan_time=5200
C:\Program Files (x86)\PCSafeDoctor\RkHitApi.dll        a variant of Win32/Adware.SpywareCease.AA application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Franzi\Downloads\PCSafeDoctor_Setup.exe        multiple threats (unable to clean)        00000000000000000000000000000000        I
C:\Windows\System32\drivers\RKHit.sys        Win32/Adware.SpywareCease application (unable to clean)        00000000000000000000000000000000        I
C:\Windows\SysWOW64\drivers\RKHit.sys        Win32/Adware.SpywareCease application (unable to clean)        00000000000000000000000000000000        I

cosinus 24.02.2012 10:48
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

sunny2227 26.02.2012 10:09
OTL Logfile:
Code:
OTL logfile created on: 26.02.2012 00:46:26 - Run 1
OTL by OldTimer - Version 3.2.33.2    Folder = C:\Users\Franzi\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 60,52% Memory free
7,93 Gb Paging File | 6,03 Gb Available in Paging File | 75,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,48 Gb Total Space | 341,09 Gb Free Space | 75,38% Space Free | Partition Type: NTFS
Drive D: | 12,98 Gb Total Space | 2,17 Gb Free Space | 16,70% Space Free | Partition Type: NTFS
 
Computer Name: FRANZI-PC | User Name: Franzi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.02.26 00:43:03 | 000,583,680 | ---- | M] (OldTimer Tools) -- C:\Users\Franzi\Downloads\OTL.exe
PRC - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.06.28 20:16:51 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.15 19:07:49 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2010.11.14 20:36:55 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.10.01 12:27:22 | 000,632,792 | ---- | M] (PC Tools) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe
PRC - [2009.10.13 08:39:04 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.09.05 17:29:06 | 000,385,024 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2009.07.23 10:37:16 | 000,206,120 | ---- | M] (CyberLink) -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.02.23 19:41:05 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll
MOD - [2012.02.22 19:07:32 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\74fcc0f56435d0396f9524cd4293d3e5\PresentationFramework.Aero.ni.dll
MOD - [2012.02.22 19:06:55 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll
MOD - [2012.02.22 19:06:48 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\eedf95f16a7e81ca43dd8accf11498a3\System.Data.ni.dll
MOD - [2012.02.22 19:06:19 | 014,339,072 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\02f7846cbc5c02a5dbf50fd34325eb61\PresentationFramework.ni.dll
MOD - [2012.02.22 19:05:45 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll
MOD - [2012.02.22 19:05:27 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll
MOD - [2012.02.22 19:05:22 | 012,234,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\f4b2424c1b32fbd11130482bb899b7ae\PresentationCore.ni.dll
MOD - [2012.02.22 19:04:59 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll
MOD - [2012.02.22 19:04:48 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll
MOD - [2012.02.22 19:04:40 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll
MOD - [2012.02.22 19:04:38 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll
MOD - [2011.12.03 17:03:43 | 000,185,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationTypes\93df5ea9646ad11a21517e4ab1d803d9\UIAutomationTypes.ni.dll
MOD - [2011.12.03 17:03:43 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\bb1d36ae26e7cadf563061596682e747\UIAutomationProvider.ni.dll
MOD - [2011.12.03 17:03:43 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll
MOD - [2011.12.03 17:02:50 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010.05.04 22:49:47 | 000,102,400 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\HP.ActiveSupportLibrary\2.0.0.1__01a974bc1760f423\HP.ActiveSupportLibrary.dll
MOD - [2010.03.15 15:57:20 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2009.09.09 05:31:25 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.09.09 05:31:25 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2009.07.23 10:37:14 | 000,931,112 | ---- | M] () -- c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMediaLibrary.dll
MOD - [2009.07.15 16:51:04 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\PCAlerts\PCAlertsPillar.dll
MOD - [2009.07.15 16:51:02 | 000,131,072 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Pillars\ECenter\ECLibrary.dll
MOD - [2009.07.15 16:50:58 | 000,040,960 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingServer.dll
MOD - [2009.07.15 16:50:56 | 000,036,864 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingClients.dll
MOD - [2009.07.15 16:50:56 | 000,007,680 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\RemotingClient.dll
MOD - [2009.07.15 16:50:54 | 000,005,632 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingInterface.dll
MOD - [2009.07.15 16:50:52 | 000,018,944 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\MessagingMessages.dll
MOD - [2009.07.15 16:50:44 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Microsoft.Practices.EnterpriseLibrary.ExceptionHandling.Logging.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2009.07.22 02:33:32 | 000,240,128 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\stacsv64.exe -- (STacSV)
SRV:64bit: - [2009.07.08 12:49:02 | 000,030,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\Windows\SysNative\hpservice.exe -- (hpsrv)
SRV:64bit: - [2009.03.02 22:42:58 | 000,089,600 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe -- (AESTFilters)
SRV - [2012.01.13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.10.27 10:34:30 | 000,718,384 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.06.28 20:16:51 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.15 19:07:49 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.10.01 12:27:22 | 000,632,792 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe -- (PCToolsSSDMonitorSvc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.13 08:39:04 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.22 19:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009.02.22 11:00:00 | 000,129,584 | ---- | M] (EasyBits Sofware AS) [Auto | Running] -- C:\Windows\SysWOW64\ezsvc7.dll -- (ezSharedSvc)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.10 15:24:08 | 000,023,152 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2011.06.28 20:16:52 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.06.28 20:16:52 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.09.07 02:04:00 | 002,755,072 | ---- | M] (Novatek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvtcam.sys -- (DCamUSBNovatek)
DRV:64bit: - [2010.06.06 11:42:57 | 000,828,912 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.09.22 02:47:14 | 001,484,800 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.22 02:33:32 | 000,487,936 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA)
DRV:64bit: - [2009.07.16 19:31:50 | 000,040,448 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.13 23:31:42 | 000,233,472 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.07.08 12:49:08 | 000,030,008 | ---- | M] (Hewlett-Packard) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hpdskflt.sys -- (hpdskflt)
DRV:64bit: - [2009.07.08 12:48:50 | 000,041,272 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Accelerometer.sys -- (Accelerometer)
DRV:64bit: - [2009.06.27 00:55:10 | 000,083,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009.06.10 22:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 22:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 22:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 21:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.25 04:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.29 07:48:32 | 000,018,432 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\sasdifsv64.sys -- (SASDIFSV)
DRV - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Programme\SUPERAntiSpyware\saskutil64.sys -- (SASKUTIL)
DRV - [2010.12.30 10:54:06 | 000,034,736 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\RKHit.sys -- (RkHit)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3187269907-1231647918-1798794730-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-3187269907-1231647918-1798794730-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKU\S-1-5-21-3187269907-1231647918-1798794730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3187269907-1231647918-1798794730-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.51
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=13: C:\Program Files (x86)\Google\Google Updater\2.4.1739.5352\npCIDetect13.dll (Google)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.03.12 21:12:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.03.12 21:12:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.13 19:14:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.19 19:29:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.03.12 21:19:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.02.19 19:29:29 | 000,000,000 | ---D | M]
 
[2009.12.25 12:15:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franzi\AppData\Roaming\mozilla\Extensions
[2009.12.25 12:15:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franzi\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.01.26 19:24:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\0grq5rxq.default\extensions
[2012.01.26 19:24:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\0grq5rxq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.04.29 21:30:50 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\0grq5rxq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.02.22 21:06:29 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.02.22 21:06:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.02.13 19:14:09 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.22 21:06:10 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.02.13 19:14:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.13 19:14:04 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.13 19:14:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.13 19:14:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.13 19:14:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.13 19:14:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\12.0.742.100\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: DivX OVS Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files (x86)\Google\Google Updater\2.4.1739.5352\npCIDetect13.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: DivX HiQ = C:\Users\Franzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae\2.1.1.94_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\Franzi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.1.94_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programme\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [HPCam_Menu] c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [pcsafedoctor.exe] C:\Program Files (x86)\PCSafeDoctor\pcsafedoctor.exe ()
O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3187269907-1231647918-1798794730-1000..\Run: [BHMmHjYKMAcfJ.exe] C:\ProgramData\BHMmHjYKMAcfJ.exe File not found
O4 - HKU\S-1-5-21-3187269907-1231647918-1798794730-1000..\Run: [DAEMON Tools Pro Agent] C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-3187269907-1231647918-1798794730-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-21-3187269907-1231647918-1798794730-1000..\Run: [SUPERAntiSpyware] C:\Programme\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Franzi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-3187269907-1231647918-1798794730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-3187269907-1231647918-1798794730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-3187269907-1231647918-1798794730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Franzi\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Franzi\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{00ACA3D0-858B-4DF5-97FB-6FD6B7083CBC}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e6d37420-f173-11de-91fb-9c10b7c4679a}\Shell - "" = AutoRun
O33 - MountPoints2\{e6d37420-f173-11de-91fb-9c10b7c4679a}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{e6d37420-f173-11de-91fb-9c10b7c4679a}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{e6d37420-f173-11de-91fb-9c10b7c4679a}\Shell\install\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{ed8a7a06-7158-11df-8426-8ae1784c8e93}\Shell - "" = AutoRun
O33 - MountPoints2\{ed8a7a06-7158-11df-8426-8ae1784c8e93}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: ezSharedSvc - C:\Windows\SysWOW64\ezsvc7.dll (EasyBits Sofware AS)
 
MsConfig:64bit - StartUpReg: BHMmHjYKMAcfJ.exe - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - StartUpReg: ICQ - hkey= - key= - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.)
MsConfig:64bit - StartUpReg: Name of App - hkey= - key= - C:\Program Files (x86)\SAMSUNG\FW LiveUpdate\FWManager.exe ( )
MsConfig:64bit - StartUpReg: Skype - hkey= - key= - C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
MsConfig:64bit - StartUpReg: SSDMonitor - hkey= - key= - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
SafeBootMin:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: !SASCORE - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE (SUPERAntiSpyware.com)
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
Drivers32: vidc.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: vidc.yv12 - C:\Windows\SysWow64\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.02.22 21:07:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.02.22 20:40:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.02.20 22:08:40 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\Malwarebytes
[2012.02.20 22:08:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.02.20 22:08:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.02.20 22:08:31 | 000,023,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.02.20 22:08:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.02.20 19:04:57 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\Curiolab
[2012.02.20 19:03:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exterminate It!
[2012.02.20 19:03:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Exterminate It!
[2012.02.20 18:58:03 | 000,000,000 | ---D | C] -- C:\Users\Franzi\Desktop\Downloads
[2012.02.20 18:54:49 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\GetRightToGo
[2012.02.20 18:41:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSafeDoctor
[2012.02.20 18:40:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PCSafeDoctor
[2012.02.19 19:13:42 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\SUPERAntiSpyware.com
[2012.02.19 19:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.02.19 19:13:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.02.19 19:13:31 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.02.19 18:34:01 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.02.19 17:55:36 | 000,000,000 | ---D | C] -- C:\Users\Franzi\Desktop\illustrator
[2012.02.19 17:49:49 | 000,000,000 | ---D | C] -- C:\Users\Franzi\Desktop\Adobe Illustrator CS5.1
[2012.02.19 17:49:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe Download Assistant
[2012.02.13 08:47:10 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\Avira
[2011.03.18 21:08:49 | 001,531,392 | ---- | C] (Toshiba Samsung Storage Technology Corporation) -- C:\Users\Franzi\AppData\Roaming\tsdnwin.dll
 
========== Files - Modified Within 30 Days ==========
 
[2012.02.26 00:46:30 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.02.26 00:46:30 | 000,023,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.02.26 00:42:01 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.02.26 00:38:26 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.02.26 00:37:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.02.26 00:36:57 | 3195,219,968 | -HS- | M] () -- C:\hiberfil.sys
[2012.02.23 19:05:30 | 000,000,268 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2012.02.23 12:44:53 | 000,001,034 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2012.02.22 18:52:38 | 000,462,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.02.20 22:08:34 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.20 19:03:38 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\Exterminate It!.lnk
[2012.02.20 18:58:16 | 001,519,874 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.02.20 18:58:16 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.02.20 18:58:16 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.02.20 18:58:16 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.02.20 18:58:16 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.02.20 18:41:36 | 000,000,022 | ---- | M] () -- C:\Windows\tpcsd
[2012.02.20 18:41:01 | 000,001,059 | ---- | M] () -- C:\Users\Franzi\Desktop\pcsafedoctor.lnk
[2012.02.19 19:07:01 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForFranzi.job
[2012.02.19 18:43:25 | 000,000,448 | ---- | M] () -- C:\ProgramData\QFqPu6fC3BwT7Y
[2012.02.19 18:40:50 | 000,000,272 | ---- | M] () -- C:\ProgramData\~QFqPu6fC3BwT7Y
[2012.02.19 18:40:49 | 000,000,184 | ---- | M] () -- C:\ProgramData\~QFqPu6fC3BwT7Yr
[2012.02.19 18:34:01 | 000,000,653 | ---- | M] () -- C:\Users\Franzi\Desktop\System Check.lnk
[2012.02.19 17:13:51 | 000,000,439 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\SamsungLiveUpdateConfig.ini
 
========== Files Created - No Company Name ==========
 
[2012.02.21 21:02:09 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\Exterminate It!.lnk
[2012.02.20 22:08:34 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.02.20 18:41:36 | 000,000,022 | ---- | C] () -- C:\Windows\tpcsd
[2012.02.20 18:41:01 | 000,001,059 | ---- | C] () -- C:\Users\Franzi\Desktop\pcsafedoctor.lnk
[2012.02.20 18:40:47 | 000,034,736 | ---- | C] () -- C:\Windows\SysWow64\drivers\RKHit.sys
[2012.02.19 19:29:29 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2012.02.19 18:34:01 | 000,000,653 | ---- | C] () -- C:\Users\Franzi\Desktop\System Check.lnk
[2012.02.19 18:34:01 | 000,000,272 | ---- | C] () -- C:\ProgramData\~QFqPu6fC3BwT7Y
[2012.02.19 18:34:01 | 000,000,184 | ---- | C] () -- C:\ProgramData\~QFqPu6fC3BwT7Yr
[2012.02.19 18:33:58 | 000,000,448 | ---- | C] () -- C:\ProgramData\QFqPu6fC3BwT7Y
[2012.02.06 21:27:39 | 000,000,336 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForFranzi.job
[2012.01.23 16:38:10 | 000,045,766 | ---- | C] () -- C:\Users\Franzi\AppData\Local\tmp899_0.0
[2012.01.23 16:38:10 | 000,015,004 | ---- | C] () -- C:\Users\Franzi\AppData\Local\tmp899_0.JPG
[2011.03.18 21:04:18 | 000,000,439 | ---- | C] () -- C:\Users\Franzi\AppData\Roaming\SamsungLiveUpdateConfig.ini
[2011.03.12 21:15:18 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.03.12 21:15:18 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.08.04 11:55:44 | 000,160,872 | ---- | C] () -- C:\Windows\SysWow64\Cam122.ini
[2010.06.06 11:57:41 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2010.05.06 19:31:16 | 000,012,800 | ---- | C] () -- C:\Users\Franzi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== LOP Check ==========
 
[2010.03.31 17:35:51 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\ChessBase
[2010.02.02 22:30:06 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Chilirec
[2011.08.16 21:23:32 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.02.20 19:04:57 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Curiolab
[2009.12.25 17:43:56 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\DAEMON Tools Lite
[2010.06.06 11:52:09 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\DAEMON Tools Pro
[2012.02.26 00:39:15 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Dropbox
[2010.04.29 21:30:50 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.09 19:53:49 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\elsterformular
[2012.02.20 19:03:39 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\GetRightToGo
[2010.12.22 20:22:02 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\ICQ
[2011.01.02 21:48:10 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Local
[2011.12.14 21:07:44 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Nokia
[2010.05.06 19:29:17 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Nokia Ovi Suite
[2010.01.10 16:33:47 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\OpenOffice.org
[2011.03.27 11:13:33 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\PC Suite
[2011.12.04 21:52:07 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Registry Mechanic
[2012.01.10 20:36:17 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\TeamViewer
[2010.01.29 16:41:43 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Template
[2009.12.25 12:15:42 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Thunderbird
[2009.12.27 20:12:11 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\WildTangent
[2010.06.19 21:47:49 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\WindSolutions
[2009.12.25 09:52:22 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\_MDLogs
[2012.02.23 19:05:30 | 000,000,268 | ---- | M] () -- C:\Windows\Tasks\RMSchedule.job
[2011.12.14 20:50:09 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.08.16 21:22:39 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Adobe
[2010.06.16 18:05:44 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Apple Computer
[2012.02.13 08:47:10 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Avira
[2010.03.31 17:35:51 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\ChessBase
[2010.02.02 22:30:06 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Chilirec
[2011.08.16 21:23:32 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.02.20 19:04:57 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Curiolab
[2010.01.24 19:54:51 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\CyberLink
[2009.12.25 17:43:56 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\DAEMON Tools Lite
[2010.06.06 11:52:09 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\DAEMON Tools Pro
[2011.01.03 22:52:33 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\DivX
[2012.02.26 00:39:15 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Dropbox
[2010.04.29 21:30:50 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.01.09 19:53:49 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\elsterformular
[2012.02.20 19:03:39 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\GetRightToGo
[2009.12.25 08:41:06 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Google
[2010.09.13 19:44:48 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Hewlett-Packard
[2010.04.05 20:38:24 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\HP Support Assistant
[2009.12.24 15:35:23 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\HP TCS
[2009.12.25 23:16:21 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\hpqlog
[2010.04.05 20:38:24 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\HpUpdate
[2010.12.22 20:22:02 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\ICQ
[2009.12.24 15:37:57 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Identities
[2011.03.18 21:21:12 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\InstallShield
[2011.01.02 21:48:10 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Local
[2009.12.24 21:27:42 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Macromedia
[2012.02.20 22:08:40 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Malwarebytes
[2009.09.27 06:54:19 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Media Center Programs
[2010.06.06 16:06:14 | 000,000,000 | --SD | M] -- C:\Users\Franzi\AppData\Roaming\Microsoft
[2009.12.25 09:40:24 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Mozilla
[2012.01.04 20:53:45 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Nero
[2011.12.14 21:07:44 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Nokia
[2010.05.06 19:29:17 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Nokia Ovi Suite
[2010.01.10 16:33:47 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\OpenOffice.org
[2011.03.27 11:13:33 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\PC Suite
[2011.12.04 21:52:07 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Registry Mechanic
[2012.02.13 09:27:14 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Skype
[2012.02.19 19:13:42 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\SUPERAntiSpyware.com
[2012.01.10 20:36:17 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\TeamViewer
[2010.01.29 16:41:43 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Template
[2009.12.25 12:15:42 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\Thunderbird
[2009.12.27 20:12:11 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\WildTangent
[2010.06.19 21:47:49 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\WindSolutions
[2011.09.19 19:45:26 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\WinRAR
[2009.12.25 09:52:22 | 000,000,000 | ---D | M] -- C:\Users\Franzi\AppData\Roaming\_MDLogs
 
< %APPDATA%\*.exe /s >
[2010.02.02 22:30:05 | 026,182,582 | ---- | M] () -- C:\Users\Franzi\AppData\Roaming\Chilirec\ChilirecUpdate.exe
[2011.05.25 21:07:14 | 024,176,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\Franzi\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2011.05.25 21:07:18 | 000,174,784 | ---- | M] (Dropbox, Inc.) -- C:\Users\Franzi\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.02.19 17:51:47 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Franzi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
 
< %SYSTEMDRIVE%\*.exe >
 
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2007.05.17 20:34:04 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTOR.SYS  >
[2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys
[2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\drivers\iaStor.sys
[2009.06.04 17:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_7fb62b08f6b7117a\iaStor.sys
[2009.06.04 17:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\driver\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012.01.13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
<          >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:D1B5B4F1

< End of report >
--- --- ---

sunny2227 26.02.2012 10:12
OTL EXTRAS Logfile:
Code:
OTL Extras logfile created on: 26.02.2012 00:46:26 - Run 1
OTL by OldTimer - Version 3.2.33.2    Folder = C:\Users\Franzi\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,97 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 60,52% Memory free
7,93 Gb Paging File | 6,03 Gb Available in Paging File | 75,98% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452,48 Gb Total Space | 341,09 Gb Free Space | 75,38% Space Free | Partition Type: NTFS
Drive D: | 12,98 Gb Total Space | 2,17 Gb Free Space | 16,70% Space Free | Partition Type: NTFS
 
Computer Name: FRANZI-PC | User Name: Franzi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-3187269907-1231647918-1798794730-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E543634-7E25-4B8F-8D5B-97880E5E5088}" = Bonjour
"{26A24AE4-039D-4CA4-87B4-2F86416014FF}" = Java(TM) 6 Update 14 (64-bit)
"{28D73032-5DAA-4F83-B154-85105DBCCB92}" = iTunes
"{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}" = MobileMe Control Panel
"{439760BC-7737-4386-9B1D-A90A3E8A22EA}" = Apple Mobile Device Support
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{7FD7F421-39B2-4CAC-BC41-7D83DDBAB329}" = HP 3D DriveGuard
"{88E60521-1E4E-4785-B9F1-1798A4BD0C30}" = HP MediaSmart SmartMenu
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Alps Touch Pad Driver
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"Redirection Port Monitor" = RedMon - Redirection Port Monitor
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"{02627EE5-EACA-4742-A9CC-E687631773E4}" = Nero ShowTime
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{11F5D779-7BD9-465A-BBC4-10701386BCB9}" = FW LiveUpdate
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{1C00C7C5-E615-4139-B817-7F4003DE68C0}" = Nero PhotoSnap Help
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{20400DBD-E6DB-45B8-9B6B-1DD7033818EC}" = Nero InfoTool Help
"{2348B586-C9AE-46CE-936C-A68E9426E214}" = Nero StartSmart Help
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{26A24AE4-039D-4CA4-87B4-2F83216013F0}" = Java(TM) 6 Update 13
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = PowerRecover
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D43D635-6FDA-4FA5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{55EB7967-5BB1-4EA2-8AFF-B2F9E487E553}" = PC Connectivity Solution
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth
"{5D9BE3C1-8BA4-4E7E-82FD-9F74FA6815D1}" = Nero Vision Help
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{60C731FB-C951-41CE-AD41-8E54C8594609}" = Nero Disc Copy Gadget Help
"{60DE4033-9503-48D1-A483-7846BD217CA9}" = ICQ6.5
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{70D9854A-CEF5-4BCF-B37A-0AA1AB0A83CF}" = Playchess
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{83202942-84B3-4C50-8622-B8C0AA2D2885}" = Nero Express Help
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUSR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{903B0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Project Professional 2003
"{90510407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{97DB07C0-7E43-4C4A-8766-26396935F177}" = Playchess
"{99E862CC-6F69-4D39-99AA-DBF71BF3B585}" = OpenOffice.org 3.1
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.0 MUI
"{AD6BC5CC-2EF0-49C4-B33D-CDC8B2C4DC80}" = Nero Recode Help
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"{B3276CB1-20B6-4AF9-AAEC-E72C83816495}" = IKEA Home Planner
"{B3575D00-27EF-49C2-B9E0-14B3D954E992}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B53E61D7-7C80-40DF-82D2-CF5390D6D20A}" = HP Advisor
"{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}" = HP Support Assistant
"{BCA9BA16-4512-49E3-8F58-1546A0BE8532}" = HP User Guides 0144
"{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{C3A32068-8AB1-4327-BB16-BED9C6219DC7}" = Atheros Driver Installation Program
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{C81A2FE0-3574-00A9-CED4-BDAA334CBE8E}" = Nero Online Upgrade
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CC019E3F-59D2-4486-8D4B-878105B62A71}" = Nero DiscSpeed Help
"{CE29AF6F-4BF5-485F-8736-9AE4A400748B}" = Alcor Micro USB Card Reader
"{CE96F5A5-584D-4F8F-AA3E-9BAED413DB72}" = Nero CoverDesigner Help
"{d2fcc095-43f2-40ce-ad95-2e7659410dfd}" = Nero 9 Essentials
"{D3507473-2CE3-4073-A6BA-A0846B5CC687}" = Namo WebEditor 8
"{D46D081B-F60E-467E-A7C4-117B70D76731}" = HP Update
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{E1845F1C-068C-F8F4-D31D-D3540D47C453}" = Adobe Download Assistant
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"{E5C7D048-F9B4-4219-B323-8BDB01A2563D}" = Nero DriveSpeed Help
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F3B912F5-EB57-45AA-B3D1-EB532BCF6EF8}" = HP Setup
"{F4041DCE-3FE1-4E18-8A9E-9DE65231EE36}" = Nero ControlCenter
"{F6BDD7C5-89ED-4569-9318-469AA9732572}" = Nero BurnRights Help
"{F9A43C0C-F274-4EC0-B02E-202C15C09C00}" = HP Wireless Assistant
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Chilirec_0" = Chilirec 1.01
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX-Setup
"EasyBits Magic Desktop" = Magic Desktop
"ElsterFormular für Privatanwender und Unternehmer 11.5.3.5585" = ElsterFormular für Privatanwender und Unternehmer
"ESET Online Scanner" = ESET Online Scanner v3
"Exterminate It!" = Exterminate It!
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.3
"FreePDF_XP" = FreePDF (Remove only)
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"GPL Ghostscript 8.70" = GPL Ghostscript 8.70
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = HP MediaSmart Webcam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = HP MediaSmart Movie Themes
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{B2EE25B9-5B00-4ACF-94F0-92433C28C39E}" = HP MediaSmart Music/Photo/Video
"InstallShield_{BD57EA4D-026E-4F08-9B93-080E282B81FE}" = iPod for Windows 2006-06-28
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{CE29AF6F-4BF5-485F-8736-9AE4A400748B}" = Alcor Micro USB Card Reader
"InstallShield_{E553760D-D7F7-48BF-BD8B-C7E23BA04CB5}" = HP MediaSmart Internet TV
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Mozilla Thunderbird (3.1.9)" = Mozilla Thunderbird (3.1.9)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"PCSafeDoctor_is1" = PCSafeDoctor
"Picasa 3" = Picasa 3
"Registry Mechanic_is1" = Registry Mechanic 10.0
"TeamViewer 7" = TeamViewer 7
"Uninstall_is1" = Uninstall 1.0.0.1
"WildTangent hp Master Uninstall" = HP Games
"WinHTTrack Website Copier_is1" = WinHTTrack Website Copier 3.43-9
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
"Xvid_is1" = Xvid 1.2.2 final uninstall
"Zattoo" = Zattoo 3.3.4 Beta
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3187269907-1231647918-1798794730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 07.10.2010 13:23:41 | Computer Name = Franzi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 07.10.2010 13:23:42 | Computer Name = Franzi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 07.10.2010 13:23:54 | Computer Name = Franzi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 07.10.2010 13:23:54 | Computer Name = Franzi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 07.10.2010 13:23:58 | Computer Name = Franzi-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hpasset.exe, Version: 3.0.0.3, Zeitstempel:
 0x4ab90f9f  Name des fehlerhaften Moduls: hpasset.exe, Version: 3.0.0.3, Zeitstempel:
 0x4ab90f9f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0003f1c9  ID des fehlerhaften Prozesses:
 0x1634  Startzeit der fehlerhaften Anwendung: 0x01cb66446afcd335  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPAsset\hpasset.exe
Berichtskennung:
 aae7a656-d237-11df-9e1d-cc39296b0b06
 
Error - 07.10.2010 13:24:02 | Computer Name = Franzi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 07.10.2010 13:24:04 | Computer Name = Franzi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 07.10.2010 13:24:06 | Computer Name = Franzi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 10.10.2010 16:10:27 | Computer Name = Franzi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 10.10.2010 16:10:27 | Computer Name = Franzi-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
[ Hewlett-Packard Events ]
Error - 16.01.2011 13:24:08 | Computer Name = Franzi-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)    bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

  bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)    bei System.IO.StreamReader..ctor(String path, Encoding encoding)

  bei System.IO.File.ReadAllText(String path, Encoding encoding)    bei n.a()
 
Error - 18.03.2011 15:13:41 | Computer Name = Franzi-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)    bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

  bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)    bei System.IO.StreamReader..ctor(String path, Encoding encoding)

  bei System.IO.File.ReadAllText(String path, Encoding encoding)    bei n.a()
 
Error - 30.03.2011 16:46:14 | Computer Name = Franzi-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)    bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

  bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)    bei System.IO.StreamReader..ctor(String path, Encoding encoding)

  bei System.IO.File.ReadAllText(String path, Encoding encoding)    bei n.a()
 
Error - 03.08.2011 14:47:34 | Computer Name = Franzi-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)    bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

  bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)    bei System.IO.StreamReader..ctor(String path, Encoding encoding)

  bei System.IO.File.ReadAllText(String path, Encoding encoding)    bei n.a()
 
Error - 18.08.2011 14:56:23 | Computer Name = Franzi-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)    bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

  bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)    bei System.IO.StreamReader..ctor(String path, Encoding encoding)

  bei System.IO.File.ReadAllText(String path, Encoding encoding)    bei n.a()
 
Error - 07.09.2011 16:47:39 | Computer Name = Franzi-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)    bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

  bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)    bei System.IO.StreamReader..ctor(String path, Encoding encoding)

  bei System.IO.File.ReadAllText(String path, Encoding encoding)    bei n.a()
 
Error - 26.10.2011 13:50:09 | Computer Name = Franzi-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)    bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

  bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)    bei System.IO.StreamReader..ctor(String path, Encoding encoding)

  bei System.IO.File.ReadAllText(String path, Encoding encoding)    bei n.a()
 
Error - 24.11.2011 07:44:12 | Computer Name = Franzi-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)    bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

  bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)    bei System.IO.StreamReader..ctor(String path, Encoding encoding)

  bei System.IO.File.ReadAllText(String path, Encoding encoding)    bei n.a()
 
Error - 14.12.2011 16:01:06 | Computer Name = Franzi-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)    bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

  bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)    bei System.IO.StreamReader..ctor(String path, Encoding encoding)

  bei System.IO.File.ReadAllText(String path, Encoding encoding)    bei n.a()
 
Error - 04.01.2012 16:03:08 | Computer Name = Franzi-PC | Source = Hewlett-Packard | ID = 0
Description = de-DE Die Datei "C:\Program Files (x86)\Hewlett-Packard\HP Support
Framework\Logs\SystemInfoAA.xml" konnte nicht gefunden werden. mscorlib    bei System.IO.__Error.WinIOError(Int32
 errorCode, String maybeFullPath)    bei System.IO.FileStream.Init(String path, FileMode
 mode, FileAccess access, Int32 rights, Boolean useRights, FileShare share, Int32
 bufferSize, FileOptions options, SECURITY_ATTRIBUTES secAttrs, String msgPath,
Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode mode,
 FileAccess access, FileShare share, Int32 bufferSize, FileOptions options, String
 msgPath, Boolean bFromProxy)    bei System.IO.FileStream..ctor(String path, FileMode
 mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions options)

  bei System.IO.StreamReader..ctor(String path, Encoding encoding, Boolean detectEncodingFromByteOrderMarks,
 Int32 bufferSize)    bei System.IO.StreamReader..ctor(String path, Encoding encoding)

  bei System.IO.File.ReadAllText(String path, Encoding encoding)    bei n.a()
 
[ System Events ]
Error - 20.02.2012 15:11:52 | Computer Name = Franzi-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2660075)
 
Error - 20.02.2012 15:11:52 | Computer Name = Franzi-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
 Systeme (KB2660465)
 
Error - 20.02.2012 15:11:52 | Computer Name = Franzi-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
 Systeme (KB2645640)
 
Error - 20.02.2012 15:11:52 | Computer Name = Franzi-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
 3.5.1 unter Windows 7 und Windows Server 2008 R2 SP1 für x64-basierte Systeme (KB2633873)
 
Error - 20.02.2012 15:12:23 | Computer Name = Franzi-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\RKHit.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 20.02.2012 15:15:27 | Computer Name = Franzi-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
 Systeme (KB2654428)
 
Error - 20.02.2012 15:15:27 | Computer Name = Franzi-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Kumulatives Sicherheitsupdate für Internet Explorer
 8 für Windows 7 für x64-Systeme (KB2647516)
 
Error - 21.02.2012 15:21:00 | Computer Name = Franzi-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\RKHit.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 22.02.2012 13:54:00 | Computer Name = Franzi-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\RKHit.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 25.02.2012 19:39:07 | Computer Name = Franzi-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\Windows\SysWow64\drivers\RKHit.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
 
< End of report >
--- --- ---

cosinus 26.02.2012 15:49
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
[2012.01.26 19:24:14 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\0grq5rxq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2010.04.29 21:30:50 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\0grq5rxq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Programme\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (no name) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKLM..\Run: [pcsafedoctor.exe] C:\Program Files (x86)\PCSafeDoctor\pcsafedoctor.exe ()
O4 - HKU\S-1-5-21-3187269907-1231647918-1798794730-1000..\Run: [BHMmHjYKMAcfJ.exe] C:\ProgramData\BHMmHjYKMAcfJ.exe File not found
O4 - HKU\S-1-5-21-3187269907-1231647918-1798794730-1000..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-3187269907-1231647918-1798794730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: WallpaperStyle = 2
O7 - HKU\S-1-5-21-3187269907-1231647918-1798794730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-3187269907-1231647918-1798794730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{e6d37420-f173-11de-91fb-9c10b7c4679a}\Shell - "" = AutoRun
O33 - MountPoints2\{e6d37420-f173-11de-91fb-9c10b7c4679a}\Shell\AutoRun\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{e6d37420-f173-11de-91fb-9c10b7c4679a}\Shell\configure\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{e6d37420-f173-11de-91fb-9c10b7c4679a}\Shell\install\command - "" = F:\SETUP.EXE
O33 - MountPoints2\{ed8a7a06-7158-11df-8426-8ae1784c8e93}\Shell - "" = AutoRun
O33 - MountPoints2\{ed8a7a06-7158-11df-8426-8ae1784c8e93}\Shell\AutoRun\command - "" = E:\autorun.exe
MsConfig:64bit - StartUpReg: BHMmHjYKMAcfJ.exe - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MsConfig:64bit - State: "startup" - Reg Error: Key error.
[2012.02.19 18:34:01 | 000,000,000 | ---D | C] -- C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check
[2012.02.23 19:05:30 | 000,000,268 | ---- | M] () -- C:\Windows\tasks\RMSchedule.job
[2012.02.20 18:41:01 | 000,001,059 | ---- | M] () -- C:\Users\Franzi\Desktop\pcsafedoctor.lnk
[2012.02.19 19:07:01 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForFranzi.job
[2012.02.19 18:43:25 | 000,000,448 | ---- | M] () -- C:\ProgramData\QFqPu6fC3BwT7Y
[2012.02.19 18:40:50 | 000,000,272 | ---- | M] () -- C:\ProgramData\~QFqPu6fC3BwT7Y
[2012.02.19 18:40:49 | 000,000,184 | ---- | M] () -- C:\ProgramData\~QFqPu6fC3BwT7Yr
[2012.02.19 18:34:01 | 000,000,653 | ---- | M] () -- C:\Users\Franzi\Desktop\System Check.lnk
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:D1B5B4F1
:Commands
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

sunny2227 26.02.2012 20:57
Code:
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\0grq5rxq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\0grq5rxq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\0grq5rxq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\0grq5rxq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\0grq5rxq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\0grq5rxq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\0grq5rxq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.
C:\Users\Franzi\AppData\Roaming\mozilla\Firefox\Profiles\0grq5rxq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
C:\Programme\Microsoft Office\Office14\URLREDIR.DLL moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F}\ deleted successfully.
C:\Programme\Tracker Software\PDF-XChange Viewer\pdf-viewer\PDFXCviewIEPlugin.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4}\ deleted successfully.
C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53707962-6F74-2D53-2644-206D7942484F}\ deleted successfully.
C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{593DDEC6-7468-4cdd-90E1-42DADAA222E9}\ deleted successfully.
File C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivX Download Manager deleted successfully.
C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\pcsafedoctor.exe deleted successfully.
C:\Program Files (x86)\PCSafeDoctor\pcsafedoctor.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-3187269907-1231647918-1798794730-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BHMmHjYKMAcfJ.exe deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3187269907-1231647918-1798794730-1000\Software\Microsoft\Windows\CurrentVersion\Run\\SpybotSD TeaTimer deleted successfully.
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\HideFastUserSwitching deleted successfully.
Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\WallpaperStyle deleted successfully.
Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\WallpaperStyle not found.
Registry value HKEY_USERS\S-1-5-21-3187269907-1231647918-1798794730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\WallpaperStyle deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3187269907-1231647918-1798794730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableLockWorkstation deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3187269907-1231647918-1798794730-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableChangePassword deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Add to Google Photos Screensa&ver\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\An OneNote s&enden\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6d37420-f173-11de-91fb-9c10b7c4679a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6d37420-f173-11de-91fb-9c10b7c4679a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6d37420-f173-11de-91fb-9c10b7c4679a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6d37420-f173-11de-91fb-9c10b7c4679a}\ not found.
File F:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6d37420-f173-11de-91fb-9c10b7c4679a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6d37420-f173-11de-91fb-9c10b7c4679a}\ not found.
File F:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e6d37420-f173-11de-91fb-9c10b7c4679a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{e6d37420-f173-11de-91fb-9c10b7c4679a}\ not found.
File F:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed8a7a06-7158-11df-8426-8ae1784c8e93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed8a7a06-7158-11df-8426-8ae1784c8e93}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{ed8a7a06-7158-11df-8426-8ae1784c8e93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ed8a7a06-7158-11df-8426-8ae1784c8e93}\ not found.
File E:\autorun.exe not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\BHMmHjYKMAcfJ.exe\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\DAEMON Tools Lite\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartUpReg\DivXUpdate\ not found.
C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Check folder moved successfully.
C:\Windows\Tasks\RMSchedule.job moved successfully.
C:\Users\Franzi\Desktop\pcsafedoctor.lnk moved successfully.
C:\Windows\Tasks\HPCeeScheduleForFranzi.job moved successfully.
C:\ProgramData\QFqPu6fC3BwT7Y moved successfully.
C:\ProgramData\~QFqPu6fC3BwT7Y moved successfully.
C:\ProgramData\~QFqPu6fC3BwT7Yr moved successfully.
C:\Users\Franzi\Desktop\System Check.lnk moved successfully.
ADS C:\ProgramData\Temp:D1B5B4F1 deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Franzi
->Temp folder emptied: 3262966 bytes
->Temporary Internet Files folder emptied: 1078657 bytes
->Java cache emptied: 48169332 bytes
->FireFox cache emptied: 182451705 bytes
->Google Chrome cache emptied: 6920928 bytes
->Flash cache emptied: 152866 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2365638 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes
RecycleBin emptied: 3246558643 bytes
 
Total Files Cleaned = 3.329,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.33.2 log created on 02262012_204933

Files\Folders moved on Reboot...
C:\Users\Franzi\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

cosinus 26.02.2012 21:24
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg


Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen:
Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop.
Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern )
http://www.trojaner-board.de/images/icons/icon4.gif Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen! http://www.trojaner-board.de/images/icons/icon4.gif

sunny2227 26.02.2012 21:55
Code:
21:50:27.0321 2412        TDSS rootkit removing tool 2.7.14.0 Feb 22 2012 16:54:49
21:50:27.0939 2412        ============================================================
21:50:27.0939 2412        Current date / time: 2012/02/26 21:50:27.0939
21:50:27.0939 2412        SystemInfo:
21:50:27.0939 2412       
21:50:27.0939 2412        OS Version: 6.1.7601 ServicePack: 1.0
21:50:27.0939 2412        Product type: Workstation
21:50:27.0940 2412        ComputerName: FRANZI-PC
21:50:27.0940 2412        UserName: Franzi
21:50:27.0940 2412        Windows directory: C:\Windows
21:50:27.0940 2412        System windows directory: C:\Windows
21:50:27.0940 2412        Running under WOW64
21:50:27.0940 2412        Processor architecture: Intel x64
21:50:27.0940 2412        Number of processors: 2
21:50:27.0940 2412        Page size: 0x1000
21:50:27.0940 2412        Boot type: Normal boot
21:50:27.0940 2412        ============================================================
21:50:28.0811 2412        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:50:28.0819 2412        \Device\Harddisk0\DR0:
21:50:28.0820 2412        MBR used
21:50:28.0820 2412        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
21:50:28.0820 2412        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x388F6000
21:50:28.0820 2412        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3895A000, BlocksNum 0x19F8000
21:50:28.0820 2412        \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x3A352000, BlocksNum 0x33830
21:50:28.0905 2412        Initialize success
21:50:28.0905 2412        ============================================================
21:51:26.0304 5056        ============================================================
21:51:26.0304 5056        Scan started
21:51:26.0304 5056        Mode: Manual; SigCheck; TDLFS;
21:51:26.0304 5056        ============================================================
21:51:26.0860 5056        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:51:27.0093 5056        1394ohci - ok
21:51:27.0145 5056        Accelerometer  (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
21:51:27.0482 5056        Accelerometer - ok
21:51:27.0531 5056        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:51:27.0580 5056        ACPI - ok
21:51:27.0603 5056        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:51:27.0691 5056        AcpiPmi - ok
21:51:27.0740 5056        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:51:27.0788 5056        adp94xx - ok
21:51:27.0823 5056        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:51:27.0862 5056        adpahci - ok
21:51:27.0899 5056        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:51:27.0932 5056        adpu320 - ok
21:51:27.0997 5056        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:51:28.0112 5056        AFD - ok
21:51:28.0165 5056        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:51:28.0194 5056        agp440 - ok
21:51:28.0255 5056        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:51:28.0280 5056        aliide - ok
21:51:28.0311 5056        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:51:28.0336 5056        amdide - ok
21:51:28.0373 5056        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:51:28.0455 5056        AmdK8 - ok
21:51:28.0466 5056        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:51:28.0535 5056        AmdPPM - ok
21:51:28.0581 5056        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:51:28.0611 5056        amdsata - ok
21:51:28.0643 5056        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:51:28.0677 5056        amdsbs - ok
21:51:28.0705 5056        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:51:28.0730 5056        amdxata - ok
21:51:28.0791 5056        AmUStor        (8ebe028fc7e48725cdd92013580efd17) C:\Windows\system32\drivers\AmUStor.SYS
21:51:28.0855 5056        AmUStor - ok
21:51:28.0917 5056        ApfiltrService  (9815014f3e30357168da272088c6f12f) C:\Windows\system32\DRIVERS\Apfiltr.sys
21:51:28.0948 5056        ApfiltrService - ok
21:51:29.0021 5056        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:51:29.0231 5056        AppID - ok
21:51:29.0293 5056        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:51:29.0322 5056        arc - ok
21:51:29.0345 5056        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:51:29.0376 5056        arcsas - ok
21:51:29.0403 5056        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:51:29.0541 5056        AsyncMac - ok
21:51:29.0602 5056        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:51:29.0627 5056        atapi - ok
21:51:29.0702 5056        athr            (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys
21:51:29.0794 5056        athr - ok
21:51:29.0858 5056        avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
21:51:29.0883 5056        avgntflt - ok
21:51:29.0923 5056        avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
21:51:29.0947 5056        avipbb - ok
21:51:30.0005 5056        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:51:30.0077 5056        b06bdrv - ok
21:51:30.0120 5056        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:51:30.0191 5056        b57nd60a - ok
21:51:30.0219 5056        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:51:30.0321 5056        Beep - ok
21:51:30.0380 5056        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:51:30.0418 5056        blbdrive - ok
21:51:30.0458 5056        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:51:30.0511 5056        bowser - ok
21:51:30.0541 5056        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:51:30.0629 5056        BrFiltLo - ok
21:51:30.0647 5056        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:51:30.0679 5056        BrFiltUp - ok
21:51:30.0708 5056        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:51:30.0780 5056        Brserid - ok
21:51:30.0799 5056        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:51:30.0845 5056        BrSerWdm - ok
21:51:30.0875 5056        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:51:30.0924 5056        BrUsbMdm - ok
21:51:30.0953 5056        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:51:30.0989 5056        BrUsbSer - ok
21:51:31.0024 5056        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:51:31.0073 5056        BTHMODEM - ok
21:51:31.0122 5056        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:51:31.0199 5056        cdfs - ok
21:51:31.0256 5056        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:51:31.0318 5056        cdrom - ok
21:51:31.0376 5056        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:51:31.0440 5056        circlass - ok
21:51:31.0492 5056        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:51:31.0542 5056        CLFS - ok
21:51:31.0628 5056        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:51:31.0673 5056        CmBatt - ok
21:51:31.0716 5056        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:51:31.0741 5056        cmdide - ok
21:51:31.0795 5056        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:51:31.0855 5056        CNG - ok
21:51:31.0939 5056        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:51:31.0965 5056        Compbatt - ok
21:51:32.0011 5056        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:51:32.0062 5056        CompositeBus - ok
21:51:32.0097 5056        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:51:32.0123 5056        crcdisk - ok
21:51:32.0216 5056        DCamUSBNovatek  (356bb3dd25987179080f3b669ad4080a) C:\Windows\system32\Drivers\nvtcam.sys
21:51:32.0383 5056        DCamUSBNovatek - ok
21:51:32.0443 5056        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:51:32.0535 5056        DfsC - ok
21:51:32.0575 5056        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:51:32.0649 5056        discache - ok
21:51:32.0698 5056        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:51:32.0727 5056        Disk - ok
21:51:32.0776 5056        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:51:32.0818 5056        drmkaud - ok
21:51:32.0884 5056        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:51:32.0958 5056        DXGKrnl - ok
21:51:33.0076 5056        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:51:33.0277 5056        ebdrv - ok
21:51:33.0348 5056        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:51:33.0416 5056        elxstor - ok
21:51:33.0456 5056        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:51:33.0522 5056        ErrDev - ok
21:51:33.0586 5056        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:51:33.0667 5056        exfat - ok
21:51:33.0705 5056        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:51:33.0804 5056        fastfat - ok
21:51:33.0841 5056        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:51:33.0872 5056        fdc - ok
21:51:33.0902 5056        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:51:33.0932 5056        FileInfo - ok
21:51:33.0953 5056        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:51:34.0035 5056        Filetrace - ok
21:51:34.0055 5056        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:51:34.0084 5056        flpydisk - ok
21:51:34.0122 5056        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:51:34.0163 5056        FltMgr - ok
21:51:34.0203 5056        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:51:34.0231 5056        FsDepends - ok
21:51:34.0252 5056        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:51:34.0278 5056        Fs_Rec - ok
21:51:34.0310 5056        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:51:34.0356 5056        fvevol - ok
21:51:34.0385 5056        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:51:34.0413 5056        gagp30kx - ok
21:51:34.0464 5056        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:51:34.0485 5056        GEARAspiWDM - ok
21:51:34.0552 5056        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:51:34.0623 5056        hcw85cir - ok
21:51:34.0679 5056        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:51:34.0728 5056        HdAudAddService - ok
21:51:34.0795 5056        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:51:34.0842 5056        HDAudBus - ok
21:51:34.0854 5056        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:51:34.0890 5056        HidBatt - ok
21:51:34.0917 5056        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:51:34.0974 5056        HidBth - ok
21:51:34.0991 5056        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:51:35.0048 5056        HidIr - ok
21:51:35.0093 5056        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
21:51:35.0135 5056        HidUsb - ok
21:51:35.0210 5056        hpdskflt        (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
21:51:35.0232 5056        hpdskflt - ok
21:51:35.0274 5056        HpqKbFiltr      (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
21:51:35.0380 5056        HpqKbFiltr - ok
21:51:35.0432 5056        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:51:35.0461 5056        HpSAMD - ok
21:51:35.0516 5056        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:51:35.0624 5056        HTTP - ok
21:51:35.0662 5056        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:51:35.0687 5056        hwpolicy - ok
21:51:35.0729 5056        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:51:35.0763 5056        i8042prt - ok
21:51:35.0816 5056        iaStor          (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
21:51:35.0840 5056        iaStor - ok
21:51:35.0895 5056        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:51:35.0936 5056        iaStorV - ok
21:51:36.0118 5056        igfx            (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:51:36.0433 5056        igfx - ok
21:51:36.0468 5056        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:51:36.0494 5056        iirsp - ok
21:51:36.0538 5056        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:51:36.0563 5056        intelide - ok
21:51:36.0603 5056        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:51:36.0646 5056        intelppm - ok
21:51:36.0688 5056        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:51:36.0778 5056        IpFilterDriver - ok
21:51:36.0832 5056        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:51:36.0884 5056        IPMIDRV - ok
21:51:36.0926 5056        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:51:37.0010 5056        IPNAT - ok
21:51:37.0053 5056        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:51:37.0127 5056        IRENUM - ok
21:51:37.0168 5056        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:51:37.0194 5056        isapnp - ok
21:51:37.0221 5056        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:51:37.0260 5056        iScsiPrt - ok
21:51:37.0313 5056        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:51:37.0341 5056        kbdclass - ok
21:51:37.0373 5056        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:51:37.0421 5056        kbdhid - ok
21:51:37.0466 5056        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:51:37.0496 5056        KSecDD - ok
21:51:37.0529 5056        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:51:37.0563 5056        KSecPkg - ok
21:51:37.0585 5056        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:51:37.0660 5056        ksthunk - ok
21:51:37.0706 5056        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:51:37.0786 5056        lltdio - ok
21:51:37.0831 5056        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:51:37.0862 5056        LSI_FC - ok
21:51:37.0892 5056        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:51:37.0921 5056        LSI_SAS - ok
21:51:37.0955 5056        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:51:37.0983 5056        LSI_SAS2 - ok
21:51:38.0029 5056        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:51:38.0059 5056        LSI_SCSI - ok
21:51:38.0100 5056        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:51:38.0200 5056        luafv - ok
21:51:38.0261 5056        MBAMProtector  (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
21:51:38.0282 5056        MBAMProtector - ok
21:51:38.0349 5056        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:51:38.0375 5056        megasas - ok
21:51:38.0410 5056        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:51:38.0448 5056        MegaSR - ok
21:51:38.0486 5056        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:51:38.0565 5056        Modem - ok
21:51:38.0589 5056        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:51:38.0633 5056        monitor - ok
21:51:38.0690 5056        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
21:51:38.0717 5056        mouclass - ok
21:51:38.0766 5056        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:51:38.0796 5056        mouhid - ok
21:51:38.0857 5056        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:51:38.0887 5056        mountmgr - ok
21:51:38.0951 5056        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:51:38.0985 5056        mpio - ok
21:51:39.0018 5056        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:51:39.0101 5056        mpsdrv - ok
21:51:39.0150 5056        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:51:39.0248 5056        MRxDAV - ok
21:51:39.0310 5056        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:51:39.0372 5056        mrxsmb - ok
21:51:39.0418 5056        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:51:39.0473 5056        mrxsmb10 - ok
21:51:39.0498 5056        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:51:39.0531 5056        mrxsmb20 - ok
21:51:39.0571 5056        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:51:39.0596 5056        msahci - ok
21:51:39.0633 5056        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:51:39.0666 5056        msdsm - ok
21:51:39.0708 5056        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:51:39.0778 5056        Msfs - ok
21:51:39.0800 5056        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:51:39.0877 5056        mshidkmdf - ok
21:51:39.0912 5056        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:51:39.0937 5056        msisadrv - ok
21:51:39.0979 5056        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:51:40.0052 5056        MSKSSRV - ok
21:51:40.0074 5056        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:51:40.0156 5056        MSPCLOCK - ok
21:51:40.0168 5056        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:51:40.0263 5056        MSPQM - ok
21:51:40.0311 5056        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:51:40.0351 5056        MsRPC - ok
21:51:40.0389 5056        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:51:40.0415 5056        mssmbios - ok
21:51:40.0432 5056        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:51:40.0506 5056        MSTEE - ok
21:51:40.0537 5056        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:51:40.0572 5056        MTConfig - ok
21:51:40.0595 5056        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:51:40.0624 5056        Mup - ok
21:51:40.0676 5056        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:51:40.0737 5056        NativeWifiP - ok
21:51:40.0796 5056        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:51:40.0869 5056        NDIS - ok
21:51:40.0908 5056        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:51:40.0978 5056        NdisCap - ok
21:51:41.0005 5056        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:51:41.0070 5056        NdisTapi - ok
21:51:41.0117 5056        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:51:41.0200 5056        Ndisuio - ok
21:51:41.0239 5056        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:51:41.0327 5056        NdisWan - ok
21:51:41.0364 5056        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:51:41.0448 5056        NDProxy - ok
21:51:41.0501 5056        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:51:41.0578 5056        NetBIOS - ok
21:51:41.0632 5056        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:51:41.0728 5056        NetBT - ok
21:51:41.0879 5056        netw5v64        (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
21:51:42.0122 5056        netw5v64 - ok
21:51:42.0157 5056        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:51:42.0185 5056        nfrd960 - ok
21:51:42.0207 5056        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:51:42.0286 5056        Npfs - ok
21:51:42.0311 5056        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:51:42.0390 5056        nsiproxy - ok
21:51:42.0463 5056        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:51:42.0574 5056        Ntfs - ok
21:51:42.0600 5056        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:51:42.0666 5056        Null - ok
21:51:42.0709 5056        NVHDA          (cb599955ce2ce9694721562f9481cd84) C:\Windows\system32\drivers\nvhda64v.sys
21:51:42.0731 5056        NVHDA - ok
21:51:42.0983 5056        nvlddmkm        (e63279a205da5c225369770e400904a8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:51:43.0498 5056        nvlddmkm - ok
21:51:43.0556 5056        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:51:43.0587 5056        nvraid - ok
21:51:43.0617 5056        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:51:43.0649 5056        nvstor - ok
21:51:43.0731 5056        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:51:43.0763 5056        nv_agp - ok
21:51:43.0798 5056        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:51:43.0848 5056        ohci1394 - ok
21:51:43.0916 5056        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:51:43.0949 5056        Parport - ok
21:51:43.0982 5056        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:51:44.0012 5056        partmgr - ok
21:51:44.0080 5056        pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
21:51:44.0143 5056        pccsmcfd - ok
21:51:44.0177 5056        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:51:44.0214 5056        pci - ok
21:51:44.0251 5056        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:51:44.0275 5056        pciide - ok
21:51:44.0307 5056        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:51:44.0357 5056        pcmcia - ok
21:51:44.0394 5056        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:51:44.0422 5056        pcw - ok
21:51:44.0455 5056        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:51:44.0582 5056        PEAUTH - ok
21:51:44.0685 5056        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:51:44.0774 5056        PptpMiniport - ok
21:51:44.0798 5056        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:51:44.0841 5056        Processor - ok
21:51:44.0897 5056        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:51:44.0970 5056        Psched - ok
21:51:45.0039 5056        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:51:45.0147 5056        ql2300 - ok
21:51:45.0170 5056        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:51:45.0202 5056        ql40xx - ok
21:51:45.0231 5056        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:51:45.0291 5056        QWAVEdrv - ok
21:51:45.0321 5056        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:51:45.0409 5056        RasAcd - ok
21:51:45.0459 5056        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:51:45.0532 5056        RasAgileVpn - ok
21:51:45.0572 5056        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:51:45.0643 5056        Rasl2tp - ok
21:51:45.0672 5056        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:51:45.0750 5056        RasPppoe - ok
21:51:45.0774 5056        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:51:45.0855 5056        RasSstp - ok
21:51:45.0904 5056        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:51:46.0000 5056        rdbss - ok
21:51:46.0027 5056        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:51:46.0067 5056        rdpbus - ok
21:51:46.0090 5056        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:51:46.0170 5056        RDPCDD - ok
21:51:46.0192 5056        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:51:46.0274 5056        RDPENCDD - ok
21:51:46.0301 5056        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:51:46.0367 5056        RDPREFMP - ok
21:51:46.0412 5056        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:51:46.0501 5056        RDPWD - ok
21:51:46.0533 5056        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:51:46.0569 5056        rdyboost - ok
21:51:46.0623 5056        RkHit - ok
21:51:46.0659 5056        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:51:46.0747 5056        rspndr - ok
21:51:46.0791 5056        RTL8167        (91296f0b2653281b2f11e0fce56aa427) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:51:46.0841 5056        RTL8167 - ok
21:51:46.0914 5056        SASDIFSV        (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
21:51:46.0932 5056        SASDIFSV - ok
21:51:46.0963 5056        SASKUTIL        (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
21:51:46.0980 5056        SASKUTIL - ok
21:51:47.0053 5056        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:51:47.0083 5056        sbp2port - ok
21:51:47.0128 5056        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:51:47.0218 5056        scfilter - ok
21:51:47.0269 5056        sdbus          (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
21:51:47.0322 5056        sdbus - ok
21:51:47.0352 5056        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:51:47.0432 5056        secdrv - ok
21:51:47.0484 5056        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:51:47.0513 5056        Serenum - ok
21:51:47.0544 5056        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:51:47.0598 5056        Serial - ok
21:51:47.0635 5056        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:51:47.0672 5056        sermouse - ok
21:51:47.0722 5056        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:51:47.0760 5056        sffdisk - ok
21:51:47.0778 5056        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:51:47.0821 5056        sffp_mmc - ok
21:51:47.0842 5056        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:51:47.0880 5056        sffp_sd - ok
21:51:47.0919 5056        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:51:47.0969 5056        sfloppy - ok
21:51:48.0022 5056        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:51:48.0050 5056        SiSRaid2 - ok
21:51:48.0073 5056        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:51:48.0108 5056        SiSRaid4 - ok
21:51:48.0150 5056        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:51:48.0241 5056        Smb - ok
21:51:48.0283 5056        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:51:48.0308 5056        spldr - ok
21:51:48.0380 5056        sptd            (51de15ca5c05bca46d8b110cd00a02fb) C:\Windows\system32\Drivers\sptd.sys
21:51:48.0381 5056        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 51de15ca5c05bca46d8b110cd00a02fb
21:51:48.0384 5056        sptd ( LockedFile.Multi.Generic ) - warning
21:51:48.0384 5056        sptd - detected LockedFile.Multi.Generic (1)
21:51:48.0433 5056        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:51:48.0503 5056        srv - ok
21:51:48.0554 5056        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:51:48.0621 5056        srv2 - ok
21:51:48.0656 5056        SrvHsfHDA      (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
21:51:48.0694 5056        SrvHsfHDA - ok
21:51:48.0743 5056        SrvHsfV92      (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
21:51:48.0868 5056        SrvHsfV92 - ok
21:51:48.0919 5056        SrvHsfWinac    (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
21:51:48.0997 5056        SrvHsfWinac - ok
21:51:49.0035 5056        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:51:49.0089 5056        srvnet - ok
21:51:49.0144 5056        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:51:49.0171 5056        stexstor - ok
21:51:49.0219 5056        STHDA          (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
21:51:49.0274 5056        STHDA - ok
21:51:49.0315 5056        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:51:49.0339 5056        swenum - ok
21:51:49.0457 5056        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:51:49.0628 5056        Tcpip - ok
21:51:49.0680 5056        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:51:49.0746 5056        TCPIP6 - ok
21:51:49.0795 5056        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:51:49.0874 5056        tcpipreg - ok
21:51:49.0919 5056        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:51:50.0008 5056        TDPIPE - ok
21:51:50.0039 5056        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:51:50.0122 5056        TDTCP - ok
21:51:50.0163 5056        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:51:50.0255 5056        tdx - ok
21:51:50.0336 5056        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:51:50.0364 5056        TermDD - ok
21:51:50.0438 5056        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:51:50.0516 5056        tssecsrv - ok
21:51:50.0567 5056        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:51:50.0615 5056        TsUsbFlt - ok
21:51:50.0655 5056        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:51:50.0718 5056        tunnel - ok
21:51:50.0754 5056        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:51:50.0783 5056        uagp35 - ok
21:51:50.0825 5056        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:51:50.0908 5056        udfs - ok
21:51:50.0972 5056        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:51:51.0001 5056        uliagpkx - ok
21:51:51.0029 5056        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:51:51.0072 5056        umbus - ok
21:51:51.0101 5056        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:51:51.0136 5056        UmPass - ok
21:51:51.0183 5056        USBAAPL64      (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
21:51:51.0225 5056        USBAAPL64 - ok
21:51:51.0279 5056        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:51:51.0326 5056        usbaudio - ok
21:51:51.0357 5056        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:51:51.0413 5056        usbccgp - ok
21:51:51.0445 5056        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:51:51.0500 5056        usbcir - ok
21:51:51.0533 5056        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:51:51.0564 5056        usbehci - ok
21:51:51.0612 5056        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:51:51.0669 5056        usbhub - ok
21:51:51.0702 5056        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:51:51.0745 5056        usbohci - ok
21:51:51.0776 5056        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:51:51.0810 5056        usbprint - ok
21:51:51.0835 5056        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:51:51.0891 5056        USBSTOR - ok
21:51:51.0923 5056        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
21:51:51.0979 5056        usbuhci - ok
21:51:52.0034 5056        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:51:52.0075 5056        usbvideo - ok
21:51:52.0114 5056        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:51:52.0141 5056        vdrvroot - ok
21:51:52.0192 5056        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:51:52.0226 5056        vga - ok
21:51:52.0247 5056        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:51:52.0330 5056        VgaSave - ok
21:51:52.0362 5056        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:51:52.0401 5056        vhdmp - ok
21:51:52.0422 5056        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:51:52.0449 5056        viaide - ok
21:51:52.0485 5056        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:51:52.0516 5056        volmgr - ok
21:51:52.0567 5056        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:51:52.0612 5056        volmgrx - ok
21:51:52.0639 5056        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:51:52.0680 5056        volsnap - ok
21:51:52.0730 5056        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:51:52.0768 5056        vsmraid - ok
21:51:52.0802 5056        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:51:52.0845 5056        vwifibus - ok
21:51:52.0885 5056        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:51:52.0938 5056        vwififlt - ok
21:51:52.0989 5056        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:51:53.0025 5056        WacomPen - ok
21:51:53.0075 5056        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:51:53.0162 5056        WANARP - ok
21:51:53.0168 5056        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:51:53.0230 5056        Wanarpv6 - ok
21:51:53.0301 5056        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:51:53.0327 5056        Wd - ok
21:51:53.0374 5056        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:51:53.0438 5056        Wdf01000 - ok
21:51:53.0480 5056        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:51:53.0545 5056        WfpLwf - ok
21:51:53.0571 5056        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:51:53.0596 5056        WIMMount - ok
21:51:53.0683 5056        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:51:53.0742 5056        WinUsb - ok
21:51:53.0796 5056        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:51:53.0823 5056        WmiAcpi - ok
21:51:53.0875 5056        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:51:53.0947 5056        ws2ifsl - ok
21:51:54.0005 5056        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:51:54.0096 5056        WudfPf - ok
21:51:54.0141 5056        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:51:54.0230 5056        WUDFRd - ok
21:51:54.0288 5056        yukonw7        (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
21:51:54.0345 5056        yukonw7 - ok
21:51:54.0384 5056        MBR (0x1B8)    (e6b4ca0a654dd2c9f72c0ea0fd94f376) \Device\Harddisk0\DR0
21:51:54.0484 5056        \Device\Harddisk0\DR0 - ok
21:51:54.0516 5056        Boot (0x1200)  (142998438f1333885c0512c777e8a234) \Device\Harddisk0\DR0\Partition0
21:51:54.0519 5056        \Device\Harddisk0\DR0\Partition0 - ok
21:51:54.0532 5056        Boot (0x1200)  (facb7b5fb03014d65391793286307b9f) \Device\Harddisk0\DR0\Partition1
21:51:54.0535 5056        \Device\Harddisk0\DR0\Partition1 - ok
21:51:54.0565 5056        Boot (0x1200)  (b2c2db7ef9262ae66641a1cd9ef8e85f) \Device\Harddisk0\DR0\Partition2
21:51:54.0567 5056        \Device\Harddisk0\DR0\Partition2 - ok
21:51:54.0582 5056        Boot (0x1200)  (9dc49683b982f8afb15b36431170ab4b) \Device\Harddisk0\DR0\Partition3
21:51:54.0583 5056        \Device\Harddisk0\DR0\Partition3 - ok
21:51:54.0583 5056        ============================================================
21:51:54.0583 5056        Scan finished
21:51:54.0584 5056        ============================================================
21:51:54.0603 3144        Detected object count: 1
21:51:54.0603 3144        Actual detected object count: 1
21:52:08.0368 3144        sptd ( LockedFile.Multi.Generic ) - skipped by user
21:52:08.0368 3144        sptd ( LockedFile.Multi.Generic ) - User select action: Skip
21:53:39.0330 4348        ============================================================
21:53:39.0330 4348        Scan started
21:53:39.0330 4348        Mode: Manual; SigCheck; TDLFS;
21:53:39.0330 4348        ============================================================
21:53:39.0827 4348        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:53:39.0882 4348        1394ohci - ok
21:53:39.0945 4348        Accelerometer  (1cffe9c06e66a57dae1452e449a58240) C:\Windows\system32\DRIVERS\Accelerometer.sys
21:53:39.0968 4348        Accelerometer - ok
21:53:40.0026 4348        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:53:40.0055 4348        ACPI - ok
21:53:40.0106 4348        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:53:40.0140 4348        AcpiPmi - ok
21:53:40.0186 4348        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:53:40.0220 4348        adp94xx - ok
21:53:40.0261 4348        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:53:40.0292 4348        adpahci - ok
21:53:40.0337 4348        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:53:40.0370 4348        adpu320 - ok
21:53:40.0427 4348        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
21:53:40.0465 4348        AFD - ok
21:53:40.0512 4348        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:53:40.0533 4348        agp440 - ok
21:53:40.0577 4348        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:53:40.0599 4348        aliide - ok
21:53:40.0625 4348        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:53:40.0647 4348        amdide - ok
21:53:40.0686 4348        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:53:40.0714 4348        AmdK8 - ok
21:53:40.0734 4348        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:53:40.0769 4348        AmdPPM - ok
21:53:40.0812 4348        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:53:40.0841 4348        amdsata - ok
21:53:40.0876 4348        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:53:40.0901 4348        amdsbs - ok
21:53:40.0936 4348        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:53:40.0959 4348        amdxata - ok
21:53:41.0006 4348        AmUStor        (8ebe028fc7e48725cdd92013580efd17) C:\Windows\system32\drivers\AmUStor.SYS
21:53:41.0032 4348        AmUStor - ok
21:53:41.0088 4348        ApfiltrService  (9815014f3e30357168da272088c6f12f) C:\Windows\system32\DRIVERS\Apfiltr.sys
21:53:41.0116 4348        ApfiltrService - ok
21:53:41.0161 4348        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:53:41.0230 4348        AppID - ok
21:53:41.0342 4348        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:53:41.0370 4348        arc - ok
21:53:41.0383 4348        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:53:41.0406 4348        arcsas - ok
21:53:41.0444 4348        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:53:41.0512 4348        AsyncMac - ok
21:53:41.0561 4348        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:53:41.0584 4348        atapi - ok
21:53:41.0660 4348        athr            (38562a6a9cb10844759eaf2b01a7fcd3) C:\Windows\system32\DRIVERS\athrx.sys
21:53:41.0707 4348        athr - ok
21:53:41.0767 4348        avgntflt        (b1224e6b086cd6548315b04ab575a23e) C:\Windows\system32\DRIVERS\avgntflt.sys
21:53:41.0785 4348        avgntflt - ok
21:53:41.0823 4348        avipbb          (ed45f12cfa62b83765c9c1496758cc87) C:\Windows\system32\DRIVERS\avipbb.sys
21:53:41.0841 4348        avipbb - ok
21:53:41.0897 4348        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:53:41.0929 4348        b06bdrv - ok
21:53:41.0962 4348        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:53:41.0991 4348        b57nd60a - ok
21:53:42.0029 4348        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:53:42.0093 4348        Beep - ok
21:53:42.0173 4348        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:53:42.0199 4348        blbdrive - ok
21:53:42.0251 4348        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:53:42.0274 4348        bowser - ok
21:53:42.0301 4348        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:53:42.0330 4348        BrFiltLo - ok
21:53:42.0358 4348        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:53:42.0384 4348        BrFiltUp - ok
21:53:42.0428 4348        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:53:42.0455 4348        Brserid - ok
21:53:42.0485 4348        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:53:42.0514 4348        BrSerWdm - ok
21:53:42.0544 4348        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:53:42.0574 4348        BrUsbMdm - ok
21:53:42.0597 4348        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:53:42.0628 4348        BrUsbSer - ok
21:53:42.0660 4348        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:53:42.0692 4348        BTHMODEM - ok
21:53:42.0742 4348        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:53:42.0808 4348        cdfs - ok
21:53:42.0851 4348        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
21:53:42.0889 4348        cdrom - ok
21:53:42.0922 4348        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:53:42.0955 4348        circlass - ok
21:53:42.0996 4348        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:53:43.0028 4348        CLFS - ok
21:53:43.0083 4348        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:53:43.0108 4348        CmBatt - ok
21:53:43.0146 4348        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:53:43.0166 4348        cmdide - ok
21:53:43.0225 4348        CNG            (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
21:53:43.0273 4348        CNG - ok
21:53:43.0315 4348        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:53:43.0336 4348        Compbatt - ok
21:53:43.0383 4348        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:53:43.0415 4348        CompositeBus - ok
21:53:43.0469 4348        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:53:43.0493 4348        crcdisk - ok
21:53:43.0587 4348        DCamUSBNovatek  (356bb3dd25987179080f3b669ad4080a) C:\Windows\system32\Drivers\nvtcam.sys
21:53:43.0679 4348        DCamUSBNovatek - ok
21:53:43.0749 4348        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:53:43.0820 4348        DfsC - ok
21:53:43.0881 4348        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:53:43.0948 4348        discache - ok
21:53:43.0987 4348        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:53:44.0014 4348        Disk - ok
21:53:44.0066 4348        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:53:44.0101 4348        drmkaud - ok
21:53:44.0179 4348        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:53:44.0220 4348        DXGKrnl - ok
21:53:44.0349 4348        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:53:44.0439 4348        ebdrv - ok
21:53:44.0496 4348        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:53:44.0530 4348        elxstor - ok
21:53:44.0573 4348        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:53:44.0598 4348        ErrDev - ok
21:53:44.0661 4348        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:53:44.0731 4348        exfat - ok
21:53:44.0771 4348        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:53:44.0843 4348        fastfat - ok
21:53:44.0884 4348        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:53:44.0913 4348        fdc - ok
21:53:44.0953 4348        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:53:44.0976 4348        FileInfo - ok
21:53:45.0003 4348        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:53:45.0071 4348        Filetrace - ok
21:53:45.0105 4348        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:53:45.0138 4348        flpydisk - ok
21:53:45.0189 4348        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:53:45.0218 4348        FltMgr - ok
21:53:45.0261 4348        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:53:45.0283 4348        FsDepends - ok
21:53:45.0311 4348        Fs_Rec          (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:53:45.0333 4348        Fs_Rec - ok
21:53:45.0374 4348        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:53:45.0408 4348        fvevol - ok
21:53:45.0444 4348        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:53:45.0467 4348        gagp30kx - ok
21:53:45.0507 4348        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:53:45.0522 4348        GEARAspiWDM - ok
21:53:45.0567 4348        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:53:45.0594 4348        hcw85cir - ok
21:53:45.0647 4348        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:53:45.0683 4348        HdAudAddService - ok
21:53:45.0723 4348        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:53:45.0753 4348        HDAudBus - ok
21:53:45.0774 4348        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:53:45.0799 4348        HidBatt - ok
21:53:45.0836 4348        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:53:45.0871 4348        HidBth - ok
21:53:45.0897 4348        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:53:45.0927 4348        HidIr - ok
21:53:45.0962 4348        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
21:53:45.0988 4348        HidUsb - ok
21:53:46.0046 4348        hpdskflt        (05712fddbd45a5864eb326faabc6a4e3) C:\Windows\system32\DRIVERS\hpdskflt.sys
21:53:46.0063 4348        hpdskflt - ok
21:53:46.0094 4348        HpqKbFiltr      (9af482d058be59cc28bce52e7c4b747c) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
21:53:46.0115 4348        HpqKbFiltr - ok
21:53:46.0161 4348        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:53:46.0183 4348        HpSAMD - ok
21:53:46.0245 4348        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:53:46.0320 4348        HTTP - ok
21:53:46.0371 4348        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:53:46.0393 4348        hwpolicy - ok
21:53:46.0425 4348        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
21:53:46.0451 4348        i8042prt - ok
21:53:46.0503 4348        iaStor          (1d004cb1da6323b1f55caef7f94b61d9) C:\Windows\system32\DRIVERS\iaStor.sys
21:53:46.0530 4348        iaStor - ok
21:53:46.0575 4348        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:53:46.0606 4348        iaStorV - ok
21:53:46.0810 4348        igfx            (a87261ef1546325b559374f5689cf5bc) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:53:46.0954 4348        igfx - ok
21:53:47.0007 4348        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:53:47.0030 4348        iirsp - ok
21:53:47.0085 4348        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:53:47.0107 4348        intelide - ok
21:53:47.0151 4348        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:53:47.0181 4348        intelppm - ok
21:53:47.0235 4348        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:53:47.0300 4348        IpFilterDriver - ok
21:53:47.0346 4348        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:53:47.0382 4348        IPMIDRV - ok
21:53:47.0415 4348        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:53:47.0483 4348        IPNAT - ok
21:53:47.0518 4348        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:53:47.0554 4348        IRENUM - ok
21:53:47.0608 4348        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:53:47.0629 4348        isapnp - ok
21:53:47.0686 4348        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:53:47.0715 4348        iScsiPrt - ok
21:53:47.0745 4348        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
21:53:47.0767 4348        kbdclass - ok
21:53:47.0813 4348        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:53:47.0842 4348        kbdhid - ok
21:53:47.0897 4348        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
21:53:47.0921 4348        KSecDD - ok
21:53:47.0961 4348        KSecPkg        (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
21:53:47.0990 4348        KSecPkg - ok
21:53:48.0025 4348        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:53:48.0096 4348        ksthunk - ok
21:53:48.0171 4348        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:53:48.0242 4348        lltdio - ok
21:53:48.0296 4348        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:53:48.0322 4348        LSI_FC - ok
21:53:48.0357 4348        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:53:48.0380 4348        LSI_SAS - ok
21:53:48.0420 4348        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:53:48.0443 4348        LSI_SAS2 - ok
21:53:48.0477 4348        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:53:48.0501 4348        LSI_SCSI - ok
21:53:48.0532 4348        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:53:48.0597 4348        luafv - ok
21:53:48.0627 4348        MBAMProtector  (79da94b35371b9e7104460c7693dcb2c) C:\Windows\system32\drivers\mbam.sys
21:53:48.0648 4348        MBAMProtector - ok
21:53:48.0707 4348        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:53:48.0729 4348        megasas - ok
21:53:48.0756 4348        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:53:48.0785 4348        MegaSR - ok
21:53:48.0835 4348        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:53:48.0911 4348        Modem - ok
21:53:48.0939 4348        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:53:48.0970 4348        monitor - ok
21:53:49.0022 4348        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
21:53:49.0045 4348        mouclass - ok
21:53:49.0091 4348        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:53:49.0124 4348        mouhid - ok
21:53:49.0174 4348        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:53:49.0198 4348        mountmgr - ok
21:53:49.0251 4348        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:53:49.0275 4348        mpio - ok
21:53:49.0309 4348        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:53:49.0376 4348        mpsdrv - ok
21:53:49.0433 4348        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:53:49.0469 4348        MRxDAV - ok
21:53:49.0511 4348        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:53:49.0538 4348        mrxsmb - ok
21:53:49.0594 4348        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:53:49.0628 4348        mrxsmb10 - ok
21:53:49.0666 4348        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:53:49.0692 4348        mrxsmb20 - ok
21:53:49.0731 4348        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:53:49.0754 4348        msahci - ok
21:53:49.0785 4348        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:53:49.0811 4348        msdsm - ok
21:53:49.0861 4348        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:53:49.0932 4348        Msfs - ok
21:53:49.0969 4348        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:53:50.0034 4348        mshidkmdf - ok
21:53:50.0072 4348        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:53:50.0092 4348        msisadrv - ok
21:53:50.0139 4348        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:53:50.0207 4348        MSKSSRV - ok
21:53:50.0228 4348        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:53:50.0291 4348        MSPCLOCK - ok
21:53:50.0311 4348        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:53:50.0382 4348        MSPQM - ok
21:53:50.0439 4348        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:53:50.0468 4348        MsRPC - ok
21:53:50.0525 4348        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:53:50.0548 4348        mssmbios - ok
21:53:50.0576 4348        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:53:50.0649 4348        MSTEE - ok
21:53:50.0681 4348        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:53:50.0711 4348        MTConfig - ok
21:53:50.0747 4348        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:53:50.0769 4348        Mup - ok
21:53:50.0812 4348        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:53:50.0847 4348        NativeWifiP - ok
21:53:50.0908 4348        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:53:50.0948 4348        NDIS - ok
21:53:50.0978 4348        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:53:51.0041 4348        NdisCap - ok
21:53:51.0067 4348        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:53:51.0135 4348        NdisTapi - ok
21:53:51.0187 4348        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:53:51.0247 4348        Ndisuio - ok
21:53:51.0292 4348        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:53:51.0355 4348        NdisWan - ok
21:53:51.0400 4348        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:53:51.0466 4348        NDProxy - ok
21:53:51.0505 4348        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:53:51.0568 4348        NetBIOS - ok
21:53:51.0611 4348        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:53:51.0683 4348        NetBT - ok
21:53:51.0865 4348        netw5v64        (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
21:53:52.0002 4348        netw5v64 - ok
21:53:52.0046 4348        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:53:52.0068 4348        nfrd960 - ok
21:53:52.0122 4348        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:53:52.0205 4348        Npfs - ok
21:53:52.0240 4348        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:53:52.0307 4348        nsiproxy - ok
21:53:52.0387 4348        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:53:52.0448 4348        Ntfs - ok
21:53:52.0480 4348        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:53:52.0546 4348        Null - ok
21:53:52.0589 4348        NVHDA          (cb599955ce2ce9694721562f9481cd84) C:\Windows\system32\drivers\nvhda64v.sys
21:53:52.0607 4348        NVHDA - ok
21:53:52.0855 4348        nvlddmkm        (e63279a205da5c225369770e400904a8) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:53:53.0220 4348        nvlddmkm - ok
21:53:53.0289 4348        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:53:53.0318 4348        nvraid - ok
21:53:53.0357 4348        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:53:53.0392 4348        nvstor - ok
21:53:53.0449 4348        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:53:53.0475 4348        nv_agp - ok
21:53:53.0522 4348        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:53:53.0552 4348        ohci1394 - ok
21:53:53.0639 4348        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:53:53.0666 4348        Parport - ok
21:53:53.0706 4348        partmgr        (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:53:53.0729 4348        partmgr - ok
21:53:53.0782 4348        pccsmcfd        (bc0018c2d29f655188a0ed3fa94fdb24) C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
21:53:53.0805 4348        pccsmcfd - ok
21:53:53.0842 4348        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:53:53.0873 4348        pci - ok
21:53:53.0917 4348        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:53:53.0938 4348        pciide - ok
21:53:53.0963 4348        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:53:54.0001 4348        pcmcia - ok
21:53:54.0059 4348        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:53:54.0087 4348        pcw - ok
21:53:54.0130 4348        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:53:54.0227 4348        PEAUTH - ok
21:53:54.0377 4348        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:53:54.0449 4348        PptpMiniport - ok
21:53:54.0488 4348        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:53:54.0518 4348        Processor - ok
21:53:54.0588 4348        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:53:54.0663 4348        Psched - ok
21:53:54.0737 4348        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:53:54.0802 4348        ql2300 - ok
21:53:54.0832 4348        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:53:54.0862 4348        ql40xx - ok
21:53:54.0905 4348        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:53:54.0939 4348        QWAVEdrv - ok
21:53:54.0970 4348        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:53:55.0046 4348        RasAcd - ok
21:53:55.0083 4348        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:53:55.0155 4348        RasAgileVpn - ok
21:53:55.0205 4348        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:53:55.0268 4348        Rasl2tp - ok
21:53:55.0304 4348        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:53:55.0377 4348        RasPppoe - ok
21:53:55.0407 4348        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:53:55.0474 4348        RasSstp - ok
21:53:55.0528 4348        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:53:55.0602 4348        rdbss - ok
21:53:55.0660 4348        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:53:55.0695 4348        rdpbus - ok
21:53:55.0731 4348        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:53:55.0797 4348        RDPCDD - ok
21:53:55.0825 4348        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:53:55.0898 4348        RDPENCDD - ok
21:53:55.0916 4348        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:53:55.0984 4348        RDPREFMP - ok
21:53:56.0044 4348        RDPWD          (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:53:56.0112 4348        RDPWD - ok
21:53:56.0174 4348        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:53:56.0199 4348        rdyboost - ok
21:53:56.0242 4348        RkHit - ok
21:53:56.0308 4348        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:53:56.0383 4348        rspndr - ok
21:53:56.0424 4348        RTL8167        (91296f0b2653281b2f11e0fce56aa427) C:\Windows\system32\DRIVERS\Rt64win7.sys
21:53:56.0455 4348        RTL8167 - ok
21:53:56.0521 4348        SASDIFSV        (3289766038db2cb14d07dc84392138d5) C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
21:53:56.0539 4348        SASDIFSV - ok
21:53:56.0563 4348        SASKUTIL        (58a38e75f3316a83c23df6173d41f2b5) C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
21:53:56.0579 4348        SASKUTIL - ok
21:53:56.0628 4348        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:53:56.0652 4348        sbp2port - ok
21:53:56.0720 4348        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:53:56.0784 4348        scfilter - ok
21:53:56.0835 4348        sdbus          (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
21:53:56.0873 4348        sdbus - ok
21:53:56.0901 4348        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:53:56.0970 4348        secdrv - ok
21:53:57.0033 4348        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:53:57.0061 4348        Serenum - ok
21:53:57.0102 4348        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:53:57.0137 4348        Serial - ok
21:53:57.0185 4348        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:53:57.0212 4348        sermouse - ok
21:53:57.0288 4348        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:53:57.0320 4348        sffdisk - ok
21:53:57.0344 4348        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:53:57.0382 4348        sffp_mmc - ok
21:53:57.0407 4348        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:53:57.0443 4348        sffp_sd - ok
21:53:57.0477 4348        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:53:57.0503 4348        sfloppy - ok
21:53:57.0563 4348        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:53:57.0585 4348        SiSRaid2 - ok
21:53:57.0614 4348        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:53:57.0643 4348        SiSRaid4 - ok
21:53:57.0683 4348        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:53:57.0748 4348        Smb - ok
21:53:57.0799 4348        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:53:57.0819 4348        spldr - ok
21:53:57.0905 4348        sptd            (51de15ca5c05bca46d8b110cd00a02fb) C:\Windows\system32\Drivers\sptd.sys
21:53:57.0905 4348        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 51de15ca5c05bca46d8b110cd00a02fb
21:53:57.0908 4348        sptd ( LockedFile.Multi.Generic ) - warning
21:53:57.0908 4348        sptd - detected LockedFile.Multi.Generic (1)
21:53:57.0974 4348        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:53:58.0006 4348        srv - ok
21:53:58.0069 4348        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:53:58.0099 4348        srv2 - ok
21:53:58.0178 4348        SrvHsfHDA      (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
21:53:58.0208 4348        SrvHsfHDA - ok
21:53:58.0309 4348        SrvHsfV92      (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
21:53:58.0360 4348        SrvHsfV92 - ok
21:53:58.0418 4348        SrvHsfWinac    (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
21:53:58.0455 4348        SrvHsfWinac - ok
21:53:58.0519 4348        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:53:58.0544 4348        srvnet - ok
21:53:58.0636 4348        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:53:58.0658 4348        stexstor - ok
21:53:58.0727 4348        STHDA          (ed1722f43ce61409ef68340402d6267d) C:\Windows\system32\DRIVERS\stwrt64.sys
21:53:58.0761 4348        STHDA - ok
21:53:58.0831 4348        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:53:58.0854 4348        swenum - ok
21:53:58.0980 4348        Tcpip          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys
21:53:59.0051 4348        Tcpip - ok
21:53:59.0113 4348        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys
21:53:59.0179 4348        TCPIP6 - ok
21:53:59.0237 4348        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:53:59.0305 4348        tcpipreg - ok
21:53:59.0372 4348        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:53:59.0447 4348        TDPIPE - ok
21:53:59.0481 4348        TDTCP          (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:53:59.0551 4348        TDTCP - ok
21:53:59.0646 4348        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:53:59.0710 4348        tdx - ok
21:53:59.0754 4348        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:53:59.0774 4348        TermDD - ok
21:53:59.0830 4348        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:53:59.0892 4348        tssecsrv - ok
21:53:59.0951 4348        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:53:59.0979 4348        TsUsbFlt - ok
21:54:00.0031 4348        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:54:00.0099 4348        tunnel - ok
21:54:00.0146 4348        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:54:00.0171 4348        uagp35 - ok
21:54:00.0218 4348        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:54:00.0290 4348        udfs - ok
21:54:00.0356 4348        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:54:00.0378 4348        uliagpkx - ok
21:54:00.0421 4348        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:54:00.0452 4348        umbus - ok
21:54:00.0485 4348        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:54:00.0512 4348        UmPass - ok
21:54:00.0567 4348        USBAAPL64      (aa33fc47ed58c34e6e9261e4f850b7eb) C:\Windows\system32\Drivers\usbaapl64.sys
21:54:00.0591 4348        USBAAPL64 - ok
21:54:00.0647 4348        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
21:54:00.0679 4348        usbaudio - ok
21:54:00.0716 4348        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:54:00.0743 4348        usbccgp - ok
21:54:00.0796 4348        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:54:00.0827 4348        usbcir - ok
21:54:00.0868 4348        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
21:54:00.0899 4348        usbehci - ok
21:54:00.0955 4348        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:54:00.0982 4348        usbhub - ok
21:54:01.0028 4348        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:54:01.0057 4348        usbohci - ok
21:54:01.0103 4348        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:54:01.0140 4348        usbprint - ok
21:54:01.0169 4348        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:54:01.0204 4348        USBSTOR - ok
21:54:01.0241 4348        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
21:54:01.0282 4348        usbuhci - ok
21:54:01.0337 4348        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:54:01.0392 4348        usbvideo - ok
21:54:01.0457 4348        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:54:01.0481 4348        vdrvroot - ok
21:54:01.0543 4348        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:54:01.0577 4348        vga - ok
21:54:01.0607 4348        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:54:01.0684 4348        VgaSave - ok
21:54:01.0722 4348        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:54:01.0750 4348        vhdmp - ok
21:54:01.0790 4348        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:54:01.0815 4348        viaide - ok
21:54:01.0869 4348        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:54:01.0898 4348        volmgr - ok
21:54:01.0968 4348        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:54:01.0995 4348        volmgrx - ok
21:54:02.0023 4348        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:54:02.0049 4348        volsnap - ok
21:54:02.0090 4348        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:54:02.0114 4348        vsmraid - ok
21:54:02.0137 4348        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:54:02.0164 4348        vwifibus - ok
21:54:02.0187 4348        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:54:02.0218 4348        vwififlt - ok
21:54:02.0258 4348        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:54:02.0281 4348        WacomPen - ok
21:54:02.0311 4348        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:54:02.0373 4348        WANARP - ok
21:54:02.0385 4348        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:54:02.0443 4348        Wanarpv6 - ok
21:54:02.0503 4348        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:54:02.0522 4348        Wd - ok
21:54:02.0568 4348        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:54:02.0603 4348        Wdf01000 - ok
21:54:02.0650 4348        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:54:02.0712 4348        WfpLwf - ok
21:54:02.0733 4348        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:54:02.0752 4348        WIMMount - ok
21:54:02.0820 4348        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:54:02.0847 4348        WinUsb - ok
21:54:02.0892 4348        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:54:02.0914 4348        WmiAcpi - ok
21:54:02.0962 4348        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:54:03.0023 4348        ws2ifsl - ok
21:54:03.0084 4348        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:54:03.0147 4348        WudfPf - ok
21:54:03.0163 4348        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:54:03.0224 4348        WUDFRd - ok
21:54:03.0277 4348        yukonw7        (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
21:54:03.0308 4348        yukonw7 - ok
21:54:03.0347 4348        MBR (0x1B8)    (e6b4ca0a654dd2c9f72c0ea0fd94f376) \Device\Harddisk0\DR0
21:54:03.0447 4348        \Device\Harddisk0\DR0 - ok
21:54:03.0479 4348        Boot (0x1200)  (142998438f1333885c0512c777e8a234) \Device\Harddisk0\DR0\Partition0
21:54:03.0482 4348        \Device\Harddisk0\DR0\Partition0 - ok
21:54:03.0495 4348        Boot (0x1200)  (facb7b5fb03014d65391793286307b9f) \Device\Harddisk0\DR0\Partition1
21:54:03.0498 4348        \Device\Harddisk0\DR0\Partition1 - ok
21:54:03.0528 4348        Boot (0x1200)  (b2c2db7ef9262ae66641a1cd9ef8e85f) \Device\Harddisk0\DR0\Partition2
21:54:03.0531 4348        \Device\Harddisk0\DR0\Partition2 - ok
21:54:03.0545 4348        Boot (0x1200)  (9dc49683b982f8afb15b36431170ab4b) \Device\Harddisk0\DR0\Partition3
21:54:03.0546 4348        \Device\Harddisk0\DR0\Partition3 - ok
21:54:03.0547 4348        ============================================================
21:54:03.0547 4348        Scan finished
21:54:03.0547 4348        ============================================================
21:54:03.0561 2964        Detected object count: 1
21:54:03.0561 2964        Actual detected object count: 1
21:54:13.0603 2964        sptd ( LockedFile.Multi.Generic ) - skipped by user
21:54:13.0603 2964        sptd ( LockedFile.Multi.Generic ) - User select action: Skip

cosinus 26.02.2012 22:21
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

sunny2227 26.02.2012 22:57
Combofix Logfile:
Code:
ComboFix 12-02-25.02 - Franzi 26.02.2012  22:30:20.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4063.2703 [GMT 1:00]
ausgeführt von:: c:\users\Franzi\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Franzi\AppData\Roaming\Local
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RkHit
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-01-26 bis 2012-02-26  ))))))))))))))))))))))))))))))
.
.
2012-02-26 21:38 . 2012-02-26 21:38        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-02-26 19:49 . 2012-02-26 19:49        --------        d-----w-        C:\_OTL
2012-02-25 23:53 . 2012-02-08 07:13        8643640        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{DFCE6193-F8F7-44FC-848A-476614E7C3A9}\mpengine.dll
2012-02-22 20:07 . 2012-02-22 20:07        --------        d-----w-        c:\program files (x86)\Common Files\Java
2012-02-22 19:40 . 2012-02-22 19:40        --------        d-----w-        c:\program files (x86)\ESET
2012-02-20 21:08 . 2012-02-20 21:08        --------        d-----w-        c:\users\Franzi\AppData\Roaming\Malwarebytes
2012-02-20 21:08 . 2012-02-20 21:08        --------        d-----w-        c:\programdata\Malwarebytes
2012-02-20 21:08 . 2012-02-20 21:08        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-02-20 21:08 . 2011-12-10 14:24        23152        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-02-20 18:04 . 2012-02-20 18:04        --------        d-----w-        c:\users\Franzi\AppData\Roaming\Curiolab
2012-02-20 18:03 . 2012-02-20 21:08        --------        d-----w-        c:\program files (x86)\Exterminate It!
2012-02-20 17:54 . 2012-02-20 18:03        --------        d-----w-        c:\users\Franzi\AppData\Roaming\GetRightToGo
2012-02-20 17:40 . 2010-12-30 09:54        34736        ----a-w-        c:\windows\SysWow64\drivers\RKHit.sys
2012-02-20 17:40 . 2012-02-26 19:49        --------        d-----w-        c:\program files (x86)\PCSafeDoctor
2012-02-19 18:13 . 2012-02-19 18:13        --------        d-----w-        c:\users\Franzi\AppData\Roaming\SUPERAntiSpyware.com
2012-02-19 18:13 . 2012-02-19 18:17        --------        d-----w-        c:\program files\SUPERAntiSpyware
2012-02-19 18:13 . 2012-02-19 18:13        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com
2012-02-19 17:55 . 2011-12-16 08:46        634880        ----a-w-        c:\windows\system32\msvcrt.dll
2012-02-19 17:55 . 2011-12-16 07:52        690688        ----a-w-        c:\windows\SysWow64\msvcrt.dll
2012-02-19 17:55 . 2011-12-28 03:59        498688        ----a-w-        c:\windows\system32\drivers\afd.sys
2012-02-19 17:50 . 2012-01-04 10:44        509952        ----a-w-        c:\windows\system32\ntshrui.dll
2012-02-19 17:50 . 2012-01-04 08:58        442880        ----a-w-        c:\windows\SysWow64\ntshrui.dll
2012-02-19 17:50 . 2011-12-30 06:26        515584        ----a-w-        c:\windows\system32\timedate.cpl
2012-02-19 17:50 . 2011-12-30 05:27        478720        ----a-w-        c:\windows\SysWow64\timedate.cpl
2012-02-19 17:49 . 2012-01-14 04:06        3145728        ----a-w-        c:\windows\system32\win32k.sys
2012-02-19 16:49 . 2012-02-19 16:49        --------        d-----w-        c:\program files (x86)\Adobe Download Assistant
2012-02-13 18:14 . 2012-02-13 18:14        626688        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-02-13 18:14 . 2012-02-13 18:14        548864        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-02-13 18:14 . 2012-02-13 18:14        479232        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-02-13 18:14 . 2012-02-13 18:14        43992        ----a-w-        c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-02-13 07:47 . 2012-02-13 07:47        --------        d-----w-        c:\users\Franzi\AppData\Roaming\Avira
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-22 20:06 . 2010-04-19 08:24        472808        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-01-29 04:10 . 2009-12-25 07:36        279656        ------w-        c:\windows\system32\MpSigStub.exe
2011-11-30 20:13 . 2009-07-14 02:36        152576        ----a-w-        c:\windows\SysWow64\msclmd.dll
2011-11-30 20:13 . 2009-07-14 02:36        175616        ----a-w-        c:\windows\system32\msclmd.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Franzi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Franzi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        94208        ----a-w-        c:\users\Franzi\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-07-15 1668664]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2010-04-15 427328]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-04 37296]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-06-22 60464]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2010-05-20 500792]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-14 281768]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\users\Franzi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Franzi\AppData\Roaming\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
OpenOffice.org 3.1.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-26 135664]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-26 135664]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2009-03-02 89600]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-05-15 136360]
S2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832]
S3 DCamUSBNovatek;USB2.0 UVC Camera;c:\windows\system32\Drivers\nvtcam.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
ezSharedSvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-02-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-12-25 16:23]
.
2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-26 16:34]
.
2012-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-26 16:34]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Franzi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Franzi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Franzi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12        97792        ----a-w-        c:\users\Franzi\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-23 16334368]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-07-16 323072]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-22 450048]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2009-06-29 318464]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-07-21 610872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-09-08 171520]
"combofix"="c:\combofix\CF20859.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_DE&c=94&bd=Pavilion&pf=cnnb
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page =
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube to Mp3 Converter - c:\users\Franzi\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Franzi\AppData\Roaming\Mozilla\Firefox\Profiles\0grq5rxq.default\
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-SunJavaUpdateSched - Disable_By_c:\program files (x86)\Common Files\Java\Java Update\jusched.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{7B63B2922B174135AFC0E1377DD81EC2} - c:\program files (x86)\DivX\DivXCodecUninstall.exe
AddRemove-{8ADFC4160D694100B5B8A22DE9DCABD9} - c:\program files (x86)\DivX\DivXPlayerUninstall.exe
AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files (x86)\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-02-26  22:46:49 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-02-26 21:46
.
Vor Suchlauf: 14 Verzeichnis(se), 369.035.440.128 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 368.437.432.320 Bytes frei
.
- - End Of File - - 755357D4E210DF0C77FC433464FB6A45
--- --- ---

cosinus 27.02.2012 09:36
Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!
  • Starte die aswMBR.exe Vista und Win7 User aswMBR per Rechtsklick "als Administrator ausführen"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.

sunny2227 27.02.2012 22:16
Hallo,

das Programm scanned und meldet dann "avast! Antirootkit funktioniert nicht mehr...das Programm wird aufgrund eines Problem nicht richtig ausgeführt. Das Programm wird geschlossen und Sie werden benachrichtigt, wenn eine Lösung verfügbar ist."

cosinus 27.02.2012 22:27
Starte aswMBR neu, stell unten links auf (none) und klick dann nochmal auf Scan

sunny2227 27.02.2012 22:33
Hab ich gemacht, jedoch kam dann ein blue screen und Windows hat neu gestartet.

Was kann ich tun?

cosinus 27.02.2012 22:36
Wiederhol das bitte nochmal. Ggf. im abgesicherten Modus

sunny2227 27.02.2012 22:48
Code:
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-27 22:45:15
-----------------------------
22:45:15.438    OS Version: Windows x64 6.1.7601 Service Pack 1
22:45:15.438    Number of processors: 2 586 0x170A
22:45:15.438    ComputerName: FRANZI-PC  UserName: Franzi
22:45:20.196    Initialize success
22:45:28.589    AVAST engine defs: 12022700
22:45:34.064    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:45:34.080    Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3
22:45:34.111    Disk 0 MBR read successfully
22:45:34.111    Disk 0 MBR scan
22:45:34.127    Disk 0 unknown MBR code
22:45:34.142    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
22:45:34.158    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      463340 MB offset 409600
22:45:34.189    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        13296 MB offset 949329920
22:45:34.205    Disk 0 Partition 4 00    0C    FAT32 LBA MSDOS5.0      103 MB offset 976560128
22:45:34.251    Disk 0 scanning C:\Windows\system32\drivers
22:45:47.449    Service scanning
22:46:14.234    Modules scanning
22:46:14.250    Disk 0 trace - called modules:
22:46:14.265    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll
22:46:14.281    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800577c060]
22:46:14.297    3 CLASSPNP.SYS[fffff88000c2943f] -> nt!IofCallDriver -> [0xfffffa800577b650]
22:46:14.312    5 hpdskflt.sys[fffff880025bf289] -> nt!IofCallDriver -> [0xfffffa8004a4c830]
22:46:14.328    7 ACPI.sys[fffff8800116c7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004a9c050]
22:46:14.328    Scan finished successfully
22:46:32.736    Disk 0 MBR has been saved successfully to "C:\Users\Franzi\Desktop\MBR.dat"
22:46:32.751    The log file has been saved successfully to "C:\Users\Franzi\Desktop\aswMBR.txt"

cosinus 28.02.2012 09:28
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

sunny2227 28.02.2012 22:31
Code:
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-27 22:45:15
-----------------------------
22:45:15.438    OS Version: Windows x64 6.1.7601 Service Pack 1
22:45:15.438    Number of processors: 2 586 0x170A
22:45:15.438    ComputerName: FRANZI-PC  UserName: Franzi
22:45:20.196    Initialize success
22:45:28.589    AVAST engine defs: 12022700
22:45:34.064    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:45:34.080    Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3
22:45:34.111    Disk 0 MBR read successfully
22:45:34.111    Disk 0 MBR scan
22:45:34.127    Disk 0 unknown MBR code
22:45:34.142    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
22:45:34.158    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      463340 MB offset 409600
22:45:34.189    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        13296 MB offset 949329920
22:45:34.205    Disk 0 Partition 4 00    0C    FAT32 LBA MSDOS5.0      103 MB offset 976560128
22:45:34.251    Disk 0 scanning C:\Windows\system32\drivers
22:45:47.449    Service scanning
22:46:14.234    Modules scanning
22:46:14.250    Disk 0 trace - called modules:
22:46:14.265    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll
22:46:14.281    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800577c060]
22:46:14.297    3 CLASSPNP.SYS[fffff88000c2943f] -> nt!IofCallDriver -> [0xfffffa800577b650]
22:46:14.312    5 hpdskflt.sys[fffff880025bf289] -> nt!IofCallDriver -> [0xfffffa8004a4c830]
22:46:14.328    7 ACPI.sys[fffff8800116c7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004a9c050]
22:46:14.328    Scan finished successfully
22:46:32.736    Disk 0 MBR has been saved successfully to "C:\Users\Franzi\Desktop\MBR.dat"
22:46:32.751    The log file has been saved successfully to "C:\Users\Franzi\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-28 22:24:02
-----------------------------
22:24:02.105    OS Version: Windows x64 6.1.7601 Service Pack 1
22:24:02.120    Number of processors: 2 586 0x170A
22:24:02.120    ComputerName: FRANZI-PC  UserName: Franzi
22:24:05.568    Initialize success
22:24:15.895    AVAST engine defs: 12022700
22:25:07.921    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:25:07.921    Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3
22:25:07.953    Disk 0 MBR read successfully
22:25:07.953    Disk 0 MBR scan
22:25:07.953    Disk 0 Windows 7 default MBR code
22:25:07.968    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
22:25:07.984    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      463340 MB offset 409600
22:25:08.015    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        13296 MB offset 949329920
22:25:08.031    Disk 0 Partition 4 00    0C    FAT32 LBA MSDOS5.0      103 MB offset 976560128
22:25:08.093    Disk 0 scanning C:\Windows\system32\drivers
22:25:22.351    Service scanning
22:25:55.361    Modules scanning
22:25:55.377    Disk 0 trace - called modules:
22:25:55.408    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys spnw.sys hal.dll
22:25:55.408    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800586a060]
22:25:55.423    3 CLASSPNP.SYS[fffff88000c4f43f] -> nt!IofCallDriver -> [0xfffffa8005869b10]
22:25:55.439    5 hpdskflt.sys[fffff880025e9289] -> nt!IofCallDriver -> [0xfffffa8004ae7330]
22:25:55.439    7 ACPI.sys[fffff880011917a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004b79050]
22:25:55.455    Scan finished successfully
22:26:10.680    Disk 0 MBR has been saved successfully to "C:\Users\Franzi\Desktop\MBR.dat"
22:26:10.696    The log file has been saved successfully to "C:\Users\Franzi\Desktop\aswMBR.txt"

cosinus 28.02.2012 22:51
Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

sunny2227 02.03.2012 19:46
Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.02.20.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Franzi :: FRANZI-PC [Administrator]

Schutz: Aktiviert

20.02.2012 22:09:43
mbam-log-2012-02-20 (22-09-43).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 167552
Laufzeit: 46 Minute(n), 3 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 2
C:\ProgramData\BHMmHjYKMAcfJ.exe (Trojan.FakeAlert) -> 3244 -> Löschen bei Neustart.
C:\ProgramData\QFqPu6fC3BwT7Y.exe (Trojan.FakeAlert) -> 4024 -> Löschen bei Neustart.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|BHMmHjYKMAcfJ.exe (Trojan.FakeAlert) -> Daten: C:\ProgramData\BHMmHjYKMAcfJ.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 5
C:\ProgramData\BHMmHjYKMAcfJ.exe (Trojan.FakeAlert) -> Löschen bei Neustart.
C:\ProgramData\QFqPu6fC3BwT7Y.exe (Trojan.FakeAlert) -> Löschen bei Neustart.
C:\Users\Franzi\AppData\Local\Temp\mFYNBx0UNVzIMI.exe.tmp (Trojan.FakeAlert) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Franzi\AppData\Local\Temp\msimg32.dll (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Franzi\AppData\Local\Temp\ncxswoaemr.exe (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

sunny2227 02.03.2012 23:19
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/02/2012 at 09:14 PM

Application Version : 5.0.1144

Core Rules Database Version : 8299
Trace Rules Database Version: 6111

Scan type      : Complete Scan
Total Scan Time : 01:26:46

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 593
Memory threats detected  : 0
Registry items scanned    : 67478
Registry threats detected : 0
File items scanned        : 88189
File threats detected    : 164

Adware.Tracking Cookie
        C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\CIHGOGY1.txt [ /mediaplex.com ]
        C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\11H3H7VW.txt [ /smartadserver.com ]
        C:\Users\Franzi\AppData\Roaming\Microsoft\Windows\Cookies\5HOD1T78.txt [ /apmebf.com ]
        C:\USERS\FRANZI\Cookies\CIHGOGY1.txt [ Cookie:franzi@mediaplex.com/ ]
        C:\USERS\FRANZI\Cookies\5HOD1T78.txt [ Cookie:franzi@apmebf.com/ ]
        .adxvalue.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .yadro.ru [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .dmtracker.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .martiniadnetwork.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .martiniadnetwork.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .martiniadnetwork.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .247realmedia.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .247realmedia.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .fastclick.net [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        www.googleadservices.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        eas4.emediate.eu [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        eas4.emediate.eu [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        tracking.quisma.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .traffictrack.de [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .ad.adnet.de [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .bs.serving-sys.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        de.sitestat.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .tracking.quisma.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        eas4.emediate.eu [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        foto.hcmedia.de [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        ad4.adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adbrite.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .casalemedia.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .technoratimedia.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .technoratimedia.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .imrworldwide.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .amazon-adsystem.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .questionmarket.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        ww251.smartadserver.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\FRANZI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\0GRQ5RXQ.DEFAULT\COOKIES.SQLITE ]

cosinus 05.03.2012 11:44
Gefällt mir garnicht, dass MBAM noch den ZeroAccess gefunden hat :(
Wird Malwarebytes immer noch fündig?

Zitat:
22:45:34.127 Disk 0 unknown MBR code
Irgendwie ist auch beim MBR-Fix das so nicht so gelaufen wie es sollte. Warum hab ich das übersehen :stirn:
Mach bitte auch ein neues Log mit aswMBR

sunny2227 05.03.2012 22:01
Hallo Arne,

was bedeutet das? Also das MBAM noch den ZeroAccess gefunden hat? ?)

Code:
Malwarebytes Anti-Malware (Test) 1.60.1.1000
www.malwarebytes.org

Datenbank Version: v2012.03.05.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Franzi :: FRANZI-PC [Administrator]

Schutz: Aktiviert

05.03.2012 20:35:42
mbam-log-2012-03-05 (20-35-42).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 415930
Laufzeit: 1 Stunde(n), 23 Minute(n), 19 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

sunny2227 05.03.2012 22:12
Code:
aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-27 22:45:15
-----------------------------
22:45:15.438    OS Version: Windows x64 6.1.7601 Service Pack 1
22:45:15.438    Number of processors: 2 586 0x170A
22:45:15.438    ComputerName: FRANZI-PC  UserName: Franzi
22:45:20.196    Initialize success
22:45:28.589    AVAST engine defs: 12022700
22:45:34.064    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:45:34.080    Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3
22:45:34.111    Disk 0 MBR read successfully
22:45:34.111    Disk 0 MBR scan
22:45:34.127    Disk 0 unknown MBR code
22:45:34.142    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
22:45:34.158    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      463340 MB offset 409600
22:45:34.189    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        13296 MB offset 949329920
22:45:34.205    Disk 0 Partition 4 00    0C    FAT32 LBA MSDOS5.0      103 MB offset 976560128
22:45:34.251    Disk 0 scanning C:\Windows\system32\drivers
22:45:47.449    Service scanning
22:46:14.234    Modules scanning
22:46:14.250    Disk 0 trace - called modules:
22:46:14.265    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys hal.dll
22:46:14.281    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800577c060]
22:46:14.297    3 CLASSPNP.SYS[fffff88000c2943f] -> nt!IofCallDriver -> [0xfffffa800577b650]
22:46:14.312    5 hpdskflt.sys[fffff880025bf289] -> nt!IofCallDriver -> [0xfffffa8004a4c830]
22:46:14.328    7 ACPI.sys[fffff8800116c7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004a9c050]
22:46:14.328    Scan finished successfully
22:46:32.736    Disk 0 MBR has been saved successfully to "C:\Users\Franzi\Desktop\MBR.dat"
22:46:32.751    The log file has been saved successfully to "C:\Users\Franzi\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-02-28 22:24:02
-----------------------------
22:24:02.105    OS Version: Windows x64 6.1.7601 Service Pack 1
22:24:02.120    Number of processors: 2 586 0x170A
22:24:02.120    ComputerName: FRANZI-PC  UserName: Franzi
22:24:05.568    Initialize success
22:24:15.895    AVAST engine defs: 12022700
22:25:07.921    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:25:07.921    Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3
22:25:07.953    Disk 0 MBR read successfully
22:25:07.953    Disk 0 MBR scan
22:25:07.953    Disk 0 Windows 7 default MBR code
22:25:07.968    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
22:25:07.984    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      463340 MB offset 409600
22:25:08.015    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        13296 MB offset 949329920
22:25:08.031    Disk 0 Partition 4 00    0C    FAT32 LBA MSDOS5.0      103 MB offset 976560128
22:25:08.093    Disk 0 scanning C:\Windows\system32\drivers
22:25:22.351    Service scanning
22:25:55.361    Modules scanning
22:25:55.377    Disk 0 trace - called modules:
22:25:55.408    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys spnw.sys hal.dll
22:25:55.408    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800586a060]
22:25:55.423    3 CLASSPNP.SYS[fffff88000c4f43f] -> nt!IofCallDriver -> [0xfffffa8005869b10]
22:25:55.439    5 hpdskflt.sys[fffff880025e9289] -> nt!IofCallDriver -> [0xfffffa8004ae7330]
22:25:55.439    7 ACPI.sys[fffff880011917a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004b79050]
22:25:55.455    Scan finished successfully
22:26:10.680    Disk 0 MBR has been saved successfully to "C:\Users\Franzi\Desktop\MBR.dat"
22:26:10.696    The log file has been saved successfully to "C:\Users\Franzi\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1649 Copyright(c) 2011 AVAST Software
Run date: 2012-03-05 22:07:59
-----------------------------
22:07:59.348    OS Version: Windows x64 6.1.7601 Service Pack 1
22:07:59.349    Number of processors: 2 586 0x170A
22:07:59.350    ComputerName: FRANZI-PC  UserName: Franzi
22:08:00.951    Initialize success
22:09:27.353    AVAST engine defs: 12030501
22:09:34.335    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
22:09:34.338    Disk 0 Vendor: ST950042 0003 Size: 476940MB BusType: 3
22:09:34.375    Disk 0 MBR read successfully
22:09:34.379    Disk 0 MBR scan
22:09:34.388    Disk 0 Windows 7 default MBR code
22:09:34.400    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          199 MB offset 2048
22:09:34.416    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      463340 MB offset 409600
22:09:34.457    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        13296 MB offset 949329920
22:09:34.482    Disk 0 Partition 4 00    0C    FAT32 LBA MSDOS5.0      103 MB offset 976560128
22:09:34.554    Disk 0 scanning C:\Windows\system32\drivers
22:09:56.309    Service scanning
22:10:26.678    Modules scanning
22:10:26.692    Disk 0 trace - called modules:
22:10:26.722    ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ACPI.sys iaStor.sys splq.sys
22:10:26.730    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800586a060]
22:10:26.738    3 CLASSPNP.SYS[fffff88000c4f43f] -> nt!IofCallDriver -> [0xfffffa8005869040]
22:10:26.746    5 hpdskflt.sys[fffff88002561289] -> nt!IofCallDriver -> [0xfffffa8004af25a0]
22:10:26.755    7 ACPI.sys[fffff8800100b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0xfffffa8004af3050]
22:10:26.763    Scan finished successfully
22:10:55.533    Disk 0 MBR has been saved successfully to "C:\Users\Franzi\Desktop\MBR.dat"
22:10:55.552    The log file has been saved successfully to "C:\Users\Franzi\Desktop\aswMBR.txt"

cosinus 06.03.2012 12:37
Doch, jetzt siehts in Ordnung aus.
Das Tool SASW hat auch nur noch Cookies gefunden.

Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

sunny2227 10.03.2012 13:49
Hallo Arne,

danke für Deine Hilfe.

Sieht eigentlich alles ganz gut aus.

Das Einzige ist, dass der PC ab und zu bei fireox hängen bleibt neuerdings und ich ihn nur mit kaltstart aus bekomme.

Viele Grüße

cosinus 10.03.2012 16:37
Erstell dir mal ein neues Profil und teste => Profile verwalten | Anleitung | Firefox-Hilfe


Alle Zeitangaben in WEZ +1. Es ist jetzt 16:49 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131