Trojaner-Board - searchnu.com/406 als Startseite

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - searchnu.com/406 als Startseite (https://www.trojaner-board.de/114321-searchnu-com-406-startseite.html)

searchnu.com/406 als Startseite

Hallo,

nachdem meine Freundin einen Trojaner von irgend einer Ausländischen Seite runtergeladen und auf ihrem Laptop installiert hat :stirn:,
wurde statt Google immer ...searchnu.com/406 angezeigt. Jegliche Versuche eine andere Startseite einzustellen ist fehlgeschlagen.

Ich habe mich hier im Board umgesehen und vor einiger Zeit mit folgenden Tools erfolgreich (?) gescannt Malwarebytes, OTL und SUPERAntiSpyware (logs s.u.).
Anschließend konnte ich zwar wieder eine andere Startseite einstellen, aber das Laptop läuft seitdem eher schlecht als recht.
Entweder habe ich was beschädigt, oder der/die Trojaner sind noch aktiv.
Das Gerät läuft extrem lahm und oft reagieren einzele Fenster (IE8, Win-Explorer, Firefox) nicht mehr. Beim Abspielen von Videos online stürzt der Flash-Player
sowohl bei IE8, als auch bei Firefox oft ab.

Was meint ihr, kann man noch was retten, oder muss ich die Kiste neu installieren?
Ich habe permanent eine aktuelle Vollversion von Kapersky drauf laufen. Eigentlich hatte ich den Eindruck, dass Kapersky gut ist, aber der prüft wohl nicht auf Malware?
Soll ich neben Kapersky noch was zusätzlich speziell gegen Malware installieren, und wenn Ja was?

So, das waren jetzt viele Fragen. Möchte mich vorab schon mal vorab bedanken, dass ihr eure Freizeit opfert, um anderen zu helfen! :applaus:

***************************************************************************
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.14.04

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
xxxxxx:: XXX-PC [Administrator]

Schutz: Aktiviert

14.04.2012 17:49:38
mbam-log-2012-04-14 (17-49-38).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 363210
Laufzeit: 2 Stunde(n), 37 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\xxxxxxx\Desktop\SoftonicDownloader_fuer_photo-slideshow-maker.exe (PUP.BundleOffer.Downloader.S) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

***************************************************************************

OTL logfile created on: 15.04.2012 08:55:52 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\xxx\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,94% Memory free
3,99 Gb Paging File | 2,83 Gb Available in Paging File | 70,99% Paging File free
Paging file location(s): c:\pagefile.sys 2048 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 22,81 Gb Free Space | 22,81% Space Free | Partition Type: NTFS
Drive D: | 117,87 Gb Total Space | 0,59 Gb Free Space | 0,50% Space Free | Partition Type: NTFS
Drive E: | 15,10 Gb Total Space | 15,08 Gb Free Space | 99,82% Space Free | Partition Type: FAT32

Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\xxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe ()
PRC - C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files\EeePC\HotkeyService\HotkeyService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe (AsusTek Computer Inc.)
PRC - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
PRC - C:\Program Files\EeePC\CapsHook\CapsHook.exe (ASUS)
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
PRC - C:\Program Files\EeePC\SHE\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
PRC - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
PRC - C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Windows\System32\AsusService.exe ()
PRC - C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (Boingo Wireless, Inc.)
PRC - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Program Files\FRITZ!DSL\StCenter.exe (AVM Berlin)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)
PRC - C:\Program Files\FRITZ!DSL\FwebProt.exe (AVM Berlin)

========== Modules (No Company Name) ==========

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ce70b84dbb9970e1893672c5d430c80\Microsoft.VisualBasic.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\507b4ca18da9d2fde2e51a1f04593443\System.Web.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()
MOD - C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\31fce331fded94dd06627603f6fe4562\Accessibility.ni.dll ()
MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AxInterop.ShockwaveFlashObjects.dll ()
MOD - C:\PROGRA~1\ASUS\ASUSWE~1\30108~1.222\ASUSWS~1.DLL ()
MOD - C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll ()
MOD - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
MOD - C:\Program Files\WinRAR\rarext.dll ()

========== Win32 Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Guard.Mail.ru) -- C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe ()
SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()
SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)

========== Driver Services (SafeList) ==========

DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)
DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (nvpciflt) -- C:\Windows\System32\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)
DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()
DRV - (klbg) -- C:\Windows\System32\drivers\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)
DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)
DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
IE - HKCU\..\SearchScopes,DefaultScope = {E88E0043-C9D4-4e33-8555-FEE4F5B63060}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{231D0CC4-941C-4625-B1EE-032B706854B5}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}
IE - HKCU\..\SearchScopes\{3AF41670-B64E-405C-81D9-F4F45E9881FF}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (MailRuBHO Class) - {8984B388-A5BB-4DF7-B274-77B879E179DB} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O3 - HKLM\..\Toolbar: (Спутник@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Спутник@Mail.Ru) - {09900DE8-1DCA-443F-9243-26FF581438AF} - C:\Program Files\Mail.Ru\Sputnik\MailRuSputnik.dll (@Mail.Ru)
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe ()
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O13 - gopher Prefix: missing
O16 - DPF: {28B66320-9687-4B13-8757-36F901887AB5} hxxp://www.lidl-fotos.de/ips-opdata/layout/lidl02/objects/canvasx.cab (CanvasX Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{588BC8C4-65F4-486B-B06E-88C28F634390}: NameServer = 192.168.0.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - AppInit_DLLs: (C:\windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - Winlogon\Notify\klogon: DllName - (C:\windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012.04.14 18:26:43 | 000,593,920 | ---- | C] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2012.04.14 17:46:51 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\Malwarebytes
[2012.04.14 17:46:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.04.14 17:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.04.14 17:46:14 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012.04.14 17:46:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.04.14 17:28:08 | 000,000,000 | -H-D | C] -- C:\windows\AxInstSV
[2012.04.11 20:14:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.04.11 19:46:41 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2012.04.11 19:46:41 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2012.04.10 19:23:52 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2012.04.10 19:23:52 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2012.04.10 19:23:51 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2012.04.10 19:23:51 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2012.04.10 19:23:50 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2012.04.07 18:03:37 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\Formulare
[2012.04.05 14:25:42 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012.03.30 18:35:20 | 000,000,000 | ---D | C] -- C:\Users\xxx\Desktop\FernStudiumILS
[2012.03.28 10:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.03.28 10:06:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2012.03.28 10:05:29 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2012.03.28 10:05:29 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2012.03.28 10:05:28 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2012.03.28 10:05:01 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.03.28 09:58:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2012.03.28 09:53:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012.03.28 09:53:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2012.03.28 09:11:13 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Local\Secunia PSI
[2012.03.28 08:57:33 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2012.03.28 08:53:26 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2012.03.28 08:53:23 | 001,077,248 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\DWrite.dll
[2012.03.28 08:52:02 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcorekmts.dll
[2012.03.28 08:52:02 | 000,058,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpwsx.dll
[2012.03.28 08:52:02 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdrmemptylst.exe
[2012.03.28 08:51:58 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\rdpcore.dll
[4 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Users\xxx\Desktop\*.tmp files -> C:\Users\xxx\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.04.15 08:53:56 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.04.15 08:53:56 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.04.15 08:52:31 | 000,644,280 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2012.04.15 08:52:31 | 000,616,452 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012.04.15 08:52:31 | 000,129,726 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2012.04.15 08:52:31 | 000,106,574 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012.04.15 08:44:55 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012.04.15 08:44:48 | 1602,740,224 | -HS- | M] () -- C:\hiberfil.sys
[2012.04.14 22:58:33 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.04.14 21:59:55 | 000,003,544 | ---- | M] () -- C:\bootsqm.dat
[2012.04.14 18:21:52 | 000,593,920 | ---- | M] (OldTimer Tools) -- C:\Users\xxx\Desktop\OTL.exe
[2012.04.14 17:46:18 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.14 17:34:59 | 000,000,165 | ---- | M] () -- C:\Users\xxx\Desktop\searchnu hat sich als Startseite eingenistet - Trojaner-Board.url
[2012.04.07 17:50:57 | 000,000,017 | ---- | M] () -- C:\windows\System32\shortcut_ex.dat
[2012.04.05 14:25:42 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerApp.exe
[2012.04.05 14:25:42 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012.03.30 18:54:22 | 000,000,162 | -H-- | M] () -- C:\Users\xxx\Desktop\~$fgabenblatt - TOUR 7.rtf
[2012.03.28 10:42:49 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.03.28 10:05:05 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\deployJava1.dll
[2012.03.28 10:05:05 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2012.03.28 10:05:05 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2012.03.28 10:05:05 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2012.03.28 09:58:02 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.03.28 09:53:55 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.03.28 09:35:33 | 000,267,008 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2012.03.28 08:57:37 | 000,001,064 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[4 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]
[1 C:\Users\xxx\Desktop\*.tmp files -> C:\Users\xxx\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.04.14 21:59:55 | 000,003,544 | ---- | C] () -- C:\bootsqm.dat
[2012.04.14 17:46:18 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.04.14 17:34:59 | 000,000,165 | ---- | C] () -- C:\Users\xxx\Desktop\searchnu hat sich als Startseite eingenistet - Trojaner-Board.url
[2012.04.07 17:50:57 | 000,000,017 | ---- | C] () -- C:\windows\System32\shortcut_ex.dat
[2012.04.05 14:25:44 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012.03.30 18:54:22 | 000,000,162 | -H-- | C] () -- C:\Users\xxx\Desktop\~$fgabenblatt - TOUR 7.rtf
[2012.03.28 10:42:49 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.03.28 09:58:02 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2012.03.28 09:53:55 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2012.03.28 08:57:37 | 000,001,064 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2012.03.28 08:57:37 | 000,001,027 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2011.07.20 17:33:12 | 000,115,369 | ---- | C] () -- C:\windows\System32\drivers\klin.dat
[2011.07.20 17:33:12 | 000,097,961 | ---- | C] () -- C:\windows\System32\drivers\klick.dat
[2011.07.20 17:29:15 | 000,001,769 | ---- | C] () -- C:\windows\Language_trs.ini
[2011.02.21 19:33:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.09.28 17:30:03 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2010.09.28 01:34:14 | 000,000,852 | ---- | C] () -- C:\windows\System32\drivers\RTKHDRC.dat
[2010.09.28 01:34:14 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2010.09.28 01:33:37 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2010.09.28 01:33:37 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2010.07.27 23:50:32 | 000,129,472 | ---- | C] () -- C:\windows\TISReg.exe
[2010.07.27 23:44:04 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2010.07.27 23:44:03 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2010.07.27 23:41:06 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010.07.27 23:39:18 | 000,011,520 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2010.07.27 23:32:05 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2010.07.12 18:10:54 | 000,408,168 | ---- | C] () -- C:\windows\System32\easyUpdatusAPIU.dll
[2010.07.12 18:10:54 | 000,347,350 | ---- | C] () -- C:\windows\System32\nvcoproc.bin
[2010.07.06 04:50:14 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys

< End of report >

*******************************************************
OTL Extras logfile created on: 15.04.2012 08:55:52 - Run 1
OTL by OldTimer - Version 3.2.39.2 Folder = C:\Users\xxx\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,99 Gb Total Physical Memory | 1,11 Gb Available Physical Memory | 55,94% Memory free
3,99 Gb Paging File | 2,83 Gb Available in Paging File | 70,99% Paging File free
Paging file location(s): c:\pagefile.sys 2048 2048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 22,81 Gb Free Space | 22,81% Space Free | Partition Type: NTFS
Drive D: | 117,87 Gb Total Space | 0,59 Gb Free Space | 0,50% Space Free | Partition Type: NTFS
Drive E: | 15,10 Gb Total Space | 15,08 Gb Free Space | 99,82% Space Free | Partition Type: FAT32

Computer Name: xxx-PC | User Name: xxx | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{13CD417D-F1F1-4AC4-945D-FDDEB884756F}" = Microsoft Baseline Security Analyzer 2.2
"{16D0F2D2-242C-4885-BEF1-4B1655C141AE}" = Bing Bar
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{300A98D6-8DA2-45FF-9314-A6861D76A535}" = syncables desktop SE
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{491ADA37-04EE-2ECE-9F86-DDC0106047AC}" = Times Reader
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}" = AVM FRITZ!DSL
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{84C2B80B-64A2-4B22-93EC-F30C3D6BF7D8}" = Boingo Wi-Fi
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"{946135EF-3A4C-494F-AE05-1312913DF880}" = Dr.Eee
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95E03739-5775-4D41-B0B9-D99DFDFE2DED}" = ALLNET Powerline Configuration Utility
"{99011A6E-5200-11DE-BDB8-7ACD56D89593}" = Rosetta Stone Version 3
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console
"{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{F58C1D44-4AC9-48E8-9049-7A6CDFCB415C}" = LocaleMe
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"Catan - Staedte und Ritter" = Catan - Städte und Ritter
"CCleaner" = CCleaner
"com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1" = Times Reader
"Diashow XL_is1" = Diashow XL
"Eee Docking_is1" = Eee Docking 3.8.1
"Guard.Mail.ru" = Guard.Mail.ru
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"InstallShield_{946135EF-3A4C-494F-AE05-1312913DF880}" = Dr.Eee
"InstallWIX_{943B6738-4801-4982-90EC-0442EF7AEB16}" = Kaspersky Anti-Virus 2010
"MailRuSputnik" = Mail.Ru Спутник 2.4.0.491
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA.Updatus" = NVIDIA Updatus
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"OOBERegBackup_is1" = OOBERegBackup
"ScreenSaverPatch_is1" = ScreenSaverPatch
"Secunia PSI" = Secunia PSI (2.0.0.4003)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

***********************************************************************************
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 04/15/2012 at 11:51 AM

Application Version : 5.0.1146

Core Rules Database Version : 8458
Trace Rules Database Version: 6270

Scan type : Complete Scan
Total Scan Time : 02:03:34

Operating System Information
Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 788
Memory threats detected : 0
Registry items scanned : 34151
Registry threats detected : 0
File items scanned : 68156
File threats detected : 80

Adware.Tracking Cookie
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@ad.yieldmanager[1].txt [ /ad.yieldmanager ]
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@adx.chip[1].txt [ /adx.chip ]
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@content.yieldmanager[1].txt [ /content.yieldmanager ]
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@smartadserver[1].txt [ /smartadserver ]
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\6CYWLSF9.txt [ /oracle.112.2o7.net ]
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\8GCSFJF1.txt [ /partypoker.com ]
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\9NGMIKBL.txt [ /apmebf.com ]
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\AAO8IUL9.txt [ /yadro.ru ]
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\T4MFWIHQ.txt [ /doubleclick.net ]
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@rambler[2].txt [ /rambler.ru ]
C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Cookies\xxx@www.rambler[2].txt [ /www.rambler.ru ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\7JIJUOZ5.txt [ Cookie:xxx@media.gan-online.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\N1C2X7Q3.txt [ Cookie:xxx@zanox.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\TGQIAIT1.txt [ Cookie:xxx@ru4.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\0O44QGWP.txt [ Cookie:xxx@ad2.adfarm1.adition.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\CJ9SALUI.txt [ Cookie:xxx@apmebf.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\TO4DEG5L.txt [ Cookie:xxx@ww251.smartadserver.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y2ZF1XGS.txt [ Cookie:xxx@dyntracker.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\PE0U3OF9.txt [ Cookie:xxx@invitemedia.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\PJ1PIX8D.txt [ Cookie:xxx@specificclick.net/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\8B0CVIXG.txt [ Cookie:xxx@webmasterplan.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\7R3BELP4.txt [ Cookie:xxx@yadro.ru/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\63UWFZNI.txt [ Cookie:xxx@s4.trafficmaxx.de/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\WS3HK8M4.txt [ Cookie:xxx@www.googleadservices.com/pagead/conversion/1066329064/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\4WFCTKA3.txt [ Cookie:xxx@www.zanox-affiliate.de/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\3QVLZQNJ.txt [ Cookie:xxx@spylog.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\60SU4UMG.txt [ Cookie:xxx@urbia.wwe-media.de/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\TQPB23N2.txt [ Cookie:xxx@tns-counter.ru/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\YTZ5SH6X.txt [ Cookie:xxx@loyaltypartner.122.2o7.net/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\KTIUF68G.txt [ Cookie:xxx@www.googleadservices.com/pagead/conversion/949381375/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\MEB9JHFJ.txt [ Cookie:xxx@smartadserver.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\QYP6PVSB.txt [ Cookie:xxx@www.googleadservices.com/pagead/conversion/985119181/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\8VME6JXM.txt [ Cookie:xxx@directadvert.ru/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\0K1UZ9I5.txt [ Cookie:xxx@c.atdmt.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\VRPVURIW.txt [ Cookie:xxx@cunda.122.2o7.net/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\LLGQ7KK9.txt [ Cookie:xxx@doubleclick.net/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\E2KBXRLU.txt [ Cookie:xxx@hightraffic.hugoboss.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\TRT1219B.txt [ Cookie:xxx@zbox.zanox.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\T0LYWNYF.txt [ Cookie:xxx@quartermedia.de/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\0WS96SOF.txt [ Cookie:xxx@ad.zanox.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\4JX1UHW2.txt [ Cookie:xxx@revsci.net/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\GDM568CB.txt [ Cookie:xxx@data.coremetrics.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\00NQXIBY.txt [ Cookie:xxx@clickfuse.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\ERW47DCZ.txt [ Cookie:xxx@ad3.adfarm1.adition.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\T80RRPAP.txt [ Cookie:xxx@adtech.de/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\Q0NZ5HBV.txt [ Cookie:xxx@ad.dyntracker.de/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\EUXQCWYM.txt [ Cookie:xxx@statcounter.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\YX6OH6BM.txt [ Cookie:xxx@atdmt.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\2X761QGE.txt [ Cookie:xxx@fl01.ct2.comclick.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\0YSO4WXW.txt [ Cookie:xxx@tradedoubler.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\GCJEOE0J.txt [ Cookie:xxx@tracking.quisma.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\R30O10HL.txt [ Cookie:xxx@questionmarket.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\VV3UO376.txt [ Cookie:xxx@www.directadvert.ru/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\ALJJZF59.txt [ Cookie:xxx@www.etracker.de/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\YT9V7Y07.txt [ Cookie:xxx@zanox-affiliate.de/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\05ICXGAZ.txt [ Cookie:xxx@traffictrack.de/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\H9YNF6C5.txt [ Cookie:xxx@adsyst.biz/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\QQXLD10I.txt [ Cookie:xxx@in.getclicky.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\OG0R27IV.txt [ Cookie:xxx@bs.serving-sys.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\D2VZ8XTJ.txt [ Cookie:xxx@ad1.adfarm1.adition.com/ ]
C:\USERS\xxx\AppData\Roaming\Microsoft\Windows\Cookies\Low\KJ9SAQMG.txt [ Cookie:xxx@track.webtrekk.de/390100023909110/ ]
C:\USERS\xxx\Cookies\6CYWLSF9.txt [ Cookie:xxx@oracle.112.2o7.net/ ]
C:\USERS\xxx\Cookies\8GCSFJF1.txt [ Cookie:xxx@partypoker.com/ ]
C:\USERS\xxx\Cookies\9NGMIKBL.txt [ Cookie:xxx@apmebf.com/ ]
C:\USERS\xxx\Cookies\AAO8IUL9.txt [ Cookie:xxx@yadro.ru/ ]
C:\USERS\xxx\Cookies\xxx@smartadserver[1].txt [ Cookie:xxx@smartadserver.com/ ]
C:\USERS\xxx\Cookies\xxx@adx.chip[1].txt [ Cookie:xxx@adx.chip.de/ ]
C:\USERS\xxx\Cookies\T4MFWIHQ.txt [ Cookie:xxx@doubleclick.net/ ]
C:\USERS\xxx\Cookies\xxx@content.yieldmanager[1].txt [ Cookie:xxx@content.yieldmanager.com/ ]
C:\USERS\xxx\Cookies\xxx@www.rambler[2].txt [ Cookie:xxx@www.rambler.ru/ ]
C:\USERS\xxx\APPDATA\LOCAL\TEMP\LOW\COOKIES\xxx@TNS-COUNTER[1].TXT [ /TNS-COUNTER ]
aka-cdn-ns.adtech.de [ C:\USERS\xxx\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9LW73T9N ]
allserials.tv [ C:\USERS\xxx\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9LW73T9N ]
delivery.ibanner.de [ C:\USERS\xxx\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9LW73T9N ]
media.kyte.tv [ C:\USERS\xxx\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9LW73T9N ]
s0.2mdn.net [ C:\USERS\xxx\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9LW73T9N ]
vht.tradedoubler.com [ C:\USERS\xxx\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9LW73T9N ]
www.secmedia.de [ C:\USERS\xxx\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9LW73T9N ]
www.sexsmotri.com [ C:\USERS\xxx\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9LW73T9N ]
wwwstatic.megaporn.com [ C:\USERS\xxx\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\9LW73T9N ]

ENDE
____________________________________________

Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Hallo,

die logs der beiden Scans die ich gemacht habe sind angehängt.

Gruß, L

Zitat:

C:\Users\xxxxxxx\Desktop\SoftonicDownloader_fuer_photo-slideshow-maker.exe

Finger weg von Softonic!!

Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen

Führ bitte auch ESET aus, danach sehen wir weiter:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Zwei Dateien hat er gefunden, siehe Anhang.

Gruß, L

Die Logs bitte beim nächsten Mal in CODE-Tags posten!!

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

log.txt:

Code:



ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.7600.16385 (win7_rtm.090713-1255)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=275622e38c289545b696f9cab33a6cfb

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-05-03 08:27:01

# local_time=2012-05-03 10:27:01 (+0100, Mitteleuropдische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=1280 16777215 100 0 24883411 24883411 0 0

# compatibility_mode=5893 16776574 66 85 32504576 87690521 0 0

# compatibility_mode=8192 67108863 100 0 543 543 0 0

# scanned=113710

# found=2

# cleaned=0

# scan_time=17491

D:\***-PC\Backup Set 2012-01-01 190006\Backup Files 2012-01-08 193133\Backup files 1.zip        Win32/SoftonicDownloader application (unable to clean)        00000000000000000000000000000000        I

D:\***-PC\Backup Set 2012-01-22 190005\Backup Files 2012-01-22 190005\Backup files 1.zip        Win32/SoftonicDownloader application (unable to clean)        00000000000000000000000000000000        I

1. Der normale Modus läuft ohne Fehler oder Auffälligkeiten, wenn auch etwas langsamer als früher

2. Im Startmenü ist alles vorhanden. Keine leeren Ordner o.ä.

Gruß, L

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

OTL Logfile:

Code:

OTL logfile created on: 06.05.2012 08:50:04 - Run 2

OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\***\Desktop

 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 1,33 Gb Available Physical Memory | 66,78% Memory free

3,99 Gb Paging File | 3,13 Gb Available in Paging File | 78,41% Paging File free

Paging file location(s): c:\pagefile.sys 2048 2048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 100,00 Gb Total Space | 24,21 Gb Free Space | 24,21% Space Free | Partition Type: NTFS

Drive D: | 117,87 Gb Total Space | 5,22 Gb Free Space | 4,43% Space Free | Partition Type: NTFS

Drive E: | 15,10 Gb Total Space | 15,08 Gb Free Space | 99,82% Space Free | Partition Type: FAT32

 

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)

PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)

PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe (Kaspersky Lab)

PRC - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)

PRC - C:\Windows\System32\AsusService.exe ()

PRC - C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (Boingo Wireless, Inc.)

PRC - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ce70b84dbb9970e1893672c5d430c80\Microsoft.VisualBasic.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()

MOD - C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - C:\PROGRA~1\ASUS\ASUSWE~1\30108~1.222\ASUSWS~1.DLL ()

MOD - C:\Program Files\WinRAR\rarext.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)

SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)

SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)

SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)

SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()

SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)

DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)

DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)

DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)

DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)

DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)

DRV - (nvpciflt) -- C:\Windows\System32\drivers\nvpciflt.sys (NVIDIA Corporation)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)

DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()

DRV - (klbg) -- C:\Windows\System32\drivers\klbg.sys (Kaspersky Lab)

DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)

DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)

DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)

DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com

IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]

IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes,DefaultScope = {E88E0043-C9D4-4e33-8555-FEE4F5B63060}

IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox

IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes\{231D0CC4-941C-4625-B1EE-032B706854B5}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}

IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes\{3AF41670-B64E-405C-81D9-F4F45E9881FF}: "URL" = hxxp://www.google.de/search?q={searchTerms}

IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}

IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb

IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.29 17:54:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

 

[2012.04.17 19:28:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions

[2012.05.02 16:40:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\k0393dc9.default\extensions

[2012.04.29 17:54:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2012.04.17 19:51:05 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\mozilla firefox\extensions\linkfilter@kaspersky.ru

[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.

O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found.

O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {C44F9E21-D93F-490C-B41C-B3548BDD19FC} - No CLSID value found.

O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.

O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)

O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()

O4 - HKLM..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)

O4 - HKU\.DEFAULT..\Run: [FRITZ!protect] FwebProt.exe File not found

O4 - HKU\S-1-5-18..\Run: [FRITZ!protect] FwebProt.exe File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Autorun.cmd ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\FRITZ!DSL\\sarah.dll ()

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)

O13 - gopher Prefix: missing

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{588BC8C4-65F4-486B-B06E-88C28F634390}: NameServer = 192.168.0.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - AppInit_DLLs: (C:\windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - Winlogon\Notify\klogon: DllName - (C:\windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk -  - File not found

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)

MsConfig - StartUpReg: ASUSPRP - hkey= - key= - C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)

MsConfig - StartUpReg: ASUSWebStorage - hkey= - key= - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)

MsConfig - StartUpReg: CapsHook - hkey= - key= -  File not found

MsConfig - StartUpReg: Eee Docking - hkey= - key= - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()

MsConfig - StartUpReg: HotkeyMon - hkey= - key= -  File not found

MsConfig - StartUpReg: HotkeyService - hkey= - key= -  File not found

MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

MsConfig - StartUpReg: LiveUpdate - hkey= - key= -  File not found

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig - StartUpReg: SuperHybridEngine - hkey= - key= -  File not found

MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

MsConfig - State: "startup" - 2

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.05.06 08:46:09 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2012.05.03 17:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.04.29 18:12:59 | 000,000,000 | ---D | C] -- C:\windows\pss

[2012.04.29 18:04:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2012.04.29 18:01:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google

[2012.04.29 18:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2012.04.29 16:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012.04.29 16:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service

[2012.04.17 19:28:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla

[2012.04.17 19:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2012.04.15 09:38:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com

[2012.04.15 09:38:08 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012.04.14 17:46:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes

[2012.04.14 17:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.04.14 17:28:08 | 000,000,000 | -H-D | C] -- C:\windows\AxInstSV

[7 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.05.06 08:49:25 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.05.06 08:49:25 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.05.06 08:45:53 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.05.06 08:45:37 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2012.05.06 08:44:01 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012.05.06 08:38:22 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.05.06 08:33:59 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012.05.04 16:50:13 | 1602,740,224 | -HS- | M] () -- C:\hiberfil.sys

[2012.05.03 14:31:47 | 000,000,017 | ---- | M] () -- C:\windows\System32\shortcut_ex.dat

[2012.05.01 17:26:51 | 000,644,280 | ---- | M] () -- C:\windows\System32\perfh007.dat

[2012.05.01 17:26:51 | 000,616,452 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2012.05.01 17:26:51 | 000,129,726 | ---- | M] () -- C:\windows\System32\perfc007.dat

[2012.05.01 17:26:51 | 000,106,574 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2012.04.29 18:04:22 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.04.29 17:54:32 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.04.17 19:46:37 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2012.04.15 09:34:57 | 000,266,352 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

[7 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.05.03 17:18:23 | 000,001,409 | ---- | C] () -- C:\Users\***\Desktop\Internet Explorer.lnk

[2012.05.03 14:31:47 | 000,000,017 | ---- | C] () -- C:\windows\System32\shortcut_ex.dat

[2012.04.29 18:02:51 | 000,001,098 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.04.29 18:02:46 | 000,001,094 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.04.17 19:23:13 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.04.17 19:23:12 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2011.07.20 17:33:12 | 000,115,369 | ---- | C] () -- C:\windows\System32\drivers\klin.dat

[2011.07.20 17:33:12 | 000,097,961 | ---- | C] () -- C:\windows\System32\drivers\klick.dat

[2011.07.20 17:29:15 | 000,001,769 | ---- | C] () -- C:\windows\Language_trs.ini

[2011.02.21 19:33:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.09.28 17:30:03 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS

[2010.09.28 01:34:14 | 000,000,852 | ---- | C] () -- C:\windows\System32\drivers\RTKHDRC.dat

[2010.09.28 01:34:14 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat

[2010.09.28 01:33:37 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat

[2010.09.28 01:33:37 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat

[2010.07.27 23:50:32 | 000,129,472 | ---- | C] () -- C:\windows\TISReg.exe

[2010.07.27 23:44:04 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe

[2010.07.27 23:44:03 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini

[2010.07.27 23:41:06 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe

[2010.07.27 23:39:18 | 000,011,520 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys

[2010.07.27 23:32:05 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat

[2010.07.12 18:10:54 | 000,408,168 | ---- | C] () -- C:\windows\System32\easyUpdatusAPIU.dll

[2010.07.12 18:10:54 | 000,347,350 | ---- | C] () -- C:\windows\System32\nvcoproc.bin

[2010.07.06 04:50:14 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys

 
 ========== LOP Check ==========

 

[2010.07.27 23:50:05 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage

[2010.07.27 23:50:05 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage

[2012.04.29 18:09:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASUS WebStorage

[2012.04.29 18:50:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite

[2010.10.31 13:47:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EeeStorageUploader

[2011.04.03 17:48:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Firefly Studios

[2012.05.06 08:49:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!

[2011.01.17 15:21:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0

[2012.01.06 11:48:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IN-MEDIAKG

[2012.01.01 18:36:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX

[2012.01.06 11:54:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mresreg

[2012.01.02 22:02:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SkyMonk

[2012.05.03 14:31:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client

[2010.09.28 16:31:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SYBEX.eurofahrschule2010.DEA6744BBD64092B439DF6F6F66EE152DA36E9C6.1

[2010.12.25 12:48:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\temp

[2010.11.28 15:05:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP

[2010.09.28 01:35:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VoiceCommand

[2012.02.03 10:56:26 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.07.20 19:33:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe

[2012.04.29 18:09:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASUS WebStorage

[2012.04.29 18:50:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite

[2010.10.31 13:47:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EeeStorageUploader

[2011.04.03 17:48:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Firefly Studios

[2012.05.06 08:49:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!

[2011.01.17 15:21:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0

[2009.07.14 06:54:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities

[2012.01.06 11:48:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IN-MEDIAKG

[2010.07.27 23:26:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield

[2010.07.27 23:39:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia

[2012.01.01 18:36:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX

[2012.04.14 17:46:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes

[2011.12.03 15:16:56 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft

[2012.04.17 19:28:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla

[2012.01.06 11:54:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mresreg

[2012.01.02 22:02:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SkyMonk

[2012.04.29 18:50:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype

[2011.03.02 17:02:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM

[2012.05.03 14:31:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client

[2012.04.15 09:38:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com

[2010.09.28 16:31:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SYBEX.eurofahrschule2010.DEA6744BBD64092B439DF6F6F66EE152DA36E9C6.1

[2010.12.25 12:48:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\temp

[2010.11.28 15:05:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP

[2012.04.11 22:31:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc

[2010.09.28 01:35:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VoiceCommand

[2010.10.18 17:05:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[2009.06.05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2009.06.05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys

[2009.06.05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1f15fc3e546800a\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys

[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys

[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys

[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys

[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys

[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys

[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys

[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys

[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys

[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll

[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[7 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]

 
 <          Schliesse bitte nun alle Programme. (Wichtig)  >

 
 < Klicke nun bitte auf den Quick Scan Button.  >

 
 < Klick auf .  >
 

< End of report >

--- --- ---

[/code]

Du hast das CustomScan-Script nicht 1:1 in das Fenster von OTL reinkopiert. Bitte wiederholen und sorgfätiger beim Kopieren und Einfügen sein

OTL Logfile:
OTL Logfile:

Code:

OTL logfile created on: 08.05.2012 18:38:05 - Run 3

OTL by OldTimer - Version 3.2.42.2     Folder = C:\Users\***\Desktop

 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 8.0.7601.17514)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1,99 Gb Total Physical Memory | 1,30 Gb Available Physical Memory | 65,26% Memory free

3,99 Gb Paging File | 3,04 Gb Available in Paging File | 76,29% Paging File free

Paging file location(s): c:\pagefile.sys 2048 2048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files

Drive C: | 100,00 Gb Total Space | 25,84 Gb Free Space | 25,84% Space Free | Partition Type: NTFS

Drive D: | 117,87 Gb Total Space | 1,32 Gb Free Space | 1,12% Space Free | Partition Type: NTFS

Drive E: | 15,10 Gb Total Space | 15,08 Gb Free Space | 99,82% Space Free | Partition Type: FAT32

 

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

PRC - C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)

PRC - C:\Program Files\Secunia\PSI\sua.exe (Secunia)

PRC - C:\Program Files\Secunia\PSI\psi_tray.exe (Secunia)

PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

PRC - C:\Windows\explorer.exe (Microsoft Corporation)

PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)

PRC - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

PRC - C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe ()

PRC - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe (Kaspersky Lab)

PRC - C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)

PRC - C:\Windows\System32\AsusService.exe ()

PRC - C:\Program Files\Boingo\Boingo Wi-Fi\Boingo Wi-Fi.exe (Boingo Wireless, Inc.)

PRC - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)

PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ce70b84dbb9970e1893672c5d430c80\Microsoft.VisualBasic.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\cb5bd98ffa4c82327b0e4db02bb58d2d\System.Management.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()

MOD - C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()

MOD - C:\PROGRA~1\ASUS\ASUSWE~1\30108~1.222\ASUSWS~1.DLL ()

MOD - C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe ()

MOD - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\LogicNP.PropSheetExtensionHelper.dll ()

MOD - C:\Program Files\WinRAR\rarext.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies)

SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)

SRV - (Secunia PSI Agent) -- C:\Program Files\Secunia\PSI\PSIA.exe (Secunia)

SRV - (Secunia Update Agent) -- C:\Program Files\Secunia\PSI\sua.exe (Secunia)

SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)

SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)

SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)

SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)

SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)

SRV - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)

SRV - (AVP) -- C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)

SRV - (AsusService) -- C:\Windows\System32\AsusService.exe ()

SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)

SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)

SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV - (IAANTMON) Intel(R) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Intel Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (Sftvol) -- C:\Windows\System32\drivers\Sftvollh.sys (Microsoft Corporation)

DRV - (Sftredir) -- C:\Windows\System32\drivers\Sftredirlh.sys (Microsoft Corporation)

DRV - (Sftplay) -- C:\Windows\System32\drivers\Sftplaylh.sys (Microsoft Corporation)

DRV - (Sftfs) -- C:\Windows\System32\drivers\Sftfslh.sys (Microsoft Corporation)

DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab)

DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)

DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)

DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)

DRV - (nvpciflt) -- C:\Windows\System32\drivers\nvpciflt.sys (NVIDIA Corporation)

DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)

DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.)

DRV - (AsUpIO) -- C:\Windows\System32\drivers\AsUpIO.sys ()

DRV - (klbg) -- C:\Windows\System32\drivers\klbg.sys (Kaspersky Lab)

DRV - (klmouflt) -- C:\Windows\System32\drivers\klmouflt.sys (Kaspersky Lab)

DRV - (KLIM6) -- C:\Windows\System32\drivers\klim6.sys (Kaspersky Lab)

DRV - (kl1) -- C:\Windows\System32\drivers\kl1.sys (Kaspersky Lab)

DRV - (kbfiltr) -- C:\Windows\System32\drivers\kbfiltr.sys ( )

DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com

IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://eeepc.asus.com [binary data]

IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes,DefaultScope = {E88E0043-C9D4-4e33-8555-FEE4F5B63060}

IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox

IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes\{231D0CC4-941C-4625-B1EE-032B706854B5}: "URL" = hxxp://de.wikipedia.org/w/index.php?title=Spezial:Suche&search={searchTerms}

IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes\{3AF41670-B64E-405C-81D9-F4F45E9881FF}: "URL" = hxxp://www.google.de/search?q={searchTerms}

IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}

IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb

IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.29 17:54:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

 

[2012.04.17 19:28:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions

[2012.05.02 16:40:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\k0393dc9.default\extensions

[2012.04.29 17:54:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions

[2012.04.17 19:51:05 | 000,000,000 | ---D | M] (Kaspersky URL Advisor) -- C:\Program Files\mozilla firefox\extensions\linkfilter@kaspersky.ru

[2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll

[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml

[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts

O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll (Kaspersky Lab)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)

O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)

O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.

O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found.

O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {C44F9E21-D93F-490C-B41C-B3548BDD19FC} - No CLSID value found.

O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.

O4 - HKLM..\Run: [AVP] C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe (Kaspersky Lab)

O4 - HKLM..\Run: [Boingo Wi-Fi] C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk ()

O4 - HKLM..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)

O4 - HKU\.DEFAULT..\Run: [FRITZ!protect] FwebProt.exe File not found

O4 - HKU\S-1-5-18..\Run: [FRITZ!protect] FwebProt.exe File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Autorun.cmd ()

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)

O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll (Kaspersky Lab)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\FRITZ!DSL\\sarah.dll ()

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)

O13 - gopher Prefix: missing

O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{588BC8C4-65F4-486B-B06E-88C28F634390}: NameServer = 192.168.0.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)

O20 - AppInit_DLLs: (C:\windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll) - C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll (Kaspersky Lab)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - Winlogon\Notify\klogon: DllName - (C:\windows\system32\klogon.dll) - C:\Windows\System32\klogon.dll (Kaspersky Lab)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

NetSvcs: FastUserSwitchingCompatibility -  File not found

NetSvcs: Ias - C:\windows\System32\ias.dll (Microsoft Corporation)

NetSvcs: Nla -  File not found

NetSvcs: Ntmssvc -  File not found

NetSvcs: NWCWorkstation -  File not found

NetSvcs: Nwsapagent -  File not found

NetSvcs: SRService -  File not found

NetSvcs: WmdmPmSp -  File not found

NetSvcs: LogonHours -  File not found

NetSvcs: PCAudit -  File not found

NetSvcs: helpsvc -  File not found

NetSvcs: uploadmgr -  File not found

 

MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk -  - File not found

MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

MsConfig - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)

MsConfig - StartUpReg: ASUSPRP - hkey= - key= - C:\Program Files\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)

MsConfig - StartUpReg: ASUSWebStorage - hkey= - key= - C:\Program Files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe (ecareme)

MsConfig - StartUpReg: CapsHook - hkey= - key= -  File not found

MsConfig - StartUpReg: Eee Docking - hkey= - key= - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()

MsConfig - StartUpReg: HotkeyMon - hkey= - key= -  File not found

MsConfig - StartUpReg: HotkeyService - hkey= - key= -  File not found

MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)

MsConfig - StartUpReg: LiveUpdate - hkey= - key= -  File not found

MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

MsConfig - StartUpReg: SuperHybridEngine - hkey= - key= -  File not found

MsConfig - StartUpReg: UCam_Menu - hkey= - key= - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)

MsConfig - State: "startup" - 2

 

SafeBootMin: AppMgmt - Service

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: NTDS -  File not found

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet: AppMgmt - Service

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: NTDS -  File not found

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)

Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.05.06 17:06:47 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Rezepte

[2012.05.06 08:46:09 | 000,595,456 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2012.05.03 17:26:27 | 000,000,000 | ---D | C] -- C:\Program Files\ESET

[2012.04.29 18:12:59 | 000,000,000 | ---D | C] -- C:\windows\pss

[2012.04.29 18:04:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

[2012.04.29 18:01:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google

[2012.04.29 18:01:27 | 000,000,000 | ---D | C] -- C:\Program Files\Google

[2012.04.29 16:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012.04.29 16:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service

[2012.04.17 19:28:10 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla

[2012.04.17 19:22:59 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox

[2012.04.15 09:38:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com

[2012.04.15 09:38:08 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com

[2012.04.14 17:46:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes

[2012.04.14 17:46:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012.04.14 17:28:08 | 000,000,000 | -H-D | C] -- C:\windows\AxInstSV

[7 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.05.08 18:40:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job

[2012.05.08 18:38:11 | 000,001,098 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.05.08 18:36:01 | 000,001,094 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.05.08 18:26:59 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat

[2012.05.06 09:43:11 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012.05.06 09:43:11 | 000,009,696 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012.05.06 09:35:24 | 1602,740,224 | -HS- | M] () -- C:\hiberfil.sys

[2012.05.06 08:45:37 | 000,595,456 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2012.05.03 14:31:47 | 000,000,017 | ---- | M] () -- C:\windows\System32\shortcut_ex.dat

[2012.05.01 17:26:51 | 000,644,280 | ---- | M] () -- C:\windows\System32\perfh007.dat

[2012.05.01 17:26:51 | 000,616,452 | ---- | M] () -- C:\windows\System32\perfh009.dat

[2012.05.01 17:26:51 | 000,129,726 | ---- | M] () -- C:\windows\System32\perfc007.dat

[2012.05.01 17:26:51 | 000,106,574 | ---- | M] () -- C:\windows\System32\perfc009.dat

[2012.04.29 18:04:22 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk

[2012.04.29 17:54:32 | 000,001,007 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.04.17 19:46:37 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk

[2012.04.15 09:34:57 | 000,266,352 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT

[7 C:\windows\System32\*.tmp files -> C:\windows\System32\*.tmp -> ]

[1 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.05.03 17:18:23 | 000,001,409 | ---- | C] () -- C:\Users\***\Desktop\Internet Explorer.lnk

[2012.05.03 14:31:47 | 000,000,017 | ---- | C] () -- C:\windows\System32\shortcut_ex.dat

[2012.04.29 18:02:51 | 000,001,098 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job

[2012.04.29 18:02:46 | 000,001,094 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job

[2012.04.17 19:23:13 | 000,001,007 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk

[2012.04.17 19:23:12 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

[2011.07.20 17:33:12 | 000,115,369 | ---- | C] () -- C:\windows\System32\drivers\klin.dat

[2011.07.20 17:33:12 | 000,097,961 | ---- | C] () -- C:\windows\System32\drivers\klick.dat

[2011.07.20 17:29:15 | 000,001,769 | ---- | C] () -- C:\windows\Language_trs.ini

[2011.02.21 19:33:45 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010.09.28 17:30:03 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS

[2010.09.28 01:34:14 | 000,000,852 | ---- | C] () -- C:\windows\System32\drivers\RTKHDRC.dat

[2010.09.28 01:34:14 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat

[2010.09.28 01:33:37 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat

[2010.09.28 01:33:37 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat

[2010.07.27 23:50:32 | 000,129,472 | ---- | C] () -- C:\windows\TISReg.exe

[2010.07.27 23:44:04 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe

[2010.07.27 23:44:03 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini

[2010.07.27 23:41:06 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe

[2010.07.27 23:39:18 | 000,011,520 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys

[2010.07.27 23:32:05 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat

[2010.07.12 18:10:54 | 000,408,168 | ---- | C] () -- C:\windows\System32\easyUpdatusAPIU.dll

[2010.07.12 18:10:54 | 000,347,350 | ---- | C] () -- C:\windows\System32\nvcoproc.bin

[2010.07.06 04:50:14 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys

 
 ========== LOP Check ==========

 

[2010.07.27 23:50:05 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage

[2010.07.27 23:50:05 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage

[2012.04.29 18:09:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASUS WebStorage

[2012.04.29 18:50:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite

[2010.10.31 13:47:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EeeStorageUploader

[2011.04.03 17:48:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Firefly Studios

[2012.05.08 18:37:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!

[2011.01.17 15:21:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0

[2012.01.06 11:48:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IN-MEDIAKG

[2012.01.01 18:36:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX

[2012.01.06 11:54:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mresreg

[2012.01.02 22:02:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SkyMonk

[2012.05.03 14:31:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client

[2010.09.28 16:31:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SYBEX.eurofahrschule2010.DEA6744BBD64092B439DF6F6F66EE152DA36E9C6.1

[2010.12.25 12:48:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\temp

[2010.11.28 15:05:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP

[2010.09.28 01:35:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VoiceCommand

[2012.02.03 10:56:26 | 000,032,632 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2011.07.20 19:33:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe

[2012.04.29 18:09:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ASUS WebStorage

[2012.04.29 18:50:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite

[2010.10.31 13:47:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EeeStorageUploader

[2011.04.03 17:48:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Firefly Studios

[2012.05.08 18:37:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FRITZ!

[2011.01.17 15:21:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0

[2009.07.14 06:54:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities

[2012.01.06 11:48:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IN-MEDIAKG

[2010.07.27 23:26:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield

[2010.07.27 23:39:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia

[2012.01.01 18:36:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX

[2012.04.14 17:46:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes

[2011.12.03 15:16:56 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft

[2012.04.17 19:28:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla

[2012.01.06 11:54:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mresreg

[2012.01.02 22:02:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SkyMonk

[2012.04.29 18:50:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype

[2011.03.02 17:02:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM

[2012.05.03 14:31:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client

[2012.04.15 09:38:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com

[2010.09.28 16:31:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SYBEX.eurofahrschule2010.DEA6744BBD64092B439DF6F6F66EE152DA36E9C6.1

[2010.12.25 12:48:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\temp

[2010.11.28 15:05:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP

[2012.04.11 22:31:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc

[2010.09.28 01:35:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VoiceCommand

[2010.10.18 17:05:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinRAR

 
 < %APPDATA%\*.exe /s >

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys

[2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys

[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll

[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2009.06.05 03:54:36 | 000,408,600 | ---- | M] (Intel Corporation) MD5=1D004CB1DA6323B1F55CAEF7F94B61D9 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys

[2009.06.05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys

[2009.06.05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\drivers\iaStor.sys

[2009.06.05 03:43:16 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c1f15fc3e546800a\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys

[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys

[2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys

[2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys

[2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys

[2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys

[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys

[2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys

[2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll

[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll

[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys

[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys

[2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys

[2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys

[2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys

[2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys

[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys

[2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys

[2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll

[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll

[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll

[2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe

[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe

[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe

[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe

[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe

[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe

[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys

[2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[7 C:\windows\system32\*.tmp files -> C:\windows\system32\*.tmp -> ]
 

< End of report >

--- --- ---

[/code]

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:

:OTL

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox

IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=362&systemid=406&sr=0&q={searchTerms}

IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}

IE - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}: "URL" = http://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=iet

FF - user.js - File not found

O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {00000000-0000-0000-0000-000000000000} - No CLSID value found.

O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {09900DE8-1DCA-443F-9243-26FF581438AF} - No CLSID value found.

O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.

O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.

O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {C44F9E21-D93F-490C-B41C-B3548BDD19FC} - No CLSID value found.

O3 - HKU\S-1-5-21-2956802993-958901617-3266864770-1001\..\Toolbar\WebBrowser: (no name) - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No CLSID value found.

O4 - HKU\.DEFAULT..\Run: [FRITZ!protect] FwebProt.exe File not found

O4 - HKU\S-1-5-18..\Run: [FRITZ!protect] FwebProt.exe File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Autorun.cmd ()

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Code:

 
 

All processes killed

========== OTL ==========

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

Registry key HKEY_USERS\S-1-5-21-2956802993-958901617-3266864770-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}\ not found.

Registry key HKEY_USERS\S-1-5-21-2956802993-958901617-3266864770-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.

Registry key HKEY_USERS\S-1-5-21-2956802993-958901617-3266864770-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E88E0043-C9D4-4e33-8555-FEE4F5B63060}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_USERS\S-1-5-21-2956802993-958901617-3266864770-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{00000000-0000-0000-0000-000000000000} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-0000-0000-0000-000000000000}\ not found.

Registry value HKEY_USERS\S-1-5-21-2956802993-958901617-3266864770-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{09900DE8-1DCA-443F-9243-26FF581438AF} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{09900DE8-1DCA-443F-9243-26FF581438AF}\ not found.

Registry value HKEY_USERS\S-1-5-21-2956802993-958901617-3266864770-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.

Registry value HKEY_USERS\S-1-5-21-2956802993-958901617-3266864770-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.

Registry value HKEY_USERS\S-1-5-21-2956802993-958901617-3266864770-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C44F9E21-D93F-490C-B41C-B3548BDD19FC} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C44F9E21-D93F-490C-B41C-B3548BDD19FC}\ not found.

Registry value HKEY_USERS\S-1-5-21-2956802993-958901617-3266864770-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}\ not found.

Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\\FRITZ!protect deleted successfully.

Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\FRITZ!protect not found.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.

C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Autorun.cmd moved successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

C:\autoexec.bat moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 321 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Polina

->Temp folder emptied: 2672106 bytes

->Temporary Internet Files folder emptied: 29262380 bytes

->Java cache emptied: 1005260 bytes

->FireFox cache emptied: 101662747 bytes

->Flash cache emptied: 1484 bytes

 

User: Public

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 26226380 bytes

RecycleBin emptied: 1309868153 bytes

 

Total Files Cleaned = 1.403,00 mb

 

 

[EMPTYFLASH]

 

User: All Users

 

User: Default

->Flash cache emptied: 0 bytes

 

User: Default User

->Flash cache emptied: 0 bytes

 

User: ***

->Flash cache emptied: 0 bytes

 

User: Public

 

User: UpdatusUser

 

Total Flash Files Cleaned = 0,00 mb

 

C:\windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.42.2 log created on 05112012_185214
 

Files\Folders moved on Reboot...

File move failed. C:\Windows\System32\mctadmin.exe scheduled to be moved on reboot.
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Code:

 
 

10:18:30.0163 6048        TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18

10:18:32.0191 6048        ============================================================

10:18:32.0191 6048        Current date / time: 2012/05/12 10:18:32.0191

10:18:32.0191 6048        SystemInfo:

10:18:32.0191 6048        

10:18:32.0191 6048        OS Version: 6.1.7601 ServicePack: 1.0

10:18:32.0191 6048        Product type: Workstation

10:18:32.0191 6048        ComputerName: ***-PC

10:18:32.0191 6048        UserName: ***

10:18:32.0191 6048        Windows directory: C:\windows

10:18:32.0191 6048        System windows directory: C:\windows

10:18:32.0191 6048        Processor architecture: Intel x86

10:18:32.0191 6048        Number of processors: 4

10:18:32.0191 6048        Page size: 0x1000

10:18:32.0191 6048        Boot type: Normal boot

10:18:32.0191 6048        ============================================================

10:18:33.0470 6048        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050

10:18:33.0470 6048        Drive \Device\Harddisk1\DR1 - Size: 0x3C7800000 (15.12 Gb), SectorSize: 0x200, Cylinders: 0x7B5, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'

10:18:33.0486 6048        ============================================================

10:18:33.0486 6048        \Device\Harddisk0\DR0:

10:18:33.0486 6048        MBR partitions:

10:18:33.0486 6048        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xC800000

10:18:33.0486 6048        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xE600800, BlocksNum 0xEBBB000

10:18:33.0486 6048        \Device\Harddisk1\DR1:

10:18:33.0486 6048        MBR partitions:

10:18:33.0486 6048        \Device\Harddisk1\DR1\Partition0: MBR, Type 0xC, StartLBA 0x20, BlocksNum 0x1E3BFE0

10:18:33.0486 6048        ============================================================

10:18:33.0517 6048        C: <-> \Device\Harddisk0\DR0\Partition0

10:18:33.0548 6048        D: <-> \Device\Harddisk0\DR0\Partition1

10:18:33.0548 6048        ============================================================

10:18:33.0548 6048        Initialize success

10:18:33.0548 6048        ============================================================

10:20:01.0252 5608        ============================================================

10:20:01.0252 5608        Scan started

10:20:01.0252 5608        Mode: Manual; SigCheck; TDLFS; 

10:20:01.0252 5608        ============================================================

10:20:04.0028 5608        1394ohci        (d01e0b1cef9ee82100c2bb07294880ef) C:\windows\system32\drivers\1394ohci.sys

10:20:04.0294 5608        1394ohci - ok

10:20:04.0418 5608        ACPI            (cea80c80bed809aa0da6febc04733349) C:\windows\system32\drivers\ACPI.sys

10:20:04.0465 5608        ACPI - ok

10:20:04.0543 5608        AcpiPmi         (1efbc664abff416d1d07db115dcb264f) C:\windows\system32\drivers\acpipmi.sys

10:20:04.0637 5608        AcpiPmi - ok

10:20:04.0777 5608        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

10:20:04.0808 5608        AdobeARMservice - ok

10:20:04.0964 5608        AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

10:20:04.0996 5608        AdobeFlashPlayerUpdateSvc - ok

10:20:05.0152 5608        adp94xx         (21e785ebd7dc90a06391141aac7892fb) C:\windows\system32\DRIVERS\adp94xx.sys

10:20:05.0214 5608        adp94xx - ok

10:20:05.0308 5608        adpahci         (0c676bc278d5b59ff5abd57bbe9123f2) C:\windows\system32\DRIVERS\adpahci.sys

10:20:05.0354 5608        adpahci - ok

10:20:05.0401 5608        adpu320         (7c7b5ee4b7b822ec85321fe23a27db33) C:\windows\system32\DRIVERS\adpu320.sys

10:20:05.0432 5608        adpu320 - ok

10:20:05.0495 5608        AeLookupSvc     (8b5eefeec1e6d1a72a06c526628ad161) C:\windows\System32\aelupsvc.dll

10:20:05.0557 5608        AeLookupSvc - ok

10:20:05.0682 5608        AFD             (9ebbba55060f786f0fcaa3893bfa2806) C:\windows\system32\drivers\afd.sys

10:20:05.0760 5608        AFD - ok

10:20:05.0822 5608        agp440          (507812c3054c21cef746b6ee3d04dd6e) C:\windows\system32\drivers\agp440.sys

10:20:05.0854 5608        agp440 - ok

10:20:05.0916 5608        aic78xx         (8b30250d573a8f6b4bd23195160d8707) C:\windows\system32\DRIVERS\djsvs.sys

10:20:05.0963 5608        aic78xx - ok

10:20:06.0025 5608        ALG             (18a54e132947cd98fea9accc57f98f13) C:\windows\System32\alg.exe

10:20:06.0103 5608        ALG - ok

10:20:06.0150 5608        aliide          (0d40bcf52ea90fc7df2aeab6503dea44) C:\windows\system32\drivers\aliide.sys

10:20:06.0197 5608        aliide - ok

10:20:06.0244 5608        amdagp          (3c6600a0696e90a463771c7422e23ab5) C:\windows\system32\drivers\amdagp.sys

10:20:06.0290 5608        amdagp - ok

10:20:06.0306 5608        amdide          (cd5914170297126b6266860198d1d4f0) C:\windows\system32\drivers\amdide.sys

10:20:06.0353 5608        amdide - ok

10:20:06.0400 5608        AmdK8           (00dda200d71bac534bf56a9db5dfd666) C:\windows\system32\DRIVERS\amdk8.sys

10:20:06.0478 5608        AmdK8 - ok

10:20:06.0493 5608        AmdPPM          (3cbf30f5370fda40dd3e87df38ea53b6) C:\windows\system32\DRIVERS\amdppm.sys

10:20:06.0556 5608        AmdPPM - ok

10:20:06.0618 5608        amdsata         (d320bf87125326f996d4904fe24300fc) C:\windows\system32\drivers\amdsata.sys

10:20:06.0665 5608        amdsata - ok

10:20:06.0758 5608        amdsbs          (ea43af0c423ff267355f74e7a53bdaba) C:\windows\system32\DRIVERS\amdsbs.sys

10:20:06.0805 5608        amdsbs - ok

10:20:06.0821 5608        amdxata         (46387fb17b086d16dea267d5be23a2f2) C:\windows\system32\drivers\amdxata.sys

10:20:06.0852 5608        amdxata - ok

10:20:06.0914 5608        AppID           (aea177f783e20150ace5383ee368da19) C:\windows\system32\drivers\appid.sys

10:20:07.0117 5608        AppID - ok

10:20:07.0164 5608        AppIDSvc        (62a9c86cb6085e20db4823e4e97826f5) C:\windows\System32\appidsvc.dll

10:20:07.0289 5608        AppIDSvc - ok

10:20:07.0351 5608        Appinfo         (fb1959012294d6ad43e5304df65e3c26) C:\windows\System32\appinfo.dll

10:20:07.0429 5608        Appinfo - ok

10:20:07.0492 5608        arc             (2932004f49677bd84dbc72edb754ffb3) C:\windows\system32\DRIVERS\arc.sys

10:20:07.0538 5608        arc - ok

10:20:07.0570 5608        arcsas          (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\windows\system32\DRIVERS\arcsas.sys

10:20:07.0616 5608        arcsas - ok

10:20:07.0679 5608        AsUpIO          (561d6b76c045311691b870f6b3f19eab) C:\windows\system32\drivers\AsUpIO.sys

10:20:07.0757 5608        AsUpIO - ok

10:20:07.0835 5608        AsusService     (c4fb2613d3c75364bb159b9c23a00e7a) C:\Windows\System32\AsusService.exe

10:20:07.0866 5608        AsusService ( UnsignedFile.Multi.Generic ) - warning

10:20:07.0866 5608        AsusService - detected UnsignedFile.Multi.Generic (1)

10:20:07.0897 5608        AsyncMac        (add2ade1c2b285ab8378d2daaf991481) C:\windows\system32\DRIVERS\asyncmac.sys

10:20:08.0084 5608        AsyncMac - ok

10:20:08.0147 5608        atapi           (338c86357871c167a96ab976519bf59e) C:\windows\system32\drivers\atapi.sys

10:20:08.0178 5608        atapi - ok

10:20:08.0474 5608        athr            (76bab0c824e2d05b940c4dd40a9b08bf) C:\windows\system32\DRIVERS\athr.sys

10:20:08.0599 5608        athr - ok

10:20:08.0755 5608        AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll

10:20:08.0849 5608        AudioEndpointBuilder - ok

10:20:08.0864 5608        Audiosrv        (ce3b4e731638d2ef62fcb419be0d39f0) C:\windows\System32\Audiosrv.dll

10:20:08.0942 5608        Audiosrv - ok

10:20:09.0161 5608        AVP             (4f1edda7039548f9fb9080efac1e2b8f) C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

10:20:09.0208 5608        AVP - ok

10:20:09.0301 5608        AxInstSV        (6e30d02aac9cac84f421622e3a2f6178) C:\windows\System32\AxInstSV.dll

10:20:09.0410 5608        AxInstSV - ok

10:20:09.0582 5608        b06bdrv         (1a231abec60fd316ec54c66715543cec) C:\windows\system32\DRIVERS\bxvbdx.sys

10:20:09.0660 5608        b06bdrv - ok

10:20:09.0754 5608        b57nd60x        (bd8869eb9cde6bbe4508d869929869ee) C:\windows\system32\DRIVERS\b57nd60x.sys

10:20:09.0816 5608        b57nd60x - ok

10:20:09.0972 5608        BBSvc           (2ed050291bc1d7f9e322e328db3aaecf) C:\Program Files\Microsoft\BingBar\BBSvc.EXE

10:20:10.0019 5608        BBSvc - ok

10:20:10.0144 5608        BBUpdate        (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE

10:20:10.0190 5608        BBUpdate - ok

10:20:10.0846 5608        BCM43XX         (2be0f23d494c301641c42ead2fdcd4f2) C:\windows\system32\DRIVERS\bcmwl6.sys

10:20:11.0017 5608        BCM43XX - ok

10:20:11.0314 5608        BDESVC          (ee1e9c3bb8228ae423dd38db69128e71) C:\windows\System32\bdesvc.dll

10:20:11.0407 5608        BDESVC - ok

10:20:11.0485 5608        Beep            (505506526a9d467307b3c393dedaf858) C:\windows\system32\drivers\Beep.sys

10:20:11.0563 5608        Beep - ok

10:20:11.0719 5608        BFE             (1e2bac209d184bb851e1a187d8a29136) C:\windows\System32\bfe.dll

10:20:11.0813 5608        BFE - ok

10:20:11.0969 5608        BITS            (e585445d5021971fae10393f0f1c3961) C:\windows\System32\qmgr.dll

10:20:12.0062 5608        BITS - ok

10:20:12.0094 5608        blbdrive        (2287078ed48fcfc477b05b20cf38f36f) C:\windows\system32\DRIVERS\blbdrive.sys

10:20:12.0140 5608        blbdrive - ok

10:20:12.0187 5608        bowser          (8f2da3028d5fcbd1a060a3de64cd6506) C:\windows\system32\DRIVERS\bowser.sys

10:20:12.0250 5608        bowser - ok

10:20:12.0281 5608        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\windows\system32\DRIVERS\BrFiltLo.sys

10:20:12.0328 5608        BrFiltLo - ok

10:20:12.0343 5608        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\windows\system32\DRIVERS\BrFiltUp.sys

10:20:12.0421 5608        BrFiltUp - ok

10:20:12.0468 5608        Browser         (6e11f33d14d020f58d5e02e4d67dfa19) C:\windows\System32\browser.dll

10:20:12.0577 5608        Browser - ok

10:20:12.0671 5608        Brserid         (845b8ce732e67f3b4133164868c666ea) C:\windows\System32\Drivers\Brserid.sys

10:20:12.0749 5608        Brserid - ok

10:20:12.0780 5608        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\windows\System32\Drivers\BrSerWdm.sys

10:20:12.0858 5608        BrSerWdm - ok

10:20:12.0874 5608        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\windows\System32\Drivers\BrUsbMdm.sys

10:20:12.0920 5608        BrUsbMdm - ok

10:20:12.0952 5608        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\windows\System32\Drivers\BrUsbSer.sys

10:20:13.0014 5608        BrUsbSer - ok

10:20:13.0076 5608        BthEnum         (2865a5c8e98c70c605f417908cebb3a4) C:\windows\system32\drivers\BthEnum.sys

10:20:13.0154 5608        BthEnum - ok

10:20:13.0201 5608        BTHMODEM        (ed3df7c56ce0084eb2034432fc56565a) C:\windows\system32\DRIVERS\bthmodem.sys

10:20:13.0264 5608        BTHMODEM - ok

10:20:13.0310 5608        BthPan          (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\windows\system32\DRIVERS\bthpan.sys

10:20:13.0373 5608        BthPan - ok

10:20:13.0529 5608        BTHPORT         (c2fbf6d271d9a94d839c416bf186ead9) C:\windows\System32\Drivers\BTHport.sys

10:20:13.0607 5608        BTHPORT - ok

10:20:13.0669 5608        bthserv         (1df19c96eef6c29d1c3e1a8678e07190) C:\windows\system32\bthserv.dll

10:20:13.0763 5608        bthserv - ok

10:20:13.0794 5608        BTHUSB          (c81e9413a25a439f436b1d4b6a0cf9e9) C:\windows\System32\Drivers\BTHUSB.sys

10:20:13.0856 5608        BTHUSB - ok

10:20:13.0950 5608        btwampfl        (d57641bf7e6af5c996eab931afadc271) C:\windows\system32\drivers\btwampfl.sys

10:20:14.0012 5608        btwampfl - ok

10:20:14.0059 5608        btwaudio        (81471a7d64d1fc014d47a4cf33cd701e) C:\windows\system32\drivers\btwaudio.sys

10:20:14.0106 5608        btwaudio - ok

10:20:14.0153 5608        btwavdt         (098af3559710fcec05b7aa5159f435f9) C:\windows\system32\drivers\btwavdt.sys

10:20:14.0200 5608        btwavdt - ok

10:20:14.0449 5608        btwdins         (8fcf8e276b5755db87c8b015cad1bc41) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

10:20:14.0496 5608        btwdins - ok

10:20:14.0512 5608        btwl2cap        (de53089f0678cb5f0afeb867acb0fb05) C:\windows\system32\DRIVERS\btwl2cap.sys

10:20:14.0558 5608        btwl2cap - ok

10:20:14.0574 5608        btwrchid        (e28ef3c4ef1849b876f850015066380b) C:\windows\system32\DRIVERS\btwrchid.sys

10:20:14.0621 5608        btwrchid - ok

10:20:14.0668 5608        cdfs            (77ea11b065e0a8ab902d78145ca51e10) C:\windows\system32\DRIVERS\cdfs.sys

10:20:14.0761 5608        cdfs - ok

10:20:14.0839 5608        cdrom           (be167ed0fdb9c1fa1133953c18d5a6c9) C:\windows\system32\DRIVERS\cdrom.sys

10:20:14.0917 5608        cdrom - ok

10:20:14.0980 5608        CertPropSvc     (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll

10:20:15.0089 5608        CertPropSvc - ok

10:20:15.0136 5608        circlass        (3fe3fe94a34df6fb06e6418d0f6a0060) C:\windows\system32\DRIVERS\circlass.sys

10:20:15.0198 5608        circlass - ok

10:20:15.0323 5608        CLFS            (635181e0e9bbf16871bf5380d71db02d) C:\windows\system32\CLFS.sys

10:20:15.0370 5608        CLFS - ok

10:20:15.0494 5608        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

10:20:15.0541 5608        clr_optimization_v2.0.50727_32 - ok

10:20:15.0635 5608        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

10:20:15.0682 5608        clr_optimization_v4.0.30319_32 - ok

10:20:15.0713 5608        CmBatt          (dea805815e587dad1dd2c502220b5616) C:\windows\system32\DRIVERS\CmBatt.sys

10:20:15.0760 5608        CmBatt - ok

10:20:15.0791 5608        cmdide          (c537b1db64d495b9b4717b4d6d9edbf2) C:\windows\system32\drivers\cmdide.sys

10:20:15.0822 5608        cmdide - ok

10:20:15.0947 5608        CNG             (6427525d76f61d0c519b008d3680e8e7) C:\windows\system32\Drivers\cng.sys

10:20:16.0009 5608        CNG - ok

10:20:16.0056 5608        Compbatt        (a6023d3823c37043986713f118a89bee) C:\windows\system32\DRIVERS\compbatt.sys

10:20:16.0087 5608        Compbatt - ok

10:20:16.0150 5608        CompositeBus    (cbe8c58a8579cfe5fccf809e6f114e89) C:\windows\system32\drivers\CompositeBus.sys

10:20:16.0212 5608        CompositeBus - ok

10:20:16.0228 5608        COMSysApp - ok

10:20:16.0274 5608        crcdisk         (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\windows\system32\DRIVERS\crcdisk.sys

10:20:16.0306 5608        crcdisk - ok

10:20:16.0399 5608        CryptSvc        (a585bebf7d054bd9618eda0922d5484a) C:\windows\system32\cryptsvc.dll

10:20:16.0477 5608        CryptSvc - ok

10:20:16.0805 5608        cvhsvc          (72794d112cbaff3bc0c29bf7350d4741) C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

10:20:16.0867 5608        cvhsvc - ok

10:20:17.0008 5608        DcomLaunch      (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll

10:20:17.0101 5608        DcomLaunch - ok

10:20:17.0195 5608        defragsvc       (8d6e10a2d9a5eed59562d9b82cf804e1) C:\windows\System32\defragsvc.dll

10:20:17.0288 5608        defragsvc - ok

10:20:17.0382 5608        DfsC            (f024449c97ec1e464aaffda18593db88) C:\windows\system32\Drivers\dfsc.sys

10:20:17.0460 5608        DfsC - ok

10:20:17.0569 5608        Dhcp            (e9e01eb683c132f7fa27cd607b8a2b63) C:\windows\system32\dhcpcore.dll

10:20:17.0663 5608        Dhcp - ok

10:20:17.0710 5608        discache        (1a050b0274bfb3890703d490f330c0da) C:\windows\system32\drivers\discache.sys

10:20:17.0803 5608        discache - ok

10:20:17.0850 5608        Disk            (565003f326f99802e68ca78f2a68e9ff) C:\windows\system32\DRIVERS\disk.sys

10:20:17.0881 5608        Disk - ok

10:20:17.0944 5608        Dnscache        (33ef4861f19a0736b11314aad9ae28d0) C:\windows\System32\dnsrslvr.dll

10:20:18.0037 5608        Dnscache - ok

10:20:18.0115 5608        dot3svc         (366ba8fb4b7bb7435e3b9eacb3843f67) C:\windows\System32\dot3svc.dll

10:20:18.0193 5608        dot3svc - ok

10:20:18.0271 5608        DPS             (8ec04ca86f1d68da9e11952eb85973d6) C:\windows\system32\dps.dll

10:20:18.0365 5608        DPS - ok

10:20:18.0412 5608        drmkaud         (b918e7c5f9bf77202f89e1a9539f2eb4) C:\windows\system32\drivers\drmkaud.sys

10:20:18.0474 5608        drmkaud - ok

10:20:18.0661 5608        DXGKrnl         (23f5d28378a160352ba8f817bd8c71cb) C:\windows\System32\drivers\dxgkrnl.sys

10:20:18.0724 5608        DXGKrnl - ok

10:20:18.0771 5608        EapHost         (8600142fa91c1b96367d3300ad0f3f3a) C:\windows\System32\eapsvc.dll

10:20:18.0849 5608        EapHost - ok

10:20:19.0597 5608        ebdrv           (024e1b5cac09731e4d868e64dbfb4ab0) C:\windows\system32\DRIVERS\evbdx.sys

10:20:19.0769 5608        ebdrv - ok

10:20:20.0034 5608        EFS             (81951f51e318aecc2d68559e47485cc4) C:\windows\System32\lsass.exe

10:20:20.0112 5608        EFS - ok

10:20:20.0299 5608        ehRecvr         (a8c362018efc87beb013ee28f29c0863) C:\windows\ehome\ehRecvr.exe

10:20:20.0377 5608        ehRecvr - ok

10:20:20.0424 5608        ehSched         (d389bff34f80caede417bf9d1507996a) C:\windows\ehome\ehsched.exe

10:20:20.0487 5608        ehSched - ok

10:20:20.0705 5608        elxstor         (0ed67910c8c326796faa00b2bf6d9d3c) C:\windows\system32\DRIVERS\elxstor.sys

10:20:20.0752 5608        elxstor - ok

10:20:20.0799 5608        ErrDev          (8fc3208352dd3912c94367a206ab3f11) C:\windows\system32\drivers\errdev.sys

10:20:20.0861 5608        ErrDev - ok

10:20:20.0970 5608        EventSystem     (f6916efc29d9953d5d0df06882ae8e16) C:\windows\system32\es.dll

10:20:21.0064 5608        EventSystem - ok

10:20:21.0126 5608        exfat           (2dc9108d74081149cc8b651d3a26207f) C:\windows\system32\drivers\exfat.sys

10:20:21.0220 5608        exfat - ok

10:20:21.0282 5608        fastfat         (7e0ab74553476622fb6ae36f73d97d35) C:\windows\system32\drivers\fastfat.sys

10:20:21.0360 5608        fastfat - ok

10:20:21.0532 5608        Fax             (967ea5b213e9984cbe270205df37755b) C:\windows\system32\fxssvc.exe

10:20:21.0610 5608        Fax - ok

10:20:21.0641 5608        fdc             (e817a017f82df2a1f8cfdbda29388b29) C:\windows\system32\DRIVERS\fdc.sys

10:20:21.0703 5608        fdc - ok

10:20:21.0735 5608        fdPHost         (f3222c893bd2f5821a0179e5c71e88fb) C:\windows\system32\fdPHost.dll

10:20:21.0828 5608        fdPHost - ok

10:20:21.0859 5608        FDResPub        (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\windows\system32\fdrespub.dll

10:20:21.0953 5608        FDResPub - ok

10:20:22.0000 5608        FileInfo        (6cf00369c97f3cf563be99be983d13d8) C:\windows\system32\drivers\fileinfo.sys

10:20:22.0031 5608        FileInfo - ok

10:20:22.0062 5608        Filetrace       (42c51dc94c91da21cb9196eb64c45db9) C:\windows\system32\drivers\filetrace.sys

10:20:22.0140 5608        Filetrace - ok

10:20:22.0390 5608        FLEXnet Licensing Service (bb0667b0171b632b97ea759515476f07) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

10:20:22.0437 5608        FLEXnet Licensing Service - ok

10:20:22.0468 5608        flpydisk        (87907aa70cb3c56600f1c2fb8841579b) C:\windows\system32\DRIVERS\flpydisk.sys

10:20:22.0515 5608        flpydisk - ok

10:20:22.0593 5608        FltMgr          (7520ec808e0c35e0ee6f841294316653) C:\windows\system32\drivers\fltmgr.sys

10:20:22.0624 5608        FltMgr - ok

10:20:22.0858 5608        FontCache       (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\windows\system32\FntCache.dll

10:20:22.0951 5608        FontCache - ok

10:20:23.0045 5608        FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

10:20:23.0076 5608        FontCache3.0.0.0 - ok

10:20:23.0092 5608        FsDepends       (1a16b57943853e598cff37fe2b8cbf1d) C:\windows\system32\drivers\FsDepends.sys

10:20:23.0139 5608        FsDepends - ok

10:20:23.0185 5608        fssfltr         (b74b0578fd1d3f897e95f2a2b69ea051) C:\windows\system32\DRIVERS\fssfltr.sys

10:20:23.0217 5608        fssfltr - ok

10:20:23.0482 5608        fsssvc          (206ad9a89bf05dfa1621f1fc7b82592d) C:\Program Files\Windows Live\Family Safety\fsssvc.exe

10:20:23.0529 5608        fsssvc - ok

10:20:23.0575 5608        Fs_Rec          (7dae5ebcc80e45d3253f4923dc424d05) C:\windows\system32\drivers\Fs_Rec.sys

10:20:23.0607 5608        Fs_Rec - ok

10:20:23.0716 5608        fvevol          (8a73e79089b282100b9393b644cb853b) C:\windows\system32\DRIVERS\fvevol.sys

10:20:23.0763 5608        fvevol - ok

10:20:23.0825 5608        gagp30kx        (65ee0c7a58b65e74ae05637418153938) C:\windows\system32\DRIVERS\gagp30kx.sys

10:20:23.0872 5608        gagp30kx - ok

10:20:24.0028 5608        gpsvc           (e897eaf5ed6ba41e081060c9b447a673) C:\windows\System32\gpsvc.dll

10:20:24.0137 5608        gpsvc - ok

10:20:24.0309 5608        gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

10:20:24.0355 5608        gupdate - ok

10:20:24.0387 5608        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe

10:20:24.0418 5608        gupdatem - ok

10:20:24.0449 5608        hcw85cir        (c44e3c2bab6837db337ddee7544736db) C:\windows\system32\drivers\hcw85cir.sys

10:20:24.0527 5608        hcw85cir - ok

10:20:24.0652 5608        HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\windows\system32\drivers\HdAudio.sys

10:20:24.0714 5608        HdAudAddService - ok

10:20:24.0777 5608        HDAudBus        (9036377b8a6c15dc2eec53e489d159b5) C:\windows\system32\drivers\HDAudBus.sys

10:20:24.0839 5608        HDAudBus - ok

10:20:24.0886 5608        HidBatt         (1d58a7f3e11a9731d0eaaaa8405acc36) C:\windows\system32\DRIVERS\HidBatt.sys

10:20:24.0933 5608        HidBatt - ok

10:20:24.0979 5608        HidBth          (89448f40e6df260c206a193a4683ba78) C:\windows\system32\DRIVERS\hidbth.sys

10:20:25.0042 5608        HidBth - ok

10:20:25.0073 5608        HidIr           (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\windows\system32\DRIVERS\hidir.sys

10:20:25.0135 5608        HidIr - ok

10:20:25.0167 5608        hidserv         (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\windows\system32\hidserv.dll

10:20:25.0276 5608        hidserv - ok

10:20:25.0323 5608        HidUsb          (25072fb35ac90b25f9e4e3bacf774102) C:\windows\system32\drivers\hidusb.sys

10:20:25.0369 5608        HidUsb - ok

10:20:25.0432 5608        hkmsvc          (196b4e3f4cccc24af836ce58facbb699) C:\windows\system32\kmsvc.dll

10:20:25.0525 5608        hkmsvc - ok

10:20:25.0603 5608        HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\windows\system32\ListSvc.dll

10:20:25.0666 5608        HomeGroupListener - ok

10:20:25.0744 5608        HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\windows\system32\provsvc.dll

10:20:25.0806 5608        HomeGroupProvider - ok

10:20:25.0869 5608        HpSAMD          (295fdc419039090eb8b49ffdbb374549) C:\windows\system32\drivers\HpSAMD.sys

10:20:25.0915 5608        HpSAMD - ok

10:20:26.0071 5608        HTTP            (871917b07a141bff43d76d8844d48106) C:\windows\system32\drivers\HTTP.sys

10:20:26.0149 5608        HTTP - ok

10:20:26.0196 5608        hwpolicy        (0c4e035c7f105f1299258c90886c64c5) C:\windows\system32\drivers\hwpolicy.sys

10:20:26.0227 5608        hwpolicy - ok

10:20:26.0305 5608        i8042prt        (f151f0bdc47f4a28b1b20a0818ea36d6) C:\windows\system32\drivers\i8042prt.sys

10:20:26.0368 5608        i8042prt - ok

10:20:26.0555 5608        IAANTMON        (7548066df68a8a1a56b043359f915f37) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

10:20:26.0602 5608        IAANTMON - ok

10:20:26.0711 5608        iaStor          (d483687eace0c065ee772481a96e05f5) C:\windows\system32\DRIVERS\iaStor.sys

10:20:26.0758 5608        iaStor - ok

10:20:26.0883 5608        iaStorV         (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\windows\system32\drivers\iaStorV.sys

10:20:26.0929 5608        iaStorV - ok

10:20:27.0226 5608        idsvc           (c521d7eb6497bb1af6afa89e322fb43c) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe

10:20:27.0288 5608        idsvc - ok

10:20:27.0397 5608        IGDCTRL         (506801c7d47be8cd1cf342bf28eb17ec) C:\Program Files\FRITZ!DSL\IGDCTRL.EXE

10:20:27.0429 5608        IGDCTRL - ok

10:20:28.0708 5608        igfx            (ba41e1bba410212ce6d30e0dac47972b) C:\windows\system32\DRIVERS\igdkmd32.sys

10:20:28.0973 5608        igfx - ok

10:20:29.0269 5608        iirsp           (4173ff5708f3236cf25195fecd742915) C:\windows\system32\DRIVERS\iirsp.sys

10:20:29.0301 5608        iirsp - ok

10:20:29.0503 5608        IKEEXT          (f95622f161474511b8d80d6b093aa610) C:\windows\System32\ikeext.dll

10:20:29.0597 5608        IKEEXT - ok

10:20:30.0315 5608        IntcAzAudAddService (bf9866875edf86aae24dd8bd9418deff) C:\windows\system32\drivers\RTKVHDA.sys

10:20:30.0471 5608        IntcAzAudAddService - ok

10:20:30.0751 5608        intelide        (a0f12f2c9ba6c72f3987ce780e77c130) C:\windows\system32\drivers\intelide.sys

10:20:30.0798 5608        intelide - ok

10:20:30.0845 5608        intelppm        (3b514d27bfc4accb4037bc6685f766e0) C:\windows\system32\DRIVERS\intelppm.sys

10:20:30.0892 5608        intelppm - ok

10:20:30.0939 5608        IPBusEnum       (acb364b9075a45c0736e5c47be5cae19) C:\windows\system32\ipbusenum.dll

10:20:31.0032 5608        IPBusEnum - ok

10:20:31.0063 5608        IpFilterDriver  (709d1761d3b19a932ff0238ea6d50200) C:\windows\system32\DRIVERS\ipfltdrv.sys

10:20:31.0157 5608        IpFilterDriver - ok

10:20:31.0313 5608        iphlpsvc        (4d65a07b795d6674312f879d09aa7663) C:\windows\System32\iphlpsvc.dll

10:20:31.0422 5608        iphlpsvc - ok

10:20:31.0485 5608        IPMIDRV         (4bd7134618c1d2a27466a099062547bf) C:\windows\system32\drivers\IPMIDrv.sys

10:20:31.0531 5608        IPMIDRV - ok

10:20:31.0578 5608        IPNAT           (a5fa468d67abcdaa36264e463a7bb0cd) C:\windows\system32\drivers\ipnat.sys

10:20:31.0672 5608        IPNAT - ok

10:20:31.0703 5608        IRENUM          (42996cff20a3084a56017b7902307e9f) C:\windows\system32\drivers\irenum.sys

10:20:31.0797 5608        IRENUM - ok

10:20:31.0828 5608        isapnp          (1f32bb6b38f62f7df1a7ab7292638a35) C:\windows\system32\drivers\isapnp.sys

10:20:31.0875 5608        isapnp - ok

10:20:31.0968 5608        iScsiPrt        (cb7a9abb12b8415bce5d74994c7ba3ae) C:\windows\system32\drivers\msiscsi.sys

10:20:31.0999 5608        iScsiPrt - ok

10:20:32.0062 5608        kbdclass        (adef52ca1aeae82b50df86b56413107e) C:\windows\system32\drivers\kbdclass.sys

10:20:32.0093 5608        kbdclass - ok

10:20:32.0109 5608        kbdhid          (9e3ced91863e6ee98c24794d05e27a71) C:\windows\system32\drivers\kbdhid.sys

10:20:32.0171 5608        kbdhid - ok

10:20:32.0218 5608        kbfiltr         (3eb803312987ff44265c87cb960df6ab) C:\windows\system32\DRIVERS\kbfiltr.sys

10:20:32.0265 5608        kbfiltr - ok

10:20:32.0311 5608        KeyIso          (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe

10:20:32.0358 5608        KeyIso - ok

10:20:32.0452 5608        kl1             (ce3958f58547454884e97bda78cd7040) C:\windows\system32\DRIVERS\kl1.sys

10:20:32.0499 5608        kl1 - ok

10:20:32.0530 5608        klbg            (53eedab3f0511321ac3ae8bc968b158c) C:\windows\system32\drivers\klbg.sys

10:20:32.0561 5608        klbg - ok

10:20:32.0717 5608        KLIF            (de6c14fb8438ef932d9f58f269a19b85) C:\windows\system32\DRIVERS\klif.sys

10:20:32.0764 5608        KLIF - ok

10:20:32.0842 5608        KLIM6           (892cc162dc88ab084c86485879526c59) C:\windows\system32\DRIVERS\klim6.sys

10:20:32.0873 5608        KLIM6 - ok

10:20:32.0889 5608        klmouflt        (aa63a815876a76987b5dbce6af7478e9) C:\windows\system32\DRIVERS\klmouflt.sys

10:20:32.0935 5608        klmouflt - ok

10:20:32.0982 5608        KSecDD          (f4647bb23db9038a7536cf6b68f4207f) C:\windows\system32\Drivers\ksecdd.sys

10:20:33.0029 5608        KSecDD - ok

10:20:33.0060 5608        KSecPkg         (e73cae53bbb72ba26918492c6b4c229d) C:\windows\system32\Drivers\ksecpkg.sys

10:20:33.0107 5608        KSecPkg - ok

10:20:33.0216 5608        KtmRm           (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\windows\system32\msdtckrm.dll

10:20:33.0325 5608        KtmRm - ok

10:20:33.0388 5608        L1C             (d1f734d9a7aaf078d88ceb51900699a7) C:\windows\system32\DRIVERS\L1C62x86.sys

10:20:33.0435 5608        L1C - ok

10:20:33.0513 5608        LanmanServer    (d64af876d53eca3668bb97b51b4e70ab) C:\windows\system32\srvsvc.dll

10:20:33.0606 5608        LanmanServer - ok

10:20:33.0669 5608        LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\windows\System32\wkssvc.dll

10:20:33.0762 5608        LanmanWorkstation - ok

10:20:33.0840 5608        lltdio          (f7611ec07349979da9b0ae1f18ccc7a6) C:\windows\system32\DRIVERS\lltdio.sys

10:20:33.0934 5608        lltdio - ok

10:20:34.0012 5608        lltdsvc         (5700673e13a2117fa3b9020c852c01e2) C:\windows\System32\lltdsvc.dll

10:20:34.0090 5608        lltdsvc - ok

10:20:34.0121 5608        lmhosts         (55ca01ba19d0006c8f2639b6c045e08b) C:\windows\System32\lmhsvc.dll

10:20:34.0215 5608        lmhosts - ok

10:20:34.0277 5608        LSI_FC          (eb119a53ccf2acc000ac71b065b78fef) C:\windows\system32\DRIVERS\lsi_fc.sys

10:20:34.0324 5608        LSI_FC - ok

10:20:34.0371 5608        LSI_SAS         (8ade1c877256a22e49b75d1cc9161f9c) C:\windows\system32\DRIVERS\lsi_sas.sys

10:20:34.0402 5608        LSI_SAS - ok

10:20:34.0433 5608        LSI_SAS2        (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\windows\system32\DRIVERS\lsi_sas2.sys

10:20:34.0480 5608        LSI_SAS2 - ok

10:20:34.0511 5608        LSI_SCSI        (0a036c7d7cab643a7f07135ac47e0524) C:\windows\system32\DRIVERS\lsi_scsi.sys

10:20:34.0542 5608        LSI_SCSI - ok

10:20:34.0605 5608        luafv           (6703e366cc18d3b6e534f5cf7df39cee) C:\windows\system32\drivers\luafv.sys

10:20:34.0683 5608        luafv - ok

10:20:34.0761 5608        Mcx2Svc         (bfb9ee8ee977efe85d1a3105abef6dd1) C:\windows\system32\Mcx2Svc.dll

10:20:34.0807 5608        Mcx2Svc - ok

10:20:34.0839 5608        megasas         (0fff5b045293002ab38eb1fd1fc2fb74) C:\windows\system32\DRIVERS\megasas.sys

10:20:34.0885 5608        megasas - ok

10:20:34.0963 5608        MegaSR          (dcbab2920c75f390caf1d29f675d03d6) C:\windows\system32\DRIVERS\MegaSR.sys

10:20:35.0010 5608        MegaSR - ok

10:20:35.0057 5608        MMCSS           (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll

10:20:35.0166 5608        MMCSS - ok

10:20:35.0197 5608        Modem           (f001861e5700ee84e2d4e52c712f4964) C:\windows\system32\drivers\modem.sys

10:20:35.0275 5608        Modem - ok

10:20:35.0338 5608        monitor         (79d10964de86b292320e9dfe02282a23) C:\windows\system32\DRIVERS\monitor.sys

10:20:35.0400 5608        monitor - ok

10:20:35.0463 5608        mouclass        (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\windows\system32\drivers\mouclass.sys

10:20:35.0509 5608        mouclass - ok

10:20:35.0556 5608        mouhid          (2c388d2cd01c9042596cf3c8f3c7b24d) C:\windows\system32\DRIVERS\mouhid.sys

10:20:35.0603 5608        mouhid - ok

10:20:35.0650 5608        mountmgr        (fc8771f45ecccfd89684e38842539b9b) C:\windows\system32\drivers\mountmgr.sys

10:20:35.0697 5608        mountmgr - ok

10:20:35.0853 5608        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

10:20:35.0884 5608        MozillaMaintenance - ok

10:20:35.0962 5608        mpio            (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\windows\system32\drivers\mpio.sys

10:20:35.0993 5608        mpio - ok

10:20:36.0055 5608        mpsdrv          (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\windows\system32\drivers\mpsdrv.sys

10:20:36.0133 5608        mpsdrv - ok

10:20:36.0289 5608        MpsSvc          (9835584e999d25004e1ee8e5f3e3b881) C:\windows\system32\mpssvc.dll

10:20:36.0399 5608        MpsSvc - ok

10:20:36.0461 5608        MRxDAV          (ceb46ab7c01c9f825f8cc6babc18166a) C:\windows\system32\drivers\mrxdav.sys

10:20:36.0523 5608        MRxDAV - ok

10:20:36.0617 5608        mrxsmb          (5d16c921e3671636c0eba3bbaac5fd25) C:\windows\system32\DRIVERS\mrxsmb.sys

10:20:36.0679 5608        mrxsmb - ok

10:20:36.0773 5608        mrxsmb10        (6d17a4791aca19328c685d256349fefc) C:\windows\system32\DRIVERS\mrxsmb10.sys

10:20:36.0835 5608        mrxsmb10 - ok

10:20:36.0898 5608        mrxsmb20        (b81f204d146000be76651a50670a5e9e) C:\windows\system32\DRIVERS\mrxsmb20.sys

10:20:36.0960 5608        mrxsmb20 - ok

10:20:37.0007 5608        msahci          (012c5f4e9349e711e11e0f19a8589f0a) C:\windows\system32\drivers\msahci.sys

10:20:37.0038 5608        msahci - ok

10:20:37.0101 5608        msdsm           (55055f8ad8be27a64c831322a780a228) C:\windows\system32\drivers\msdsm.sys

10:20:37.0147 5608        msdsm - ok

10:20:37.0225 5608        MSDTC           (e1bce74a3bd9902b72599c0192a07e27) C:\windows\System32\msdtc.exe

10:20:37.0288 5608        MSDTC - ok

10:20:37.0335 5608        Msfs            (daefb28e3af5a76abcc2c3078c07327f) C:\windows\system32\drivers\Msfs.sys

10:20:37.0428 5608        Msfs - ok

10:20:37.0444 5608        mshidkmdf       (3e1e5767043c5af9367f0056295e9f84) C:\windows\System32\drivers\mshidkmdf.sys

10:20:37.0537 5608        mshidkmdf - ok

10:20:37.0584 5608        msisadrv        (0a4e5757ae09fa9622e3158cc1aef114) C:\windows\system32\drivers\msisadrv.sys

10:20:37.0615 5608        msisadrv - ok

10:20:37.0693 5608        MSiSCSI         (90f7d9e6b6f27e1a707d4a297f077828) C:\windows\system32\iscsiexe.dll

10:20:37.0771 5608        MSiSCSI - ok

10:20:37.0787 5608        msiserver - ok

10:20:37.0834 5608        MSKSSRV         (8c0860d6366aaffb6c5bb9df9448e631) C:\windows\system32\drivers\MSKSSRV.sys

10:20:37.0912 5608        MSKSSRV - ok

10:20:37.0943 5608        MSPCLOCK        (3ea8b949f963562cedbb549eac0c11ce) C:\windows\system32\drivers\MSPCLOCK.sys

10:20:38.0037 5608        MSPCLOCK - ok

10:20:38.0052 5608        MSPQM           (f456e973590d663b1073e9c463b40932) C:\windows\system32\drivers\MSPQM.sys

10:20:38.0130 5608        MSPQM - ok

10:20:38.0193 5608        MsRPC           (0e008fc4819d238c51d7c93e7b41e560) C:\windows\system32\drivers\MsRPC.sys

10:20:38.0239 5608        MsRPC - ok

10:20:38.0302 5608        mssmbios        (fc6b9ff600cc585ea38b12589bd4e246) C:\windows\system32\drivers\mssmbios.sys

10:20:38.0364 5608        mssmbios - ok

10:20:38.0427 5608        MSTEE           (b42c6b921f61a6e55159b8be6cd54a36) C:\windows\system32\drivers\MSTEE.sys

10:20:38.0536 5608        MSTEE - ok

10:20:38.0551 5608        MTConfig        (33599130f44e1f34631cea241de8ac84) C:\windows\system32\DRIVERS\MTConfig.sys

10:20:38.0614 5608        MTConfig - ok

10:20:38.0645 5608        Mup             (159fad02f64e6381758c990f753bcc80) C:\windows\system32\Drivers\mup.sys

10:20:38.0692 5608        Mup - ok

10:20:38.0832 5608        napagent        (61d57a5d7c6d9afe10e77dae6e1b445e) C:\windows\system32\qagentRT.dll

10:20:38.0973 5608        napagent - ok

10:20:39.0113 5608        NativeWifiP     (26384429fcd85d83746f63e798ab1480) C:\windows\system32\DRIVERS\nwifi.sys

10:20:39.0207 5608        NativeWifiP - ok

10:20:39.0503 5608        NDIS            (e7c54812a2aaf43316eb6930c1ffa108) C:\windows\system32\drivers\ndis.sys

10:20:39.0581 5608        NDIS - ok

10:20:39.0628 5608        NdisCap         (0e1787aa6c9191d3d319e8bafe86f80c) C:\windows\system32\DRIVERS\ndiscap.sys

10:20:39.0737 5608        NdisCap - ok

10:20:39.0768 5608        NdisTapi        (e4a8aec125a2e43a9e32afeea7c9c888) C:\windows\system32\DRIVERS\ndistapi.sys

10:20:39.0862 5608        NdisTapi - ok

10:20:39.0940 5608        Ndisuio         (d8a65dafb3eb41cbb622745676fcd072) C:\windows\system32\DRIVERS\ndisuio.sys

10:20:40.0033 5608        Ndisuio - ok

10:20:40.0096 5608        NdisWan         (38fbe267e7e6983311179230facb1017) C:\windows\system32\DRIVERS\ndiswan.sys

10:20:40.0189 5608        NdisWan - ok

10:20:40.0236 5608        NDProxy         (a4bdc541e69674fbff1a8ff00be913f2) C:\windows\system32\drivers\NDProxy.sys

10:20:40.0314 5608        NDProxy - ok

10:20:40.0377 5608        Net Driver HPZ12 (69c503c004f49aee8b8e3067cc047ba7) C:\windows\system32\HPZinw12.dll

10:20:40.0392 5608        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

10:20:40.0392 5608        Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

10:20:40.0439 5608        NetBIOS         (80b275b1ce3b0e79909db7b39af74d51) C:\windows\system32\DRIVERS\netbios.sys

10:20:40.0517 5608        NetBIOS - ok

10:20:40.0611 5608        NetBT           (280122ddcf04b378edd1ad54d71c1e54) C:\windows\system32\DRIVERS\netbt.sys

10:20:40.0689 5608        NetBT - ok

10:20:40.0735 5608        Netlogon        (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe

10:20:40.0782 5608        Netlogon - ok

10:20:40.0876 5608        Netman          (7cccfca7510684768da22092d1fa4db2) C:\windows\System32\netman.dll

10:20:40.0985 5608        Netman - ok

10:20:41.0094 5608        netprofm        (8c338238c16777a802d6a9211eb2ba50) C:\windows\System32\netprofm.dll

10:20:41.0188 5608        netprofm - ok

10:20:41.0313 5608        NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe

10:20:41.0344 5608        NetTcpPortSharing - ok

10:20:41.0422 5608        nfrd960         (1d85c4b390b0ee09c7a46b91efb2c097) C:\windows\system32\DRIVERS\nfrd960.sys

10:20:41.0453 5608        nfrd960 - ok

10:20:41.0547 5608        NlaSvc          (912084381d30d8b89ec4e293053f4710) C:\windows\System32\nlasvc.dll

10:20:41.0640 5608        NlaSvc - ok

10:20:41.0671 5608        Npfs            (1db262a9f8c087e8153d89bef3d2235f) C:\windows\system32\drivers\Npfs.sys

10:20:41.0765 5608        Npfs - ok

10:20:41.0796 5608        nsi             (ba387e955e890c8a88306d9b8d06bf17) C:\windows\system32\nsisvc.dll

10:20:41.0890 5608        nsi - ok

10:20:41.0921 5608        nsiproxy        (e9a0a4d07e53d8fea2bb8387a3293c58) C:\windows\system32\drivers\nsiproxy.sys

10:20:41.0983 5608        nsiproxy - ok

10:20:42.0311 5608        Ntfs            (81189c3d7763838e55c397759d49007a) C:\windows\system32\drivers\Ntfs.sys

10:20:42.0405 5608        Ntfs - ok

10:20:42.0701 5608        Null            (f9756a98d69098dca8945d62858a812c) C:\windows\system32\drivers\Null.sys

10:20:42.0779 5608        Null - ok

10:20:42.0826 5608        NVHDA           (eae60baf21f6274ab537c87df0eccf9d) C:\windows\system32\drivers\nvhda32v.sys

10:20:42.0904 5608        NVHDA - ok

10:20:45.0415 5608        nvlddmkm        (4f089a4f4a1461f642a9fa1885cacceb) C:\windows\system32\DRIVERS\nvlddmkm.sys

10:20:45.0821 5608        nvlddmkm - ok

10:20:46.0133 5608        nvpciflt        (a20981caa36db75bc7b06620cbf7d636) C:\windows\system32\DRIVERS\nvpciflt.sys

10:20:46.0180 5608        nvpciflt - ok

10:20:46.0242 5608        nvraid          (b3e25ee28883877076e0e1ff877d02e0) C:\windows\system32\drivers\nvraid.sys

10:20:46.0289 5608        nvraid - ok

10:20:46.0351 5608        nvstor          (4380e59a170d88c4f1022eff6719a8a4) C:\windows\system32\drivers\nvstor.sys

10:20:46.0398 5608        nvstor - ok

10:20:46.0476 5608        nvsvc           (88700fd5dfb6b20ce7e1ad4ffd53b460) C:\windows\system32\nvvsvc.exe

10:20:46.0539 5608        nvsvc - ok

10:20:46.0617 5608        nv_agp          (5a0983915f02bae73267cc2a041f717d) C:\windows\system32\drivers\nv_agp.sys

10:20:46.0663 5608        nv_agp - ok

10:20:46.0710 5608        ohci1394        (08a70a1f2cdde9bb49b885cb817a66eb) C:\windows\system32\drivers\ohci1394.sys

10:20:46.0773 5608        ohci1394 - ok

10:20:46.0913 5608        ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

10:20:46.0944 5608        ose - ok

10:20:48.0052 5608        osppsvc         (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

10:20:48.0239 5608        osppsvc - ok

10:20:48.0567 5608        p2pimsvc        (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll

10:20:48.0645 5608        p2pimsvc - ok

10:20:48.0738 5608        p2psvc          (59c3ddd501e39e006dac31bf55150d91) C:\windows\system32\p2psvc.dll

10:20:48.0801 5608        p2psvc - ok

10:20:48.0910 5608        Parport         (2ea877ed5dd9713c5ac74e8ea7348d14) C:\windows\system32\DRIVERS\parport.sys

10:20:48.0957 5608        Parport - ok

10:20:49.0003 5608        partmgr         (3f34a1b4c5f6475f320c275e63afce9b) C:\windows\system32\drivers\partmgr.sys

10:20:49.0050 5608        partmgr - ok

10:20:49.0081 5608        Parvdm          (eb0a59f29c19b86479d36b35983daadc) C:\windows\system32\DRIVERS\parvdm.sys

10:20:49.0113 5608        Parvdm - ok

10:20:49.0222 5608        PcaSvc          (358ab7956d3160000726574083dfc8a6) C:\windows\System32\pcasvc.dll

10:20:49.0269 5608        PcaSvc - ok

10:20:49.0347 5608        pci             (673e55c3498eb970088e812ea820aa8f) C:\windows\system32\drivers\pci.sys

10:20:49.0393 5608        pci - ok

10:20:49.0425 5608        pciide          (afe86f419014db4e5593f69ffe26ce0a) C:\windows\system32\drivers\pciide.sys

10:20:49.0471 5608        pciide - ok

10:20:49.0565 5608        pcmcia          (f396431b31693e71e8a80687ef523506) C:\windows\system32\DRIVERS\pcmcia.sys

10:20:49.0612 5608        pcmcia - ok

10:20:49.0643 5608        pcw             (250f6b43d2b613172035c6747aeeb19f) C:\windows\system32\drivers\pcw.sys

10:20:49.0690 5608        pcw - ok

10:20:49.0893 5608        PEAUTH          (9e0104ba49f4e6973749a02bf41344ed) C:\windows\system32\drivers\peauth.sys

10:20:49.0986 5608        PEAUTH - ok

10:20:50.0376 5608        pla             (414bba67a3ded1d28437eb66aeb8a720) C:\windows\system32\pla.dll

10:20:50.0548 5608        pla - ok

10:20:50.0907 5608        PlugPlay        (ec7bc28d207da09e79b3e9faf8b232ca) C:\windows\system32\umpnpmgr.dll

10:20:50.0985 5608        PlugPlay - ok

10:20:51.0047 5608        Pml Driver HPZ12 (12b4549d515cb26bb8d375038017ca65) C:\windows\system32\HPZipm12.dll

10:20:51.0078 5608        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

10:20:51.0078 5608        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

10:20:51.0109 5608        PNRPAutoReg     (63ff8572611249931eb16bb8eed6afc8) C:\windows\system32\pnrpauto.dll

10:20:51.0172 5608        PNRPAutoReg - ok

10:20:51.0250 5608        PNRPsvc         (82a8521ddc60710c3d3d3e7325209bec) C:\windows\system32\pnrpsvc.dll

10:20:51.0297 5608        PNRPsvc - ok

10:20:51.0406 5608        PolicyAgent     (53946b69ba0836bd95b03759530c81ec) C:\windows\System32\ipsecsvc.dll

10:20:51.0499 5608        PolicyAgent - ok

10:20:51.0577 5608        Power           (f87d30e72e03d579a5199ccb3831d6ea) C:\windows\system32\umpo.dll

10:20:51.0687 5608        Power - ok

10:20:51.0796 5608        PptpMiniport    (631e3e205ad6d86f2aed6a4a8e69f2db) C:\windows\system32\DRIVERS\raspptp.sys

10:20:51.0889 5608        PptpMiniport - ok

10:20:51.0921 5608        Processor       (85b1e3a0c7585bc4aae6899ec6fcf011) C:\windows\system32\DRIVERS\processr.sys

10:20:51.0983 5608        Processor - ok

10:20:52.0077 5608        ProfSvc         (43ca4ccc22d52fb58e8988f0198851d0) C:\windows\system32\profsvc.dll

10:20:52.0155 5608        ProfSvc - ok

10:20:52.0186 5608        ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe

10:20:52.0233 5608        ProtectedStorage - ok

10:20:52.0295 5608        Psched          (6270ccae2a86de6d146529fe55b3246a) C:\windows\system32\DRIVERS\pacer.sys

10:20:52.0373 5608        Psched - ok

10:20:52.0435 5608        PSI             (d24dfd16a1e2a76034df5aa18125c35d) C:\windows\system32\DRIVERS\psi_mf.sys

10:20:52.0467 5608        PSI - ok

10:20:52.0825 5608        ql2300          (ab95ecf1f6659a60ddc166d8315b0751) C:\windows\system32\DRIVERS\ql2300.sys

10:20:52.0919 5608        ql2300 - ok

10:20:53.0247 5608        ql40xx          (b4dd51dd25182244b86737dc51af2270) C:\windows\system32\DRIVERS\ql40xx.sys

10:20:53.0278 5608        ql40xx - ok

10:20:53.0356 5608        QWAVE           (31ac809e7707eb580b2bdb760390765a) C:\windows\system32\qwave.dll

10:20:53.0434 5608        QWAVE - ok

10:20:53.0449 5608        QWAVEdrv        (584078ca1b95ca72df2a27c336f9719d) C:\windows\system32\drivers\qwavedrv.sys

10:20:53.0496 5608        QWAVEdrv - ok

10:20:53.0543 5608        RasAcd          (30a81b53c766d0133bb86d234e5556ab) C:\windows\system32\DRIVERS\rasacd.sys

10:20:53.0637 5608        RasAcd - ok

10:20:53.0699 5608        RasAgileVpn     (57ec4aef73660166074d8f7f31c0d4fd) C:\windows\system32\DRIVERS\AgileVpn.sys

10:20:53.0777 5608        RasAgileVpn - ok

10:20:53.0824 5608        RasAuto         (a60f1839849c0c00739787fd5ec03f13) C:\windows\System32\rasauto.dll

10:20:53.0917 5608        RasAuto - ok

10:20:53.0949 5608        Rasl2tp         (d9f91eafec2815365cbe6d167e4e332a) C:\windows\system32\DRIVERS\rasl2tp.sys

10:20:54.0042 5608        Rasl2tp - ok

10:20:54.0151 5608        RasMan          (cb9e04dc05eacf5b9a36ca276d475006) C:\windows\System32\rasmans.dll

10:20:54.0229 5608        RasMan - ok

10:20:54.0292 5608        RasPppoe        (0fe8b15916307a6ac12bfb6a63e45507) C:\windows\system32\DRIVERS\raspppoe.sys

10:20:54.0385 5608        RasPppoe - ok

10:20:54.0432 5608        RasSstp         (44101f495a83ea6401d886e7fd70096b) C:\windows\system32\DRIVERS\rassstp.sys

10:20:54.0526 5608        RasSstp - ok

10:20:54.0619 5608        rdbss           (d528bc58a489409ba40334ebf96a311b) C:\windows\system32\DRIVERS\rdbss.sys

10:20:54.0697 5608        rdbss - ok

10:20:54.0729 5608        rdpbus          (0d8f05481cb76e70e1da06ee9f0da9df) C:\windows\system32\DRIVERS\rdpbus.sys

10:20:54.0775 5608        rdpbus - ok

10:20:54.0807 5608        RDPCDD          (23dae03f29d253ae74c44f99e515f9a1) C:\windows\system32\DRIVERS\RDPCDD.sys

10:20:54.0885 5608        RDPCDD - ok

10:20:54.0916 5608        RDPENCDD        (5a53ca1598dd4156d44196d200c94b8a) C:\windows\system32\drivers\rdpencdd.sys

10:20:54.0994 5608        RDPENCDD - ok

10:20:55.0025 5608        RDPREFMP        (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\windows\system32\drivers\rdprefmp.sys

10:20:55.0087 5608        RDPREFMP - ok

10:20:55.0165 5608        RDPWD           (244c83332f44589ae98fc347f11b2693) C:\windows\system32\drivers\RDPWD.sys

10:20:55.0259 5608        RDPWD - ok

10:20:55.0368 5608        rdyboost        (518395321dc96fe2c9f0e96ac743b656) C:\windows\system32\drivers\rdyboost.sys

10:20:55.0415 5608        rdyboost - ok

10:20:55.0462 5608        RemoteAccess    (7b5e1419717fac363a31cc302895217a) C:\windows\System32\mprdim.dll

10:20:55.0571 5608        RemoteAccess - ok

10:20:55.0633 5608        RemoteRegistry  (cb9a8683f4ef2bf99e123d79950d7935) C:\windows\system32\regsvc.dll

10:20:55.0727 5608        RemoteRegistry - ok

10:20:55.0805 5608        RFCOMM          (cb928d9e6daf51879dd6ba8d02f01321) C:\windows\system32\DRIVERS\rfcomm.sys

10:20:55.0852 5608        RFCOMM - ok

10:20:55.0899 5608        RpcEptMapper    (78d072f35bc45d9e4e1b61895c152234) C:\windows\System32\RpcEpMap.dll

10:20:55.0992 5608        RpcEptMapper - ok

10:20:56.0023 5608        RpcLocator      (94d36c0e44677dd26981d2bfeef2a29d) C:\windows\system32\locator.exe

10:20:56.0086 5608        RpcLocator - ok

10:20:56.0195 5608        RpcSs           (7660f01d3b38aca1747e397d21d790af) C:\windows\system32\rpcss.dll

10:20:56.0289 5608        RpcSs - ok

10:20:56.0351 5608        rspndr          (032b0d36ad92b582d869879f5af5b928) C:\windows\system32\DRIVERS\rspndr.sys

10:20:56.0413 5608        rspndr - ok

10:20:56.0460 5608        SamSs           (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe

10:20:56.0507 5608        SamSs - ok

10:20:56.0569 5608        sbp2port        (05d860da1040f111503ac416ccef2bca) C:\windows\system32\drivers\sbp2port.sys

10:20:56.0616 5608        sbp2port - ok

10:20:56.0679 5608        SCardSvr        (8fc518ffe9519c2631d37515a68009c4) C:\windows\System32\SCardSvr.dll

10:20:56.0772 5608        SCardSvr - ok

10:20:56.0819 5608        scfilter        (0693b5ec673e34dc147e195779a4dcf6) C:\windows\system32\DRIVERS\scfilter.sys

10:20:56.0897 5608        scfilter - ok

10:20:57.0100 5608        Schedule        (a04bb13f8a72f8b6e8b4071723e4e336) C:\windows\system32\schedsvc.dll

10:20:57.0209 5608        Schedule - ok

10:20:57.0271 5608        SCPolicySvc     (319c6b309773d063541d01df8ac6f55f) C:\windows\System32\certprop.dll

10:20:57.0334 5608        SCPolicySvc - ok

10:20:57.0396 5608        SDRSVC          (08236c4bce5edd0a0318a438af28e0f7) C:\windows\System32\SDRSVC.dll

10:20:57.0474 5608        SDRSVC - ok

10:20:57.0521 5608        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\windows\system32\drivers\secdrv.sys

10:20:57.0615 5608        secdrv - ok

10:20:57.0661 5608        seclogon        (a59b3a4442c52060cc7a85293aa3546f) C:\windows\system32\seclogon.dll

10:20:57.0755 5608        seclogon - ok

10:20:58.0114 5608        Secunia PSI Agent (5b66db4877bbac9f7493aa8d84421e49) C:\Program Files\Secunia\PSI\PSIA.exe

10:20:58.0192 5608        Secunia PSI Agent - ok

10:20:58.0379 5608        Secunia Update Agent (0e88fdf474f2cdd370a4a6ce77d018f0) C:\Program Files\Secunia\PSI\sua.exe

10:20:58.0473 5608        Secunia Update Agent - ok

10:20:58.0769 5608        SENS            (dcb7fcdcc97f87360f75d77425b81737) C:\windows\System32\sens.dll

10:20:58.0863 5608        SENS - ok

10:20:58.0894 5608        SensrSvc        (50087fe1ee447009c9cc2997b90de53f) C:\windows\system32\sensrsvc.dll

10:20:58.0972 5608        SensrSvc - ok

10:20:59.0065 5608        Serenum         (9ad8b8b515e3df6acd4212ef465de2d1) C:\windows\system32\DRIVERS\serenum.sys

10:20:59.0143 5608        Serenum - ok

10:20:59.0175 5608        Serial          (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\windows\system32\DRIVERS\serial.sys

10:20:59.0237 5608        Serial - ok

10:20:59.0268 5608        sermouse        (79bffb520327ff916a582dfea17aa813) C:\windows\system32\DRIVERS\sermouse.sys

10:20:59.0315 5608        sermouse - ok

10:20:59.0409 5608        SessionEnv      (4ae380f39a0032eab7dd953030b26d28) C:\windows\system32\sessenv.dll

10:20:59.0502 5608        SessionEnv - ok

10:20:59.0533 5608        sffdisk         (9f976e1eb233df46fce808d9dea3eb9c) C:\windows\system32\drivers\sffdisk.sys

10:20:59.0611 5608        sffdisk - ok

10:20:59.0627 5608        sffp_mmc        (932a68ee27833cfd57c1639d375f2731) C:\windows\system32\drivers\sffp_mmc.sys

10:20:59.0674 5608        sffp_mmc - ok

10:20:59.0689 5608        sffp_sd         (a0708bbd07d245c06ff9de549ca47185) C:\windows\system32\drivers\sffp_sd.sys

10:20:59.0752 5608        sffp_sd - ok

10:20:59.0752 5608        sfloppy         (db96666cc8312ebc45032f30b007a547) C:\windows\system32\DRIVERS\sfloppy.sys

10:20:59.0799 5608        sfloppy - ok

10:20:59.0986 5608        Sftfs           (d9b734638dd8dba9d59aad3189cd0fad) C:\windows\system32\DRIVERS\Sftfslh.sys

10:21:00.0033 5608        Sftfs - ok

10:21:00.0267 5608        sftlist         (cb73bc422c07fb611f194da18d1e7f36) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

10:21:00.0313 5608        sftlist - ok

10:21:00.0376 5608        Sftplay         (2f61bd46c0bff4eb36e1e359ca17bfc5) C:\windows\system32\DRIVERS\Sftplaylh.sys

10:21:00.0407 5608        Sftplay - ok

10:21:00.0454 5608        Sftredir        (518bac0179f94304f422696b47c0ec12) C:\windows\system32\DRIVERS\Sftredirlh.sys

10:21:00.0485 5608        Sftredir - ok

10:21:00.0501 5608        Sftvol          (747325236d88b3f05ffd27ff9ec711c5) C:\windows\system32\DRIVERS\Sftvollh.sys

10:21:00.0532 5608        Sftvol - ok

10:21:00.0641 5608        sftvsa          (a5812f0281ca5081bf696626f9bf324d) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

10:21:00.0672 5608        sftvsa - ok

10:21:00.0781 5608        SharedAccess    (d1a079a0de2ea524513b6930c24527a2) C:\windows\System32\ipnathlp.dll

10:21:00.0859 5608        SharedAccess - ok

10:21:00.0969 5608        ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\windows\System32\shsvcs.dll

10:21:01.0062 5608        ShellHWDetection - ok

10:21:01.0109 5608        sisagp          (2565cac0dc9fe0371bdce60832582b2e) C:\windows\system32\drivers\sisagp.sys

10:21:01.0156 5608        sisagp - ok

10:21:01.0218 5608        SiSRaid2        (a9f0486851becb6dda1d89d381e71055) C:\windows\system32\DRIVERS\SiSRaid2.sys

10:21:01.0249 5608        SiSRaid2 - ok

10:21:01.0296 5608        SiSRaid4        (3727097b55738e2f554972c3be5bc1aa) C:\windows\system32\DRIVERS\sisraid4.sys

10:21:01.0327 5608        SiSRaid4 - ok

10:21:01.0452 5608        SkypeUpdate     (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files\Skype\Updater\Updater.exe

10:21:01.0483 5608        SkypeUpdate - ok

10:21:01.0530 5608        Smb             (3e21c083b8a01cb70ba1f09303010fce) C:\windows\system32\DRIVERS\smb.sys

10:21:01.0608 5608        Smb - ok

10:21:01.0686 5608        SNMPTRAP        (6a984831644eca1a33ffeae4126f4f37) C:\windows\System32\snmptrap.exe

10:21:01.0749 5608        SNMPTRAP - ok

10:21:01.0780 5608        spldr           (95cf1ae7527fb70f7816563cbc09d942) C:\windows\system32\drivers\spldr.sys

10:21:01.0827 5608        spldr - ok

10:21:01.0936 5608        Spooler         (866a43013535dc8587c258e43579c764) C:\windows\System32\spoolsv.exe

10:21:02.0029 5608        Spooler - ok

10:21:02.0763 5608        sppsvc          (cf87a1de791347e75b98885214ced2b8) C:\windows\system32\sppsvc.exe

10:21:02.0919 5608        sppsvc - ok

10:21:03.0215 5608        sppuinotify     (b0180b20b065d89232a78a40fe56eaa6) C:\windows\system32\sppuinotify.dll

10:21:03.0309 5608        sppuinotify - ok

10:21:03.0449 5608        srv             (e4c2764065d66ea1d2d3ebc28fe99c46) C:\windows\system32\DRIVERS\srv.sys

10:21:03.0511 5608        srv - ok

10:21:03.0621 5608        srv2            (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\windows\system32\DRIVERS\srv2.sys

10:21:03.0699 5608        srv2 - ok

10:21:03.0761 5608        srvnet          (be6bd660caa6f291ae06a718a4fa8abc) C:\windows\system32\DRIVERS\srvnet.sys

10:21:03.0808 5608        srvnet - ok

10:21:03.0886 5608        SSDPSRV         (d887c9fd02ac9fa880f6e5027a43e118) C:\windows\System32\ssdpsrv.dll

10:21:03.0979 5608        SSDPSRV - ok

10:21:04.0026 5608        SstpSvc         (d318f23be45d5e3a107469eb64815b50) C:\windows\system32\sstpsvc.dll

10:21:04.0120 5608        SstpSvc - ok

10:21:04.0167 5608        stexstor        (db32d325c192b801df274bfd12a7e72b) C:\windows\system32\DRIVERS\stexstor.sys

10:21:04.0198 5608        stexstor - ok

10:21:04.0323 5608        StiSvc          (e1fb3706030fb4578a0d72c2fc3689e4) C:\windows\System32\wiaservc.dll

10:21:04.0401 5608        StiSvc - ok

10:21:04.0447 5608        swenum          (e58c78a848add9610a4db6d214af5224) C:\windows\system32\drivers\swenum.sys

10:21:04.0494 5608        swenum - ok

10:21:04.0588 5608        swprv           (a28bd92df340e57b024ba433165d34d7) C:\windows\System32\swprv.dll

10:21:04.0697 5608        swprv - ok

10:21:04.0806 5608        SynTP           (bd8e7f87de409a745a132a8812de5a96) C:\windows\system32\DRIVERS\SynTP.sys

10:21:04.0853 5608        SynTP - ok

10:21:05.0149 5608        SysMain         (36650d618ca34c9d357dfd3d89b2c56f) C:\windows\system32\sysmain.dll

10:21:05.0259 5608        SysMain - ok

10:21:05.0305 5608        TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\windows\System32\TabSvc.dll

10:21:05.0368 5608        TabletInputService - ok

10:21:05.0461 5608        TapiSrv         (613bf4820361543956909043a265c6ac) C:\windows\System32\tapisrv.dll

10:21:05.0555 5608        TapiSrv - ok

10:21:05.0602 5608        TBS             (b799d9fdb26111737f58288d8dc172d9) C:\windows\System32\tbssvc.dll

10:21:05.0695 5608        TBS - ok

10:21:06.0335 5608        Tcpip           (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\drivers\tcpip.sys

10:21:06.0429 5608        Tcpip - ok

10:21:07.0006 5608        TCPIP6          (7fa2e0f8b072bd04b77b421480b6cc22) C:\windows\system32\DRIVERS\tcpip.sys

10:21:07.0084 5608        TCPIP6 - ok

10:21:07.0396 5608        tcpipreg        (cca24162e055c3714ce5a88b100c64ed) C:\windows\system32\drivers\tcpipreg.sys

10:21:07.0474 5608        tcpipreg - ok

10:21:07.0552 5608        TDPIPE          (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\windows\system32\drivers\tdpipe.sys

10:21:07.0599 5608        TDPIPE - ok

10:21:07.0645 5608        TDTCP           (2c2c5afe7ee4f620d69c23c0617651a8) C:\windows\system32\drivers\tdtcp.sys

10:21:07.0677 5608        TDTCP - ok

10:21:07.0739 5608        tdx             (b459575348c20e8121d6039da063c704) C:\windows\system32\DRIVERS\tdx.sys

10:21:07.0833 5608        tdx - ok

10:21:07.0879 5608        TermDD          (04dbf4b01ea4bf25a9a3e84affac9b20) C:\windows\system32\drivers\termdd.sys

10:21:07.0911 5608        TermDD - ok

10:21:08.0067 5608        TermService     (382c804c92811be57829d8e550a900e2) C:\windows\System32\termsrv.dll

10:21:08.0160 5608        TermService - ok

10:21:08.0191 5608        Themes          (42fb6afd6b79d9fe07381609172e7ca4) C:\windows\system32\themeservice.dll

10:21:08.0269 5608        Themes - ok

10:21:08.0301 5608        THREADORDER     (146b6f43a673379a3c670e86d89be5ea) C:\windows\system32\mmcss.dll

10:21:08.0379 5608        THREADORDER - ok

10:21:08.0425 5608        TrkWks          (4792c0378db99a9bc2ae2de6cfff0c3a) C:\windows\System32\trkwks.dll

10:21:08.0535 5608        TrkWks - ok

10:21:08.0628 5608        TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\windows\servicing\TrustedInstaller.exe

10:21:08.0722 5608        TrustedInstaller - ok

10:21:08.0769 5608        tssecsrv        (254bb140eee3c59d6114c1a86b636877) C:\windows\system32\DRIVERS\tssecsrv.sys

10:21:08.0847 5608        tssecsrv - ok

10:21:08.0925 5608        TsUsbFlt        (fd1d6c73e6333be727cbcc6054247654) C:\windows\system32\drivers\tsusbflt.sys

10:21:09.0003 5608        TsUsbFlt - ok

10:21:09.0081 5608        tunnel          (b2fa25d9b17a68bb93d58b0556e8c90d) C:\windows\system32\DRIVERS\tunnel.sys

10:21:09.0143 5608        tunnel - ok

10:21:09.0190 5608        uagp35          (750fbcb269f4d7dd2e420c56b795db6d) C:\windows\system32\DRIVERS\uagp35.sys

10:21:09.0237 5608        uagp35 - ok

10:21:09.0330 5608        udfs            (ee43346c7e4b5e63e54f927babbb32ff) C:\windows\system32\DRIVERS\udfs.sys

10:21:09.0439 5608        udfs - ok

10:21:09.0486 5608        UI0Detect       (8344fd4fce927880aa1aa7681d4927e5) C:\windows\system32\UI0Detect.exe

10:21:09.0549 5608        UI0Detect - ok

10:21:09.0627 5608        uliagpkx        (44e8048ace47befbfdc2e9be4cbc8880) C:\windows\system32\drivers\uliagpkx.sys

10:21:09.0658 5608        uliagpkx - ok

10:21:09.0720 5608        umbus           (d295bed4b898f0fd999fcfa9b32b071b) C:\windows\system32\drivers\umbus.sys

10:21:09.0767 5608        umbus - ok

10:21:09.0829 5608        UmPass          (7550ad0c6998ba1cb4843e920ee0feac) C:\windows\system32\DRIVERS\umpass.sys

10:21:09.0892 5608        UmPass - ok

10:21:09.0970 5608        upnphost        (833fbb672460efce8011d262175fad33) C:\windows\System32\upnphost.dll

10:21:10.0079 5608        upnphost - ok

10:21:10.0141 5608        usbccgp         (bd9c55d7023c5de374507acc7a14e2ac) C:\windows\system32\DRIVERS\usbccgp.sys

10:21:10.0188 5608        usbccgp - ok

10:21:10.0282 5608        usbcir          (04ec7cec62ec3b6d9354eee93327fc82) C:\windows\system32\drivers\usbcir.sys

10:21:10.0344 5608        usbcir - ok

10:21:10.0375 5608        usbehci         (f92de757e4b7ce9c07c5e65423f3ae3b) C:\windows\system32\drivers\usbehci.sys

10:21:10.0422 5608        usbehci - ok

10:21:10.0516 5608        usbhub          (8dc94aec6a7e644a06135ae7506dc2e9) C:\windows\system32\DRIVERS\usbhub.sys

10:21:10.0578 5608        usbhub - ok

10:21:10.0609 5608        usbohci         (a6fb7957ea7afb1165991e54ce934b74) C:\windows\system32\drivers\usbohci.sys

10:21:10.0687 5608        usbohci - ok

10:21:10.0703 5608        usbprint        (797d862fe0875e75c7cc4c1ad7b30252) C:\windows\system32\DRIVERS\usbprint.sys

10:21:10.0765 5608        usbprint - ok

10:21:10.0812 5608        USBSTOR         (f991ab9cc6b908db552166768176896a) C:\windows\system32\DRIVERS\USBSTOR.SYS

10:21:10.0890 5608        USBSTOR - ok

10:21:10.0921 5608        usbuhci         (68df884cf41cdada664beb01daf67e3d) C:\windows\system32\drivers\usbuhci.sys

10:21:10.0984 5608        usbuhci - ok

10:21:11.0077 5608        usbvideo        (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\windows\System32\Drivers\usbvideo.sys

10:21:11.0140 5608        usbvideo - ok

10:21:11.0171 5608        UxSms           (081e6e1c91aec36758902a9f727cd23c) C:\windows\System32\uxsms.dll

10:21:11.0265 5608        UxSms - ok

10:21:11.0311 5608        VaultSvc        (81951f51e318aecc2d68559e47485cc4) C:\windows\system32\lsass.exe

10:21:11.0358 5608        VaultSvc - ok

10:21:11.0389 5608        vdrvroot        (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\windows\system32\drivers\vdrvroot.sys

10:21:11.0436 5608        vdrvroot - ok

10:21:11.0577 5608        vds             (c3cd30495687c2a2f66a65ca6fd89be9) C:\windows\System32\vds.exe

10:21:11.0655 5608        vds - ok

10:21:11.0717 5608        vga             (17c408214ea61696cec9c66e388b14f3) C:\windows\system32\DRIVERS\vgapnp.sys

10:21:11.0764 5608        vga - ok

10:21:11.0795 5608        VgaSave         (8e38096ad5c8570a6f1570a61e251561) C:\windows\System32\drivers\vga.sys

10:21:11.0873 5608        VgaSave - ok

10:21:11.0935 5608        vhdmp           (5461686cca2fda57b024547733ab42e3) C:\windows\system32\drivers\vhdmp.sys

10:21:11.0982 5608        vhdmp - ok

10:21:12.0029 5608        viaagp          (c829317a37b4bea8f39735d4b076e923) C:\windows\system32\drivers\viaagp.sys

10:21:12.0076 5608        viaagp - ok

10:21:12.0091 5608        ViaC7           (e02f079a6aa107f06b16549c6e5c7b74) C:\windows\system32\DRIVERS\viac7.sys

10:21:12.0154 5608        ViaC7 - ok

10:21:12.0201 5608        viaide          (e43574f6a56a0ee11809b48c09e4fd3c) C:\windows\system32\drivers\viaide.sys

10:21:12.0247 5608        viaide - ok

10:21:12.0263 5608        volmgr          (4c63e00f2f4b5f86ab48a58cd990f212) C:\windows\system32\drivers\volmgr.sys

10:21:12.0310 5608        volmgr - ok

10:21:12.0403 5608        volmgrx         (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\windows\system32\drivers\volmgrx.sys

10:21:12.0450 5608        volmgrx - ok

10:21:12.0528 5608        volsnap         (f497f67932c6fa693d7de2780631cfe7) C:\windows\system32\drivers\volsnap.sys

10:21:12.0575 5608        volsnap - ok

10:21:12.0653 5608        vsmraid         (9dfa0cc2f8855a04816729651175b631) C:\windows\system32\DRIVERS\vsmraid.sys

10:21:12.0684 5608        vsmraid - ok

10:21:12.0965 5608        VSS             (209a3b1901b83aeb8527ed211cce9e4c) C:\windows\system32\vssvc.exe

10:21:13.0105 5608        VSS - ok

10:21:13.0137 5608        vwifibus        (90567b1e658001e79d7c8bbd3dde5aa6) C:\windows\system32\DRIVERS\vwifibus.sys

10:21:13.0199 5608        vwifibus - ok

10:21:13.0246 5608        vwififlt        (7090d3436eeb4e7da3373090a23448f7) C:\windows\system32\DRIVERS\vwififlt.sys

10:21:13.0293 5608        vwififlt - ok

10:21:13.0386 5608        W32Time         (55187fd710e27d5095d10a472c8baf1c) C:\windows\system32\w32time.dll

10:21:13.0480 5608        W32Time - ok

10:21:13.0527 5608        WacomPen        (de3721e89c653aa281428c8a69745d90) C:\windows\system32\DRIVERS\wacompen.sys

10:21:13.0589 5608        WacomPen - ok

10:21:13.0651 5608        WANARP          (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys

10:21:13.0729 5608        WANARP - ok

10:21:13.0729 5608        Wanarpv6        (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\windows\system32\DRIVERS\wanarp.sys

10:21:13.0807 5608        Wanarpv6 - ok

10:21:14.0119 5608        wbengine        (691e3285e53dca558e1a84667f13e15a) C:\windows\system32\wbengine.exe

10:21:14.0244 5608        wbengine - ok

10:21:14.0307 5608        WbioSrvc        (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\windows\System32\wbiosrvc.dll

10:21:14.0385 5608        WbioSrvc - ok

10:21:14.0478 5608        wcncsvc         (34eee0dfaadb4f691d6d5308a51315dc) C:\windows\System32\wcncsvc.dll

10:21:14.0541 5608        wcncsvc - ok

10:21:14.0572 5608        WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\windows\System32\WcsPlugInService.dll

10:21:14.0665 5608        WcsPlugInService - ok

10:21:14.0759 5608        Wd              (1112a9badacb47b7c0bb0392e3158dff) C:\windows\system32\DRIVERS\wd.sys

10:21:14.0806 5608        Wd - ok

10:21:14.0915 5608        Wdf01000        (9950e3d0f08141c7e89e64456ae7dc73) C:\windows\system32\drivers\Wdf01000.sys

10:21:14.0977 5608        Wdf01000 - ok

10:21:15.0024 5608        WdiServiceHost  (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll

10:21:15.0133 5608        WdiServiceHost - ok

10:21:15.0133 5608        WdiSystemHost   (46ef9dc96265fd0b423db72e7c38c2a5) C:\windows\system32\wdi.dll

10:21:15.0196 5608        WdiSystemHost - ok

10:21:15.0289 5608        WebClient       (a9d880f97530d5b8fee278923349929d) C:\windows\System32\webclnt.dll

10:21:15.0352 5608        WebClient - ok

10:21:15.0414 5608        Wecsvc          (760f0afe937a77cff27153206534f275) C:\windows\system32\wecsvc.dll

10:21:15.0492 5608        Wecsvc - ok

10:21:15.0539 5608        wercplsupport   (ac804569bb2364fb6017370258a4091b) C:\windows\System32\wercplsupport.dll

10:21:15.0633 5608        wercplsupport - ok

10:21:15.0711 5608        WerSvc          (08e420d873e4fd85241ee2421b02c4a4) C:\windows\System32\WerSvc.dll

10:21:15.0804 5608        WerSvc - ok

10:21:15.0851 5608        WfpLwf          (8b9a943f3b53861f2bfaf6c186168f79) C:\windows\system32\DRIVERS\wfplwf.sys

10:21:15.0929 5608        WfpLwf - ok

10:21:15.0960 5608        WIMMount        (5cf95b35e59e2a38023836fff31be64c) C:\windows\system32\drivers\wimmount.sys

10:21:15.0991 5608        WIMMount - ok

10:21:16.0179 5608        WinDefend       (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll

10:21:16.0257 5608        WinDefend - ok

10:21:16.0272 5608        WinHttpAutoProxySvc - ok

10:21:16.0366 5608        Winmgmt         (f62e510b6ad4c21eb9fe8668ed251826) C:\windows\system32\wbem\WMIsvc.dll

10:21:16.0444 5608        Winmgmt - ok

10:21:16.0756 5608        WinRM           (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\windows\system32\WsmSvc.dll

10:21:16.0896 5608        WinRM - ok

10:21:17.0021 5608        WinUsb          (a67e5f9a400f3bd1be3d80613b45f708) C:\windows\system32\DRIVERS\WinUsb.sys

10:21:17.0083 5608        WinUsb - ok

10:21:17.0302 5608        Wlansvc         (16935c98ff639d185086a3529b1f2067) C:\windows\System32\wlansvc.dll

10:21:17.0395 5608        Wlansvc - ok

10:21:17.0427 5608        WmiAcpi         (0217679b8fca58714c3bf2726d2ca84e) C:\windows\system32\drivers\wmiacpi.sys

10:21:17.0489 5608        WmiAcpi - ok

10:21:17.0614 5608        wmiApSrv        (6eb6b66517b048d87dc1856ddf1f4c3f) C:\windows\system32\wbem\WmiApSrv.exe

10:21:17.0676 5608        wmiApSrv - ok

10:21:18.0035 5608        WMPNetworkSvc   (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe

10:21:18.0113 5608        WMPNetworkSvc - ok

10:21:18.0378 5608        WPCSvc          (a2f0ec770a92f2b3f9de6d518e11409c) C:\windows\System32\wpcsvc.dll

10:21:18.0456 5608        WPCSvc - ok

10:21:18.0503 5608        WPDBusEnum      (aa53356d60af47eacc85bc617a4f3f66) C:\windows\system32\wpdbusenum.dll

10:21:18.0581 5608        WPDBusEnum - ok

10:21:18.0675 5608        ws2ifsl         (6db3276587b853bf886b69528fdb048c) C:\windows\system32\drivers\ws2ifsl.sys

10:21:18.0753 5608        ws2ifsl - ok

10:21:18.0815 5608        wscsvc          (6f5d49efe0e7164e03ae773a3fe25340) C:\windows\System32\wscsvc.dll

10:21:18.0893 5608        wscsvc - ok

10:21:18.0893 5608        WSearch - ok

10:21:19.0361 5608        wuauserv        (3026418a50c5b4761befa632cedb7406) C:\windows\system32\wuaueng.dll

10:21:19.0517 5608        wuauserv - ok

10:21:19.0845 5608        WudfPf          (e714a1c0354636837e20ccbf00888ee7) C:\windows\system32\drivers\WudfPf.sys

10:21:19.0923 5608        WudfPf - ok

10:21:19.0985 5608        WUDFRd          (1023ee888c9b47178c5293ed5336ab69) C:\windows\system32\DRIVERS\WUDFRd.sys

10:21:20.0063 5608        WUDFRd - ok

10:21:20.0141 5608        wudfsvc         (8d1e1e529a2c9e9b6a85b55a345f7629) C:\windows\System32\WUDFSvc.dll

10:21:20.0219 5608        wudfsvc - ok

10:21:20.0297 5608        WwanSvc         (ff2d745b560f7c71b31f30f4d49f73d2) C:\windows\System32\wwansvc.dll

10:21:20.0375 5608        WwanSvc - ok

10:21:20.0437 5608        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

10:21:20.0718 5608        \Device\Harddisk0\DR0 - ok

10:21:20.0718 5608        MBR (0x1B8)     (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR1

10:21:28.0050 5608        \Device\Harddisk1\DR1 - ok

10:21:28.0050 5608        Boot (0x1200)   (59d5c942acc4471a03a5718aada7527d) \Device\Harddisk0\DR0\Partition0

10:21:28.0066 5608        \Device\Harddisk0\DR0\Partition0 - ok

10:21:28.0097 5608        Boot (0x1200)   (e561d3855e7409f40c075f86402524ce) \Device\Harddisk0\DR0\Partition1

10:21:28.0097 5608        \Device\Harddisk0\DR0\Partition1 - ok

10:21:28.0113 5608        Boot (0x1200)   (a78753acb8f5a7ee53d0ea39b121860b) \Device\Harddisk1\DR1\Partition0

10:21:28.0113 5608        \Device\Harddisk1\DR1\Partition0 - ok

10:21:28.0113 5608        ============================================================

10:21:28.0113 5608        Scan finished

10:21:28.0113 5608        ============================================================

10:21:28.0144 5640        Detected object count: 3

10:21:28.0144 5640        Actual detected object count: 3

10:23:53.0895 5640        AsusService ( UnsignedFile.Multi.Generic ) - skipped by user

10:23:53.0895 5640        AsusService ( UnsignedFile.Multi.Generic ) - User select action: Skip 

10:23:53.0910 5640        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

10:23:53.0910 5640        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

10:23:53.0910 5640        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

10:23:53.0910 5640        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

10:25:39.0944 5884        Deinitialize success

Gruß, L.

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Code:

 
 

Combofix Logfile:
 

        Code:


        
ComboFix 12-05-12.01 - *** 13.05.2012  10:40:29.1.4 - x86

Microsoft Windows 7 Home Premium   6.1.7601.1.1251.7.1031.18.2038.1145 [GMT 2:00]

Running from: c:\users\***\Desktop\ComboFix.exe

AV: Kaspersky Anti-Virus *Disabled/Updated* {AE1D740B-8F0F-D137-211D-873D44B3F4AE}

SP: Kaspersky Anti-Virus *Disabled/Updated* {157C95EF-A935-DEB9-1BAD-BC4F3F34BE13}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\FullRemove.exe

c:\windows\system32\Thumbs.db

.

.

(((((((((((((((((((((((((   Files Created from 2012-04-13 to 2012-05-13  )))))))))))))))))))))))))))))))

.

.

2012-05-13 08:58 . 2012-05-13 08:58        --------        d-----w-        c:\users\***\AppData\Local\temp

2012-05-13 08:58 . 2012-05-13 08:58        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2012-05-13 08:58 . 2012-05-13 08:58        --------        d-----w-        c:\users\Default\AppData\Local\temp

2012-05-10 12:38 . 2012-03-30 10:23        1291632        ----a-w-        c:\windows\system32\drivers\tcpip.sys

2012-05-10 12:38 . 2012-03-31 04:29        936960        ----a-w-        c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-10 12:38 . 2012-03-31 04:30        1221632        ----a-w-        c:\program files\Windows Journal\NBDoc.DLL

2012-05-10 12:38 . 2012-03-31 04:29        989184        ----a-w-        c:\program files\Windows Journal\JNTFiltr.dll

2012-05-10 12:38 . 2012-03-31 04:29        969216        ----a-w-        c:\program files\Windows Journal\JNWDRV.dll

2012-05-10 12:38 . 2012-03-31 04:39        3968368        ----a-w-        c:\windows\system32\ntkrnlpa.exe

2012-05-10 12:38 . 2012-03-31 04:39        3913072        ----a-w-        c:\windows\system32\ntoskrnl.exe

2012-05-10 12:38 . 2012-03-31 02:36        2343424        ----a-w-        c:\windows\system32\win32k.sys

2012-05-10 12:38 . 2012-03-17 07:27        56176        ----a-w-        c:\windows\system32\drivers\partmgr.sys

2012-05-10 12:38 . 2012-03-03 05:31        1077248        ----a-w-        c:\windows\system32\DWrite.dll

2012-05-03 15:26 . 2012-05-03 15:26        --------        d-----w-        c:\program files\ESET

2012-04-29 16:01 . 2012-04-29 16:01        --------        d-----w-        c:\program files\Google

2012-04-29 16:01 . 2012-04-29 16:01        --------        d-----w-        c:\users\***\AppData\Local\Google

2012-04-29 14:20 . 2012-04-29 16:08        --------        d-----w-        c:\program files\Mozilla Maintenance Service

2012-04-17 17:28 . 2012-04-17 17:28        --------        d-----w-        c:\users\***\AppData\Local\Mozilla

2012-04-15 07:38 . 2012-04-15 07:38        --------        d-----w-        c:\users\***\AppData\Roaming\SUPERAntiSpyware.com

2012-04-15 07:38 . 2012-04-15 07:38        --------        d-----w-        c:\programdata\SUPERAntiSpyware.com

2012-04-14 15:46 . 2012-04-14 15:46        --------        d-----w-        c:\users\***\AppData\Roaming\Malwarebytes

2012-04-14 15:46 . 2012-04-14 15:46        --------        d-----w-        c:\programdata\Malwarebytes

2012-04-14 15:28 . 2012-04-14 15:28        --------        d--h--w-        c:\windows\AxInstSV

.

.

.

((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-06 07:41 . 2012-04-05 12:25        419488        ----a-w-        c:\windows\system32\FlashPlayerApp.exe

2012-05-06 07:41 . 2011-06-16 18:54        70304        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl

2012-03-28 08:05 . 2011-02-12 18:08        472808        ----a-w-        c:\windows\system32\deployJava1.dll

2012-03-01 05:46 . 2012-04-11 17:47        19824        ----a-w-        c:\windows\system32\drivers\fs_rec.sys

2012-03-01 05:37 . 2012-04-11 17:47        172544        ----a-w-        c:\windows\system32\wintrust.dll

2012-03-01 05:33 . 2012-04-11 17:47        159232        ----a-w-        c:\windows\system32\imagehlp.dll

2012-03-01 05:29 . 2012-04-11 17:47        5120        ----a-w-        c:\windows\system32\wmi.dll

2012-02-28 05:38 . 2012-04-10 17:23        981504        ----a-w-        c:\windows\system32\wininet.dll

2012-02-28 03:52 . 2012-04-10 17:23        1638912        ----a-w-        c:\windows\system32\mshtml.tlb

2012-02-17 05:34 . 2012-03-28 06:51        826880        ----a-w-        c:\windows\system32\rdpcore.dll

2012-02-17 04:14 . 2012-03-28 06:51        183808        ----a-w-        c:\windows\system32\drivers\rdpwd.sys

2012-02-17 04:13 . 2012-03-28 06:51        24576        ----a-w-        c:\windows\system32\drivers\tdtcp.sys

2012-04-21 01:18 . 2012-04-29 15:54        97208        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll

.

.

(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]

@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"

[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]

@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"

[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-19 1594664]

"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-11-19 83240]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-27 9177632]

"OOBESetup"="c:\program files\asus\OOBERegBackup\OOBERegBackup.exe" [2009-12-11 334848]

"Boingo Wi-Fi"="c:\program files\Boingo\Boingo Wi-Fi\Boingo.lnk" [2010-09-27 2429]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]

"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2010-02-03 340456]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

FRITZ!DSL Protect.lnk - c:\program files\FRITZ!DSL\FwebProt.exe [2009-4-9 1061688]

FRITZ!DSL Startcenter.lnk - c:\windows\Installer\{74A929E2-FBD8-4736-A84E-2ABBB2ABADF2}\Icon2457326B4.exe [2010-9-28 29184]

Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-10-14 291896]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\nvinit.dll c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AsusVibeLauncher.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk

backup=c:\windows\pss\AsusVibeLauncher.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-01-03 07:37        843712        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]

2010-07-27 21:38        3058304        ----a-w-        c:\windows\AsScrPro.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSPRP]

2010-07-27 21:40        2018032        ----a-w-        c:\program files\ASUS\APRP\aprp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUSWebStorage]

2011-07-29 09:43        737104        ----a-w-        c:\program files\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CapsHook]

2010-05-24 23:47        35304        ----a-w-        c:\windows\System32\AsusSender.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Eee Docking]

2010-06-10 20:12        414384        ----a-w-        c:\program files\ASUS\Eee Docking\Eee Docking.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyMon]

2010-05-24 23:47        35304        ----a-w-        c:\windows\System32\AsusSender.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotkeyService]

2010-05-24 23:47        35304        ----a-w-        c:\windows\System32\AsusSender.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]

2009-06-05 02:03        186904        ----a-w-        c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LiveUpdate]

2010-05-24 23:47        35304        ----a-w-        c:\windows\System32\AsusSender.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-01-18 12:02        254696        ----a-w-        c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SuperHybridEngine]

2010-05-24 23:47        35304        ----a-w-        c:\windows\System32\AsusSender.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UCam_Menu]

2009-05-20 05:16        222504        ----a-w-        c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-29 136176]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]

R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]

R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-07-07 195336]

R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-05-21 293928]

R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-05-21 33320]

R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-29 136176]

R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-07-23 68200]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]

S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]

S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-07-23 19656]

S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-03-31 11520]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]

S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]

S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]

S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [2011-06-15 249648]

S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]

S2 IGDCTRL;AVM IGD CTRL Service;c:\program files\FRITZ!DSL\IGDCTRL.EXE [2009-07-28 73528]

S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-10-14 994360]

S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-10-14 399416]

S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-05-10 68208]

S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]

S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 579944]

S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 194408]

S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 21864]

S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 19304]

S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12        REG_MULTI_SZ           Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

.

2012-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 07:41]

.

2012-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-29 16:01]

.

2012-05-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-29 16:01]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.de/

IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

LSP: c:\program files\FRITZ!DSL\\sarah.dll

TCP: Interfaces\{588BC8C4-65F4-486B-B06E-88C28F634390}: NameServer = 192.168.0.1

FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\k0393dc9.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

AddRemove-Catan - Staedte und Ritter - c:\program files\Catan\Catan - Stadte und Ritter\uninst.exe

AddRemove-{09FF4DB8-7DE9-4D47-B7DB-915DB7D9A8CA} - c:\programdata\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}\bm_installer.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2012-05-13  11:03:09

ComboFix-quarantined-files.txt  2012-05-13 09:03

.

Pre-Run: 7 Verzeichnis(se), 28.472.684.544 Bytes frei

Post-Run: 13 Verzeichnis(se), 28.566.753.280 Bytes frei

.

- - End Of File - - C7CB006CE01253DDC4888D86D887117D

 
--- --- ---

Gruß, L.

Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte

aswMBR.exe und speichere die Datei auf deinem Desktop.

Starte die aswMBR.exe - (aswMBR.exe Anleitung)
Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
Klicke auf Scan.
Warte bitte bis Scan finished successfully im DOS-Fenster steht.
Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).

Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

So, nach dem Urlaub gehts jetzt weiter:

[code]
GMER Logfile:
GMER Logfile:

Code:

GMER 1.0.15.15641 - hxxp://www.gmer.net

Rootkit scan 2012-06-05 18:15:15

Windows 6.1.7601 Service Pack 1 

Running: ci80mte3.exe; Driver: C:\Users\***\AppData\Local\Temp\awdiapod.sys
 
 

---- Registry - GMER 1.0.15 ----
 

Reg  HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Bluetooth-Ger                                                                                                                    1?

Reg  HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Bluetooth-Ger                                                                                                                    1?

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0009dd103ece                                                                                                                                                        

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c4bd61e370a                                                                                                                                                        

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\74f06dab805d                                                                                                                                                        

Reg  HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Bluetooth-Ger                                                                                                                        1?

Reg  HKLM\SYSTEM\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions@Bluetooth-Ger                                                                                                                        1?

Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0009dd103ece (not active ControlSet)                                                                                                                                    

Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c4bd61e370a (not active ControlSet)                                                                                                                                    

Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\74f06dab805d (not active ControlSet)                                                                                                                                    

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\ANNA\Forms\10x15 cm (Abrei                                                                                          

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\ANNA\Forms\10x15 cm (Abrei@FormKeyword                                                                              0x48 0x50 0x5F 0x31 ...

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\ANNA\Forms\10x15 cm (Abrei@ResourceNameID                                                                           @hpzstwn7.dll,4436

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\ANNA\Forms\4x6 Zoll (Abrei                                                                                          

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\ANNA\Forms\4x6 Zoll (Abrei@FormKeyword                                                                              0x34 0x58 0x36 0x5F ...

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\ANNA\Forms\4x6 Zoll (Abrei@ResourceNameID                                                                           @hpzstwn7.dll,4432

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\ANNA\Forms\PRC 32K (gro                                                                                             

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\ANNA\Forms\PRC 32K (gro@FormKeyword                                                                                 0x50 0x52 0x43 0x20 ...

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\ANNA\Forms\PRC 32K (gro@ResourceNameID                                                                              @localspl.dll.mui,292

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\ANNA\Forms\PRC 32K (gro                                                                                             

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\ANNA\Forms\PRC 32K (gro@1031                                                                                        PRC 32K (gro?)

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\ANNA\Forms\PRC 32K (gro                                                                                             

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\ANNA\Forms\PRC 32K (gro@FormKeyword                                                                                 0x50 0x52 0x43 0x20 ...

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\ANNA\Forms\PRC 32K (gro@ResourceNameID                                                                              @localspl.dll.mui,305

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\ANNA\Forms\PRC 32K (gro                                                                                             

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\ANNA\Forms\PRC 32K (gro@1031                                                                                        PRC 32K (gro?) Gedreht

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\ANNA\Forms\Randl. Foto 10x15 cm Abrei                                                                               

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\ANNA\Forms\Randl. Foto 10x15 cm Abrei@FormKeyword                                                                   0x48 0x50 0x5F 0x42 ...

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\ANNA\Forms\Randl. Foto 10x15 cm Abrei@ResourceNameID                                                                @hpzstwn7.dll,4391

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\ANNA\Forms\Randlos 4x6 Zoll (Abrei                                                                                  

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\ANNA\Forms\Randlos 4x6 Zoll (Abrei@FormKeyword                                                                      0x48 0x50 0x5F 0x42 ...

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\ANNA\Forms\Randlos 4x6 Zoll (Abrei@ResourceNameID                                                                   @hpzstwn7.dll,3390

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\ANNA\Forms\                                                                                                         

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\ANNA\Forms\@FormKeyword                                                                                             

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\ANNA\Forms\                                                                                                         

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\ANNA\Forms\@FormKeyword                                                                                             

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\ANNA\Forms\                                                                                                         

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\ANNA\Forms\@FormKeyword                                                                                             

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\NICOLE\Forms\PRC 32K (gro                                                                                           

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\NICOLE\Forms\PRC 32K (gro@FormKeyword                                                                               0x50 0x52 0x43 0x20 ...

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\NICOLE\Forms\PRC 32K (gro@ResourceNameID                                                                            @localspl.dll.mui,292

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\NICOLE\Forms\PRC 32K (gro                                                                                           

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\NICOLE\Forms\PRC 32K (gro@1031                                                                                      PRC 32K (gro?)

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\NICOLE\Forms\PRC 32K (gro                                                                                           

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\NICOLE\Forms\PRC 32K (gro@FormKeyword                                                                               0x50 0x52 0x43 0x20 ...

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\NICOLE\Forms\PRC 32K (gro@ResourceNameID                                                                            @localspl.dll.mui,305

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\NICOLE\Forms\PRC 32K (gro                                                                                           

Reg  HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Print\Providers\Client Side Rendering Print Provider\Servers\NICOLE\Forms\PRC 32K (gro@1031                                                                                      PRC 32K (gro?) Gedreht

Reg  HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex@LazyCheckPointUpdateInterval                                                                                                                                     604800

Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk  1

Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\StartPage\NewShortcuts@C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\xae Matrix Storage Manager\Intel\xae Matrix Storage Console.lnk                          1

Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\                                                                                                                                                       

Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\                                                                                                                                                       

Reg  HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Activities\@Enabled                                                                                                                                               1

Reg  HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Program Files\Catan\Catan - St                                                                                               1
 

---- EOF - GMER 1.0.15 ----

--- --- ---

--- --- ---

[code]
OSAM Logfile:

Code:

Report of OSAM: Autorun Manager v5.0.11926.0

hxxp://www.online-solutions.ru/en/

Saved at 18:28:02 on 05.06.2012
 

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit

Default Browser: Microsoft Corporation Internet Explorer 8.00.7600.16385
 

Scanner Settings

[x] Rootkits detection (hidden registry)

[x] Rootkits detection (hidden files)

[x] Retrieve files information

[x] Check Microsoft signatures
 

Filters

[ ] Trusted entries

[ ] Empty entries

[x] Hidden registry entries (rootkit activity)

[x] Exclusively opened files

[x] Not found files

[x] Files without detailed information

[x] Existing files

[ ] Non-startable services

[ ] Non-startable drivers

[x] Active entries

[x] Disabled entries
 
 

[AppInit DLLs]

-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----

"AppInit_DLLs" - "Kaspersky Lab" - C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
 

[Common]

-----( %SystemRoot%\Tasks )-----

"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
 

[Control Panel Objects]

-----( %SystemRoot%\system32 )-----

"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\windows\system32\FlashPlayerCPLApp.cpl
 

[Drivers]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"AsUpIO" (AsUpIO) - ? - C:\windows\System32\drivers\AsUpIO.sys  (File found, but it contains no detailed information)

"awdiapod" (awdiapod) - "GMER" - C:\awdiapod.sys  (Hidden registry entry, rootkit activity)

"catchme" (catchme) - ? - C:\Users\***\AppData\Local\Temp\catchme.sys  (File not found)

"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\fssfltr.sys

"PSI" (PSI) - "Secunia" - C:\windows\System32\DRIVERS\psi_mf.sys

"Sftfs" (Sftfs) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\Sftfslh.sys

"Sftplay" (Sftplay) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\Sftplaylh.sys

"Sftredir" (Sftredir) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\Sftredirlh.sys

"Sftvol" (Sftvol) - "Microsoft Corporation" - C:\windows\System32\DRIVERS\Sftvollh.sys
 

[Explorer]

-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----

{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll

-----( HKLM\Software\Classes\Protocols\Handler )-----

{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL

{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----

{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll

{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\windows\system32\nvcpl.dll

{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL

{7842554E-6BED-11D2-8CDB-B05550C10000} "Monitor Class" - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btncopy.dll

{A929C4CE-FD36-4270-B4F5-34ECAC5BD63C} "NvAppShExt Class" - "NVIDIA Corporation" - C:\windows\system32\nv3dappshext.dll

{3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\windows\system32\nvshext.dll

{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\windows\system32\nvcpl.dll

{E97DEC16-A50D-49bb-AE24-CF682282E08D} "OpenGLShExt Class" - "NVIDIA Corporation" - C:\windows\system32\nv3dappshext.dll

{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? -   (File not found | COM-object registry key not found)

{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe

{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll

{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll  (File found, but it contains no detailed information)

{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe
 

[Internet Explorer]

-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----

ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)

<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)

-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----

{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

{7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----

{4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

"@C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} "ClsidExtension" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll

{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

{CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----

{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll

{E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll

{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll

{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll

{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)
 

[Logon]

-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----

"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini

"FRITZ!DSL Protect.lnk" - "AVM Berlin" - C:\Program Files\FRITZ!DSL\FwebProt.exe  (Shortcut exists | File exists)

"FRITZ!DSL Startcenter.lnk" - "AVM Berlin" - C:\Program Files\FRITZ!DSL\StCenter.exe  (Shortcut exists | File exists)

"Secunia PSI Tray.lnk" - "Secunia" - C:\Program Files\Secunia\PSI\psi_tray.exe  (Shortcut exists | File exists)

-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----

"StartupPrograms" - ? - rdpclip  (File not found)

-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----

"AVP" - "Kaspersky Lab" - "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"

"Boingo Wi-Fi" - ? - "C:\Program Files\Boingo\Boingo Wi-Fi\Boingo.lnk"

"OOBESetup" - "ASUSTeK Computer Inc." - C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe /restore -"C:\Program Files\asus\OOBERegBackup\OOBEReg.ini"
 

[Services]

-----( HKLM\SYSTEM\CurrentControlSet\Services )-----

"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

"Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe

"Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe

"Asus Launcher Service" (AsusService) - ? - C:\Windows\System32\AsusService.exe  (File found, but it contains no detailed information)

"AVM IGD CTRL Service" (IGDCTRL) - "AVM Berlin" - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE

"BBUpdate" (BBUpdate) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE

"Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE

"Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

"Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE

"FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

"Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe

"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

"Kaspersky Anti-Virus" (AVP) - "Kaspersky Lab" - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe

"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\windows\system32\HPZinw12.dll

"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\windows\system32\nvvsvc.exe

"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\windows\system32\HPZipm12.dll

"Secunia PSI Agent" (Secunia PSI Agent) - "Secunia" - C:\Program Files\Secunia\PSI\PSIA.exe

"Secunia Update Agent" (Secunia Update Agent) - "Secunia" - C:\Program Files\Secunia\PSI\sua.exe

"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe

"Windows Live Family Safety-Dienst" (fsssvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Family Safety\fsssvc.exe
 

[Winlogon]

-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----

"klogon" - "Kaspersky Lab" - C:\windows\system32\klogon.dll
 

[Winsock Providers]

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----

"Sarah NSP" - "AVM Berlin" - C:\Program Files\FRITZ!DSL\sarah.dll

-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )-----

"SARAH LSP" - "AVM Berlin" - C:\Program Files\FRITZ!DSL\sarah.dll
 

===[ Logfile end ]=========================================[ Logfile end ]===

--- --- ---
 

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Code:

 

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software

Run date: 2012-06-05 18:29:10

-----------------------------

18:29:10.335    OS Version: Windows 6.1.7601 Service Pack 1

18:29:10.335    Number of processors: 4 586 0x1C0A

18:29:10.335    ComputerName: ***-PC  UserName: ***

18:29:11.988    Initialize success

18:35:14.179    AVAST engine defs: 12060500

18:35:57.126    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

18:35:57.126    Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3

18:35:57.172    Disk 0 MBR read successfully

18:35:57.188    Disk 0 MBR scan

18:35:57.188    Disk 0 Windows 7 default MBR code

18:35:57.204    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       102400 MB offset 2048

18:35:57.250    Disk 0 Partition 2 00     1B   Hidd FAT32 MSDOS5.0    15360 MB offset 209717248

18:35:57.282    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS       120694 MB offset 241174528

18:35:57.328    Disk 0 Partition 4 00     EF      EFI FAT                20 MB offset 488355840

18:35:57.344    Disk 0 scanning sectors +488397168

18:35:57.812    Disk 0 scanning C:\windows\system32\drivers

18:36:14.161    Service scanning

18:36:58.683    Modules scanning

18:37:14.611    Disk 0 trace - called modules:

18:37:14.642    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll iaStor.sys 

18:37:14.658    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x863f3880]

18:37:14.658    3 CLASSPNP.SYS[8924259e] -> nt!IofCallDriver -> [0x85988378]

18:37:14.673    5 ACPI.sys[88aa13d4] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8593d028]

18:37:16.031    AVAST engine scan C:\windows

18:37:20.508    AVAST engine scan C:\windows\system32

18:41:50.310    AVAST engine scan C:\windows\system32\drivers

18:42:09.264    AVAST engine scan C:\Users\***

18:43:47.248    AVAST engine scan C:\ProgramData

18:47:59.766    Scan finished successfully

18:48:30.201    Disk 0 MBR has been saved successfully to "C:\Temp\MBR.dat"

18:48:30.217    The log file has been saved successfully to "C:\Temp\aswMBR.txt"

Gruß, L.

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Trojan.Agent/Gen-Malintent
C:\PROGRAM FILES\WINRAR\DEFAULT.SFX
->

Code:

 
 

SUPERAntiSpyware Scan Log

hxxp://www.superantispyware.com
 

Generated 06/10/2012 at 01:15 PM
 

Application Version : 5.0.1150
 

Core Rules Database Version : 8710

Trace Rules Database Version: 6522
 

Scan type       : Complete Scan

Total Scan Time : 01:21:51
 

Operating System Information

Windows 7 Home Premium 32-bit, Service Pack 1 (Build 6.01.7601)

UAC On - Limited User
 

Memory items scanned      : 680

Memory threats detected   : 0

Registry items scanned    : 34200

Registry threats detected : 0

File items scanned        : 101090

File threats detected     : 194
 

Adware.Tracking Cookie

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\0LJFM6YS.txt [ /media.gan-online.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\HXA50VRH.txt [ /zanox.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\D227QES8.txt [ /server.adformdsp.net ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\RA3E97PC.txt [ /2o7.net ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\1GUG6MDV.txt [ /fastclick.net ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\8RX5B7WF.txt [ /traffictrack.de ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\AV3WOR3A.txt [ /ru4.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\PUQLUSU6.txt [ /ad2.adfarm1.adition.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\KYTD2U63.txt [ /ad.adnet.de ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\QY3UBTLP.txt [ /apmebf.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\X6QF2Q0W.txt [ /ww251.smartadserver.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\N0Z4O3AN.txt [ /unister-adservices.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\OSE4MQNI.txt [ /invitemedia.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\64KQ8NCA.txt [ /specificclick.net ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\OPENQDKC.txt [ /webmasterplan.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\EVRV6ZR4.txt [ /accounts.google.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\W2MUD841.txt [ /openstat.net ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\N3CMJXET.txt [ /yadro.ru ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\62J6S3C9.txt [ /www.googleadservices.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\C99A7VL3.txt [ /www.zanox-affiliate.de ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\TRGMA5GB.txt [ /amazon-adsystem.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\50B40IBG.txt [ /tns-counter.ru ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\RGFPH1BY.txt [ /lucidmedia.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\0F2NXKOU.txt [ /bs.serving-sys.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\82JWIP2I.txt [ /cunda.122.2o7.net ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\PN14W8XH.txt [ /unitymedia.de ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\EXVF84C4.txt [ /ad4.adfarm1.adition.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\C05B3GU1.txt [ /doubleclick.net ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\9W6162QN.txt [ /ad1.adfarm1.adition.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\EPYKGIV4.txt [ /zbox.zanox.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\1TKAQTPZ.txt [ /www.xxxlmoebelhaeuser.de ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\R3DT20F4.txt [ /adfarm1.adition.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\GF8YXNWT.txt [ /ad.360yield.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\6CWH3ZVN.txt [ /quartermedia.de ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\RAQ5QLEX.txt [ /unister-adservices.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\8CJPDFTT.txt [ /de.sitestat.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\2K61VRRK.txt [ /ad.zanox.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\32XQW3AT.txt [ /rambler.ru ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\2D2GJOWE.txt [ /im.banner.t-online.de ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\158UQ41D.txt [ /imrworldwide.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\714FG4ZQ.txt [ /www.usenext.de ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\1KXWZRDX.txt [ /ad.adserver01.de ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\H5PF8N18.txt [ /www.googleadservices.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\8V1O2FTE.txt [ /revsci.net ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\I6VWDTIK.txt [ /adviva.net ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\G6UWP1NL.txt [ /tracking.mlsat02.de ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\RV39IBTY.txt [ /serving-sys.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\HEXIGR6C.txt [ /eas.apm.emediate.eu ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\154CUKEP.txt [ /mediaplex.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\M6KIJ5ZZ.txt [ /clickfuse.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\NAB9HN99.txt [ /ad3.adfarm1.adition.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\UKBGCNAN.txt [ /adserver.adtechus.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\JFQR93NO.txt [ /adtech.de ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\4PW3E2NZ.txt [ /www.googleadservices.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\U0USKJVJ.txt [ /xiti.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\USPEEH39.txt [ /ad.dyntracker.de ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\6HFG7R2F.txt [ /ad.ad-srv.net ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\ATFL3VNK.txt [ /ad.yieldmanager.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\L9VFDUZV.txt [ /adbrite.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\NJS2793Z.txt [ /atdmt.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\9TXUCYGY.txt [ /lfstmedia.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\SCUR3LN7.txt [ /track.adform.net ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\Q8NRXXPD.txt [ /tracking.quisma.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\9ZC272N8.txt [ /tradedoubler.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\IMG6U0PT.txt [ /www.etracker.de ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\6DYJATG5.txt [ /ads.creative-serving.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\BXD5FMLP.txt [ /adformdsp.net ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\H5CFB9FI.txt [ /zanox-affiliate.de ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\ZJIFTU8V.txt [ /www.googleadservices.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\LE2JGIR4.txt [ /xxxlmoebelhaeuser.de ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\AU3Y2HWU.txt [ /adform.net ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\PWMS9E21.txt [ /tribalfusion.com ]

        C:\Users\***\AppData\Roaming\Microsoft\Windows\Cookies\HI4VF42F.txt [ /www.googleadservices.com ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\OSMA93JA.txt [ Cookie:***@www.ab-in-den-urlaub.de/ibe/offers/params/tt/adult/2/agent/ab-in-den-urlaub.de/area/351/child1/1/depAirport/36/depDate/05.11.2012/dest/10010/duration/12/optBeach/1/optMeal/4/optSportOffer/-1/port/654/retDate/17.12.2012/hotelId/64669/topHotelSelected/1/start/1/ibecat/holidays/route/flattrip/formSelected/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\9NRQJO7J.txt [ Cookie:***@zanox.com/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\VJGRG7KM.txt [ Cookie:***@ad2.adfarm1.adition.com/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\ZC2GSZVW.txt [ Cookie:***@apmebf.com/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\CQN85AZS.txt [ Cookie:***@dyntracker.com/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\TD2LU5DM.txt [ Cookie:***@invitemedia.com/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\E5R38TVT.txt [ Cookie:***@specificclick.net/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\K1EA3FC9.txt [ Cookie:***@webmasterplan.com/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\MBGF95RB.txt [ Cookie:***@yadro.ru/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\8VJ65IAS.txt [ Cookie:***@s4.trafficmaxx.de/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\WIZWHU69.txt [ Cookie:***@www.zanox-affiliate.de/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\0X2SVIFF.txt [ Cookie:***@www.googleadservices.com/pagead/conversion/1071761416/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\M63MF696.txt [ Cookie:***@tns-counter.ru/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\1MWVKNLH.txt [ Cookie:***@partners.webmasterplan.com/art/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\SBI4NLQ8.txt [ Cookie:***@track.effiliation.com/servlet/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\JJDE60XG.txt [ Cookie:***@c.atdmt.com/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\VZZS8TJC.txt [ Cookie:***@ad4.adfarm1.adition.com/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\UUCP83PM.txt [ Cookie:***@doubleclick.net/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\D3QP5JS5.txt [ Cookie:***@ad1.adfarm1.adition.com/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\6BV97NPT.txt [ Cookie:***@zbox.zanox.com/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z03LA4VX.txt [ Cookie:***@quartermedia.de/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\7LNP9R93.txt [ Cookie:***@ad.zanox.com/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\LGGL9530.txt [ Cookie:***@www.googleadservices.com/pagead/conversion/1071467938/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\CWA03M81.txt [ Cookie:***@track.effiliation.com/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\3M2OR9OS.txt [ Cookie:***@adform.net/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\BO0GULVP.txt [ Cookie:***@revsci.net/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\PNDT2GAA.txt [ Cookie:***@adviva.net/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\1X1V77SM.txt [ Cookie:***@data.coremetrics.com/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\80FXBJUN.txt [ Cookie:***@tracking.mlsat02.de/tmobile/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\CNVC6N1U.txt [ Cookie:***@eas.apm.emediate.eu/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\UB3X4PGB.txt [ Cookie:***@track.webtrekk.de/390100023909110/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\YIIKHF8T.txt [ Cookie:***@ad3.adfarm1.adition.com/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\WE0BFBMC.txt [ Cookie:***@www.googleadservices.com/pagead/conversion/1066538120/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\GSXEN93T.txt [ Cookie:***@www.googleadservices.com/pagead/conversion/1068912638/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\I1UT7L2Q.txt [ Cookie:***@server.adform.net/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\072IR62J.txt [ Cookie:***@adtech.de/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\9NPT6SU8.txt [ Cookie:***@ad.dyntracker.de/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\Z3QSO458.txt [ Cookie:***@adxpose.com/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\CD0FNQ6D.txt [ Cookie:***@atdmt.com/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\LNO2WT5R.txt [ Cookie:***@track.adform.net/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\NNUJ1STZ.txt [ Cookie:***@lfstmedia.com/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\K9IFS0QO.txt [ Cookie:***@tradedoubler.com/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\MUU11A4O.txt [ Cookie:***@tracking.quisma.com/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\AD090IBS.txt [ Cookie:***@www.etracker.de/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\X7IJG6AT.txt [ Cookie:***@www.googleadservices.com/pagead/conversion/1061983326/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\GK1PKE4U.txt [ Cookie:***@zanox-affiliate.de/ ]

        C:\USERS\***\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y36AQ1P7.txt [ Cookie:***@bs.serving-sys.com/ ]

        C:\USERS\***\Cookies\0LJFM6YS.txt [ Cookie:***@media.gan-online.com/ ]

        C:\USERS\***\Cookies\HXA50VRH.txt [ Cookie:***@zanox.com/ ]

        C:\USERS\***\Cookies\D227QES8.txt [ Cookie:***@server.adformdsp.net/ ]

        C:\USERS\***\Cookies\8RX5B7WF.txt [ Cookie:***@traffictrack.de/ ]

        C:\USERS\***\Cookies\AV3WOR3A.txt [ Cookie:***@ru4.com/ ]

        C:\USERS\***\Cookies\PUQLUSU6.txt [ Cookie:***@ad2.adfarm1.adition.com/ ]

        C:\USERS\***\Cookies\KYTD2U63.txt [ Cookie:***@ad.adnet.de/ ]

        C:\USERS\***\Cookies\QY3UBTLP.txt [ Cookie:***@apmebf.com/ ]

        C:\USERS\***\Cookies\X6QF2Q0W.txt [ Cookie:***@ww251.smartadserver.com/ ]

        C:\USERS\***\Cookies\OSE4MQNI.txt [ Cookie:***@invitemedia.com/ ]

        C:\USERS\***\Cookies\64KQ8NCA.txt [ Cookie:***@specificclick.net/ ]

        C:\USERS\***\Cookies\OPENQDKC.txt [ Cookie:***@webmasterplan.com/ ]

        C:\USERS\***\Cookies\N3CMJXET.txt [ Cookie:***@yadro.ru/ ]

        C:\USERS\***\Cookies\62J6S3C9.txt [ Cookie:***@www.googleadservices.com/pagead/conversion/963141655/ ]

        C:\USERS\***\Cookies\C99A7VL3.txt [ Cookie:***@www.zanox-affiliate.de/ ]

        C:\USERS\***\Cookies\50B40IBG.txt [ Cookie:***@tns-counter.ru/ ]

        C:\USERS\***\Cookies\RGFPH1BY.txt [ Cookie:***@lucidmedia.com/ ]

        C:\USERS\***\Cookies\0F2NXKOU.txt [ Cookie:***@bs.serving-sys.com/ ]

        C:\USERS\***\Cookies\82JWIP2I.txt [ Cookie:***@cunda.122.2o7.net/ ]

        C:\USERS\***\Cookies\EXVF84C4.txt [ Cookie:***@ad4.adfarm1.adition.com/ ]

        C:\USERS\***\Cookies\C05B3GU1.txt [ Cookie:***@doubleclick.net/ ]

        C:\USERS\***\Cookies\9W6162QN.txt [ Cookie:***@ad1.adfarm1.adition.com/ ]

        C:\USERS\***\Cookies\EPYKGIV4.txt [ Cookie:***@zbox.zanox.com/ ]

        C:\USERS\***\Cookies\6CWH3ZVN.txt [ Cookie:***@quartermedia.de/ ]

        C:\USERS\***\Cookies\RAQ5QLEX.txt [ Cookie:***@unister-adservices.com/ ]

        C:\USERS\***\Cookies\2K61VRRK.txt [ Cookie:***@ad.zanox.com/ ]

        C:\USERS\***\Cookies\158UQ41D.txt [ Cookie:***@imrworldwide.com/cgi-bin ]

        C:\USERS\***\Cookies\714FG4ZQ.txt [ Cookie:***@www.usenext.de/ ]

        C:\USERS\***\Cookies\OSMA93JA.txt [ Cookie:***@www.ab-in-den-urlaub.de/ibe/offers/params/tt/adult/2/agent/ab-in-den-urlaub.de/area/351/child1/1/depAirport/36/depDate/05.11.2012/dest/10010/duration/12/optBeach/1/optMeal/4/optSportOffer/-1/port/654/retDate/17.12.2012/hotelId/64669/topHotelSelected/1/start/1/ibecat/holidays/route/flattrip/formSelected/ ]

        C:\USERS\***\Cookies\8V1O2FTE.txt [ Cookie:***@revsci.net/ ]

        C:\USERS\***\Cookies\I6VWDTIK.txt [ Cookie:***@adviva.net/ ]

        C:\USERS\***\Cookies\G6UWP1NL.txt [ Cookie:***@tracking.mlsat02.de/tmobile/ ]

        C:\USERS\***\Cookies\HEXIGR6C.txt [ Cookie:***@eas.apm.emediate.eu/ ]

        C:\USERS\***\Cookies\M6KIJ5ZZ.txt [ Cookie:***@clickfuse.com/ ]

        C:\USERS\***\Cookies\NAB9HN99.txt [ Cookie:***@ad3.adfarm1.adition.com/ ]

        C:\USERS\***\Cookies\UKBGCNAN.txt [ Cookie:***@adserver.adtechus.com/ ]

        C:\USERS\***\Cookies\JFQR93NO.txt [ Cookie:***@adtech.de/ ]

        C:\USERS\***\Cookies\4PW3E2NZ.txt [ Cookie:***@www.googleadservices.com/pagead/conversion/1052825908/ ]

        C:\USERS\***\Cookies\U0USKJVJ.txt [ Cookie:***@xiti.com/ ]

        C:\USERS\***\Cookies\USPEEH39.txt [ Cookie:***@ad.dyntracker.de/ ]

        C:\USERS\***\Cookies\L9VFDUZV.txt [ Cookie:***@adbrite.com/ ]

        C:\USERS\***\Cookies\NJS2793Z.txt [ Cookie:***@atdmt.com/ ]

        C:\USERS\***\Cookies\9TXUCYGY.txt [ Cookie:***@lfstmedia.com/ ]

        C:\USERS\***\Cookies\SCUR3LN7.txt [ Cookie:***@track.adform.net/ ]

        C:\USERS\***\Cookies\Q8NRXXPD.txt [ Cookie:***@tracking.quisma.com/ ]

        C:\USERS\***\Cookies\9ZC272N8.txt [ Cookie:***@tradedoubler.com/ ]

        C:\USERS\***\Cookies\IMG6U0PT.txt [ Cookie:***@www.etracker.de/ ]

        C:\USERS\***\Cookies\BXD5FMLP.txt [ Cookie:***@adformdsp.net/ ]

        C:\USERS\***\Cookies\H5CFB9FI.txt [ Cookie:***@zanox-affiliate.de/ ]

        C:\USERS\***\Cookies\ZJIFTU8V.txt [ Cookie:***@www.googleadservices.com/pagead/conversion/1035008933/ ]

        C:\USERS\***\Cookies\AU3Y2HWU.txt [ Cookie:***@adform.net/ ]

        C:\USERS\***\Cookies\PWMS9E21.txt [ Cookie:***@tribalfusion.com/ ]

        C:\USERS\***\Cookies\HI4VF42F.txt [ Cookie:***@www.googleadservices.com/pagead/conversion/1065091442/ ]

        ia.media-imdb.com [ C:\USERS\***\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\6B5W258R ]

        .tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K0393DC9.DEFAULT\COOKIES.SQLITE ]

        www.active-tracking.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K0393DC9.DEFAULT\COOKIES.SQLITE ]

        www.active-tracking.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K0393DC9.DEFAULT\COOKIES.SQLITE ]

        www.active-tracking.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K0393DC9.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K0393DC9.DEFAULT\COOKIES.SQLITE ]

        .tradedoubler.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K0393DC9.DEFAULT\COOKIES.SQLITE ]

        .traffictrack.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K0393DC9.DEFAULT\COOKIES.SQLITE ]

        .doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K0393DC9.DEFAULT\COOKIES.SQLITE ]

        ad.zanox.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K0393DC9.DEFAULT\COOKIES.SQLITE ]

        .tns-counter.ru [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K0393DC9.DEFAULT\COOKIES.SQLITE ]

        .yadro.ru [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K0393DC9.DEFAULT\COOKIES.SQLITE ]

        .cunda.122.2o7.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K0393DC9.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K0393DC9.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K0393DC9.DEFAULT\COOKIES.SQLITE ]

        ad.adserver01.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K0393DC9.DEFAULT\COOKIES.SQLITE ]

        ad.adserver01.de [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K0393DC9.DEFAULT\COOKIES.SQLITE ]

        .invitemedia.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K0393DC9.DEFAULT\COOKIES.SQLITE ]

        ad.yieldmanager.com [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K0393DC9.DEFAULT\COOKIES.SQLITE ]

        .doubleclick.net [ C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\K0393DC9.DEFAULT\COOKIES.SQLITE ]
 

Trojan.Agent/Gen-Malintent

        C:\PROGRAM FILES\WINRAR\DEFAULT.SFX

Code:

 
 

Malwarebytes Anti-Malware (Test) 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.06.10.01
 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 8.0.7601.17514

*** :: ***-PC [Administrator]
 

Schutz: Deaktiviert
 

10.06.2012 10:20:49

mbam-log-2012-06-10 (10-20-49).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 319287

Laufzeit: 1 Stunde(n), 19 Minute(n), 3 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)
 

Gruß, L.

Zitat:

Trojan.Agent/Gen-Malintent
C:\PROGRAM FILES\WINRAR\DEFAULT.SFX

Ist ein Fehlalarm!

Sieht ok aus, da wurden nur Cookies gefunden.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Vielen Dank für die professionelle Unterstützung! :daumenhoc

Hoffentlich nicht bis bald,
Gruß L.

Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.

Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.

Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.

Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update

PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:

Adobe - Andere Version des Adobe Flash Player installieren

Notfalls kann man auch von Chip.de runterladen => http://filepony.de/?q=Flash+Player

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.

Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.