Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Live Security Platinium Infektion (https://www.trojaner-board.de/118250-live-security-platinium-infektion.html)

Plex1234 30.06.2012 17:34
Live Security Platinium Infektion
 
Hallo,

habe mir wahrshceinlich durch eine veraltete Windowsversion den Driveby "Live Security Platinium" herunter geladen :(

Ich habe folgende Anleitung gefunden zum entfernen:
http://www.trojaner-board.de/116774-...entfernen.html

Bisher habe ich den Malwarbytes Scanner durchlaufen lassen im Abgesicherten Modus. Er hat 10 Objekte identifiziert! Im Anhang habe ich die LOG dieses Scanns.

Als 2. Schritt habe ich Malwarebytes nocheinmal laufen lassen. (nach Neustart) Die 2. Log befindet sich ebenfalls im Anhang.

FRAGE: Soll ich die anderen 2 Scanner auch mal laufen lassen? Ich bin (jetzt) im besitz einer kaspersky internet security lizenz. Soll ich kaspersky dann jetzt installieren oder vorher nochmal die anderen 2 auf http://www.trojaner-board.de/116774-...entfernen.html empfohlenen scanner laufen lassen?


Es scheint, als wäre ich erfolgreich gewesen. Aber in dieser Anleitung steht ich soll es dennoch nocheinmal von einem Profi, hier checken lassen.

(Bitte nicht wundern, ich habe noch ein altes Norton drauf, von dessen die Lizenz abgelaufen ist. Nun habe ich, wie oben erwähnt, kaspersky. Eigentlich wollte ich Morgen den alten norton runterschmkeißen und kaspersky drauf machen :(

Ich hoffe ich könnt mir schnell weiterhelfen.

Hier auch die beiden OTL-Logs:

OTL
Code:
OTL logfile created on: 30.06.2012 17:52:13 - Run 1
OTL by OldTimer - Version 3.2.53.0    Folder = C:\Users\USER\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 69,20% Memory free
6,20 Gb Paging File | 5,39 Gb Available in Paging File | 86,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 394,43 Gb Free Space | 88,49% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 10,40 Gb Free Space | 52,01% Space Free | Partition Type: FAT32
Drive I: | 7,54 Gb Total Space | 3,17 Gb Free Space | 42,05% Space Free | Partition Type: FAT32
 
Computer Name: USERS-COM | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\USER\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\dradio-Recorder\phonostarTimer.exe ()
PRC - C:\Programme\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe (Symantec Corporation)
PRC - C:\Programme\Ask.com\Updater\Updater.exe (Ask)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\dradio-Recorder\phonostarTimer.exe ()
MOD - C:\Programme\Common Files\LogiShrd\LVCOMSER\LVCSPS.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe (Symantec Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\Antimalware\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (LVSrvLauncher) -- C:\Programme\Common Files\LogiShrd\SrvLnch\SrvLnch.exe (Logitech Inc.)
SRV - (LVPrcSrv) -- C:\Programme\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Programme\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7Debug\mdm.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (ASPI32) --  File not found
DRV - (AmdLLD) -- system32\DRIVERS\AmdLLD.sys File not found
DRV - (ab4d8j7y) --  File not found
DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\VirusDefs\20120525.004\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\VirusDefs\20120525.004\NAVENG.SYS (Symantec Corporation)
DRV - (IDSVix86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\IPSDefs\20120524.001\IDSvix86.sys (Symantec Corporation)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (BHDrvx86) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\Definitions\BASHDefs\20120517.001\BHDrvx86.sys (Symantec Corporation)
DRV - (SYMTDIv) -- C:\Windows\System32\drivers\NIS\1307010.005\symtdiv.sys (Symantec Corporation)
DRV - (SymEFA) -- C:\Windows\System32\drivers\NIS\1307010.005\symefa.sys (Symantec Corporation)
DRV - (SymIRON) -- C:\Windows\System32\drivers\NIS\1307010.005\ironx86.sys (Symantec Corporation)
DRV - (SRTSP) -- C:\Windows\System32\drivers\NIS\1307010.005\srtsp.sys (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\Windows\System32\drivers\NIS\1307010.005\srtspx.sys (Symantec Corporation)
DRV - (SymDS) -- C:\Windows\System32\drivers\NIS\1307010.005\symds.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Programme\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Programme\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (ccSet_NIS) -- C:\Windows\System32\drivers\NIS\1307010.005\ccsetx86.sys (Symantec Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (MpNWMon) -- C:\Windows\System32\drivers\MpNWMon.sys (Microsoft Corporation)
DRV - (FTDIBUS) -- C:\Windows\System32\drivers\ftdibus.sys (FTDI Ltd.)
DRV - (FTSER2K) -- C:\Windows\System32\drivers\ftser2k.sys (FTDI Ltd.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek                                            )
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (AnyDVD) -- C:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - ({1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}) -- C:\Programme\CyberLink\PowerDVD10\NavFilter\000.fcl (CyberLink Corp.)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (AMD Technologies Inc.)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (amdide) -- C:\Windows\System32\drivers\amdide.sys (Advanced Micro Devices)
DRV - (LVMVDrv) -- C:\Windows\System32\drivers\LVMVdrv.sys (Logitech Inc.)
DRV - (LVcKap) -- C:\Windows\System32\drivers\Lvckap.sys (Logitech Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\Windows\System32\drivers\lv302af.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (AtiPcie) ATI PCI Express (3GIO) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - (ADM851X) -- C:\Windows\System32\drivers\ADM851X.SYS (ADMtek Incorporated)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://de.rd.yahoo.com/customize/ie/defaults/su/msgr9/*hxxp://de.search.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://de.search.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://de.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*hxxp://de.search.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801937
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 2
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\URLSearchHook: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No CLSID value found
IE - HKCU\..\URLSearchHook: {b106b661-3e1b-4015-af5c-195e909f35c6} - No CLSID value found
IE - HKCU\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKCU\..\SearchScopes\{771B12CD-DD23-40C7-8739-FF2FE1612C67}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=D78B62C4-871F-4EA3-AE18-5D730B44C6BF&apn_sauid=2BB3ADFD-40D7-40B2-B17C-D75CA0A582B9
IE - HKCU\..\SearchScopes\{99CBFDF3-803F-4FEC-ACD2-3D5262430917}: "URL" = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=DE&ver=18
IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2801937
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/mb68/?search={searchTerms}&loc=search_box&u=92260067943109388
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files\dradio-Recorder\npphonostarDetectNP.dll File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\IPSFFPlgn\ [2012.05.20 11:57:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.7.0.9\coFFPlgn\ [2012.06.30 11:13:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.30 11:54:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.29 13:18:02 | 000,000,000 | ---D | M]
 
[2010.12.31 16:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER\AppData\Roaming\mozilla\Extensions
[2010.12.31 16:35:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de
[2012.06.29 11:00:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\USER\AppData\Roaming\mozilla\Firefox\Profiles\lucle53z.default\extensions
[2011.01.26 21:36:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\USER\AppData\Roaming\mozilla\Firefox\Profiles\lucle53z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.04.05 10:29:49 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\USER\AppData\Roaming\mozilla\Firefox\Profiles\lucle53z.default\extensions\toolbar@ask.com
[2012.05.20 12:51:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.05.20 12:51:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\distribution\extensions
[2012.05.20 12:51:07 | 000,000,000 | ---D | M] (WEB.DE Toolbar) -- C:\Programme\Mozilla Firefox\distribution\extensions\toolbar@web.de
File not found (No name found) -- C:\PROGRAM FILES\HAUFE\IDESK\IDESKBROWSER\EXTENSIONS\{C24AECC7-7C95-507F-D71F-155CB86656DF}
[2012.06.30 11:54:55 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.05 10:18:55 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Programme\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Programme\Norton Internet Security\Engine\19.7.1.5\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Programme\Norton Internet Security\Engine\19.7.1.5\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [dradio-RecorderTimer] C:\Program Files\dradio-Recorder\phonostarTimer.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: telekom.de ([serviceportal] https in Trusted sites)
O15 - HKCU\..Trusted Domains: t-home.de ([www] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB4F9C9A-5761-45C7-82F4-E668C98E656C}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Desert Landscape.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0b163e5c-8b2e-11de-a046-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0b163e5c-8b2e-11de-a046-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe /AUTORUN
O33 - MountPoints2\{0b163e5c-8b2e-11de-a046-806e6f6e6963}\Shell\configure\command - "" = E:\setup.exe
O33 - MountPoints2\{0b163e5c-8b2e-11de-a046-806e6f6e6963}\Shell\install\command - "" = E:\setup.exe
O33 - MountPoints2\{19608520-7884-11df-9e7a-001d92b5c41f}\Shell - "" = AutoRun
O33 - MountPoints2\{19608520-7884-11df-9e7a-001d92b5c41f}\Shell\AutoRun\command - "" = M:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.30 17:51:36 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\USER\Desktop\OTL.exe
[2012.06.30 12:00:33 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\Malwarebytes
[2012.06.30 12:00:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.30 12:00:28 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.06.30 12:00:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.30 12:00:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.06.30 11:41:45 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
[2012.06.30 11:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\B7E85B2C0004202101238016570F1C8B
[2012.06.30 10:35:25 | 000,000,000 | ---D | C] -- C:\Users\USER\Desktop\geb
[2012.06.30 09:22:05 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.30 09:22:05 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.30 09:21:53 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.30 09:21:53 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.30 09:21:53 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.30 09:21:44 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.30 09:21:44 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
[2012.06.25 07:56:17 | 000,000,000 | ---D | C] -- C:\Users\USER\AppData\Local\Macromedia
[2012.06.11 19:29:02 | 000,000,000 | ---D | C] -- C:\Users\USER\Desktop\dealgigant wird bearbeitet
[2012.06.11 19:28:43 | 000,000,000 | ---D | C] -- C:\Users\USER\Desktop\dealgigant belege schon fertig
[2012.06.11 19:22:50 | 000,000,000 | ---D | C] -- C:\Users\USER\Desktop\gutschein quicker
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.30 17:55:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.30 17:50:45 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.30 17:50:45 | 000,003,840 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.30 17:50:42 | 000,396,800 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.06.30 17:50:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.30 17:50:27 | 3220,365,312 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.30 13:12:02 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\USER\Desktop\OTL.exe
[2012.06.30 13:06:02 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.06.30 11:58:25 | 000,001,356 | ---- | M] () -- C:\Users\USER\AppData\Local\d3d9caps.dat
[2012.06.30 11:42:47 | 000,624,320 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.06.30 11:42:47 | 000,591,614 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.06.30 11:42:47 | 000,125,020 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.06.30 11:42:47 | 000,102,644 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.06.25 07:55:32 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.06.25 07:55:32 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.06.04 20:40:40 | 000,456,592 | ---- | M] () -- C:\Users\USER\Desktop\dealgigant kassenbon bepanthen.pdf
[2012.06.04 15:58:38 | 000,150,793 | ---- | M] () -- C:\Users\USER\Desktop\2012_06rechnung_4736986966.pdf
[2012.06.03 00:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll
[2012.06.03 00:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll
[2012.06.03 00:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll
[2012.06.03 00:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll
[2012.06.03 00:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll
[2012.06.02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll
[2012.06.02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe
 
========== Files Created - No Company Name ==========
 
[2012.06.30 17:50:27 | 3220,365,312 | -HS- | C] () -- C:\hiberfil.sys
[2012.06.04 20:40:21 | 000,456,592 | ---- | C] () -- C:\Users\USER\Desktop\dealgigant kassenbon bepanthen.pdf
[2012.06.04 20:17:15 | 000,150,793 | ---- | C] () -- C:\Users\USER\Desktop\2012_06rechnung_4736986966.pdf
[2012.05.29 23:03:19 | 000,138,555 | ---- | C] () -- C:\Users\USER\Kessler, Marcel.V2011
[2012.01.16 10:19:21 | 000,055,167 | ---- | C] () -- C:\Windows\War3Unin.dat
[2012.01.10 22:38:52 | 000,002,048 | -HS- | C] () -- C:\Users\USER\AppData\Local\{e78aff6b-fbf4-a0d9-bf2c-8429f28cb4c7}\@
[2011.12.28 19:12:57 | 000,000,458 | ---- | C] () -- C:\Windows\wiso.ini
[2011.06.21 21:46:07 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.06.21 21:46:07 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.05.21 19:04:27 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011.05.14 00:12:21 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011.03.23 11:14:44 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.03.27 15:23:17 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.01.02 18:45:56 | 000,025,088 | ---- | C] () -- C:\Users\USER\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.12.22 00:14:21 | 000,000,760 | ---- | C] () -- C:\Users\USER\AppData\Roaming\setup_ldm.iss
[2009.09.11 23:29:49 | 000,015,428 | ---- | C] () -- C:\Users\USER\RefEdit.exd
[2009.08.17 15:38:20 | 000,052,878 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2009.08.17 15:38:20 | 000,052,878 | ---- | C] () -- C:\ProgramData\nvModes.001
[2009.08.17 14:49:12 | 000,001,356 | ---- | C] () -- C:\Users\USER\AppData\Local\d3d9caps.dat

< End of report >

EXTRA
Code:
OTL Extras logfile created on: 30.06.2012 17:52:13 - Run 1
OTL by OldTimer - Version 3.2.53.0    Folder = C:\Users\USER\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 69,20% Memory free
6,20 Gb Paging File | 5,39 Gb Available in Paging File | 86,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 445,76 Gb Total Space | 394,43 Gb Free Space | 88,49% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 10,40 Gb Free Space | 52,01% Space Free | Partition Type: FAT32
Drive I: | 7,54 Gb Total Space | 3,17 Gb Free Space | 42,05% Space Free | Partition Type: FAT32
 
Computer Name: USERS-COM | User Name: USER | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Value error.
https [open] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Saturn\Fotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Fotoservice] -- "C:\Program Files\Saturn\Fotoservice\Fotoservice.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-3768843071-2336861419-4020039175-1000]
"EnableNotificationsRef" = 3
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BC2BA5-FFF7-4A22-BEA9-343D01D3C5CC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{208F2D80-3A0E-471D-884A-9B5B1B649B2E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{300FCD30-64BE-452D-A837-30979E537B0D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{44AFFE16-94B5-4A46-AC92-5CE41C531B27}" = lport=2869 | protocol=6 | dir=in | app=system |
"{4C855B90-25D5-4575-B143-307B7800CDF8}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{6C6D811B-C1D3-4B37-B757-FE169DA4FAAC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{75200BE8-AD7A-4EC0-8C97-4BEAA27A584E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{818BDB41-BD57-47E4-AB13-D6A189A212E9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B5C803D4-E057-496D-9EF1-16B101B32EF3}" = lport=2869 | protocol=6 | dir=in | app=system |
"{DB1029C4-7171-4DF1-B703-0C7B4B341C9C}" = lport=10243 | protocol=6 | dir=in | app=system |
"{F5079094-4CE0-4C32-9EE5-EBB9EBA446B1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F8908131-CABB-4FB9-B3BE-229B308AC4EB}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0E244AA2-2EE8-4E80-92F7-03ED1E504D3C}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{1734203F-2673-4A5E-AE78-F8781C0D9EF1}" = dir=in | app=c:\program files\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{17845E04-AE1A-4998-A2B2-CA29CC60852B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2D993BE7-356F-4206-B6CF-8FB8D19704C2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3303D83E-2987-48D5-8676-E2480189D607}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3543DEF1-02F3-46E9-924A-F16840479AF7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3C619D06-D8BB-48C1-82A6-AA0E332F6FF6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3CED5210-A9E6-46F4-9791-85138C3D8917}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{416EE615-0F6C-4BDE-8D0B-48F5071ABD4D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{42637A13-7840-44F9-B608-87F421F8660A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{42750E12-3D7E-4F5A-80C6-D002DD890D0D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{44748262-0A5A-42C2-A035-2C9D1B03E143}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4BAC07E0-CBFD-4746-AFA7-1B3B4ADA52B4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{55BD43B2-5843-4240-A0CA-8EB408359DDE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5C612ADA-E5BC-4AD6-AFA0-7FBE2D56E941}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{609737DE-6E12-4360-B880-0A667E8DECD7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{694B5E86-D1FB-4D73-9997-45C646D461BD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6B63B5E1-4013-460E-BA68-A3AC85122A21}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{7082C863-BE15-446D-BF6C-60AC3C66D3AE}" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{724AF924-2B4F-4967-A385-F10D234BF9A3}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7B376456-4248-484C-B300-0EFC7D1CDC00}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{82903182-7242-4C1F-AFBE-F8112C664C1C}" = protocol=6 | dir=out | app=system |
"{87538758-5E18-4AC3-A1CF-EDA055AB625D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8772740D-B0E3-4023-ABA7-BF4249774228}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{8A49FC29-B7D4-41E6-8267-02083C42CAFF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{99C53CE9-5BF2-408D-8E31-D00D065184CE}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{A4E138BD-D3DE-4CC4-81A2-AA4CEBFEC977}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{ABC85571-F53E-472D-A812-5886B5FC11B2}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AD84D46B-F004-4A97-B222-61B43502A1DC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B1ACCF7D-8CA6-415D-88B7-63A607D4F71A}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe |
"{B389A223-C225-441C-A235-52C29E93EC86}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C0A23E75-13C0-40CA-95FB-265634A0F536}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C1158BC1-1FC3-404D-B4E5-2CD9B8B26D22}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe |
"{DE310B7D-0481-4C43-AA64-25889D415684}" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"{DF372377-E95B-490B-B052-64A712751B26}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EDA284C6-AA27-4E8D-925D-DC45E41FA1FE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EF90EE6D-2047-440B-B1E8-4867C087D1B7}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"TCP Query User{3A8BD8CB-D683-452E-9C50-B0E0E0258108}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=6 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
"TCP Query User{C998ABC9-25AF-463F-A4BB-856AB5AC4A24}C:\program files\dradio-recorder\phonostar.exe" = protocol=6 | dir=in | app=c:\program files\dradio-recorder\phonostar.exe |
"UDP Query User{478E38E3-D164-4517-BA87-371B35523507}C:\program files\dradio-recorder\phonostar.exe" = protocol=17 | dir=in | app=c:\program files\dradio-recorder\phonostar.exe |
"UDP Query User{C25F4DD1-1408-4F53-963A-135505718B72}C:\program files\yahoo!\messenger\yahoomessenger.exe" = protocol=17 | dir=in | app=c:\program files\yahoo!\messenger\yahoomessenger.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0138F525-6C8A-333F-A105-14AE030B9A54}" = Visual C++ 9.0 CRT (x86) WinSXS MSM
"{03ED6584-5A5A-4CA3-B61D-741618E510DF}" = Steuer 2008
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{05BFB060-4F22-4710-B0A2-2801A1B606C5}" = Microsoft Antimalware
"{09298F26-A95C-31E2-9D95-2C60F586F075}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{23CE4550-F67C-4114-88DF-FE923BC13E7F}" = Medion Media Center for Medion
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27F10580-E040-11DF-8C28-005056B12123}" = Haufe iDesk-Service
"{28E30152-32C5-4152-8C87-6C638E695CEC}" = Steuer Update 15.09
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34F0D55F-C386-4195-9A5B-961D3F6ACD46}" = InterVideo MediaOne Gallery
"{35725FBC-A136-4A46-9F29-091759D9BB93}" = MVision
"{364EC092-93CF-4DDC-9D7A-7278452028E0}" = Logitech QuickCam
"{3BEFC315-7F74-4F71-B704-2CAF4DC046BB}" = Steuer-Hilfesammlung 2010
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{410AB9BC-B057-4D39-9260-660EE1B4BED2}" = Steuer 2009
"{4785CED6-73B3-45FA-AFE6-EDEDFDE67842}" = Steuer 2011
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{5A065EA0-0EEC-4E94-A2A0-40812576C122}" = Ulead PhotoImpact 10
"{6181E138-C21C-471C-9238-F2F59C314C6C}" = Steuer 2008
"{67DABCB4-239C-4E02-805E-DEA0DDCB1926}" = Steuer Hilfesammlung
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F251952-43A3-1305-997C-5B285C76FCAD}" = ATI Catalyst Install Manager
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B08D262E-D902-11D5-9C28-0080C85A0C2D}" = ScanWizard 5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 275.33
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.3.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{C3542652-4C59-4A96-982A-06EBB3F47819}" = Steuer-Hilfesammlung 2009
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D271DAE0-8D68-4C97-8356-A126D48A1D8C}" = Ulead Photo Explorer 8.0 SE Basic
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile-Gerätecenter: Treiberupdate
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AFPL Ghostscript 8.54" = AFPL Ghostscript 8.54
"AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts
"CCleaner" = CCleaner
"dradio-Recorder_is1" = dradio-Recorder Version 3.02.6
"Fotoservice" = Fotoservice
"InstallShield_{1D33BCF7-B5B6-4148-B888-9CC2EC208556}" = Konz 2012
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Office14.SingleImage" = Microsoft Office Professional 2010
"PDF Blender" = PDF Blender
"QcDrv" = Logitech® Camera-Treiber
"VLC media player" = VLC media player 1.0.5
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Suche Schutzvorkehrung
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Ask Toolbar Updater
"Warcraft III" = Warcraft III: All Products
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.06.2012 03:20:00 | Computer Name = USERs-Com | Source = WinMgmt | ID = 10
Description =
 
Error - 30.06.2012 05:13:19 | Computer Name = USERs-Com | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 30.06.2012 05:13:54 | Computer Name = USERs-Com | Source = WinMgmt | ID = 10
Description =
 
Error - 30.06.2012 05:54:24 | Computer Name = USERs-Com | Source = EventSystem | ID = 4609
Description =
 
Error - 30.06.2012 05:55:10 | Computer Name = USERs-Com | Source = WinMgmt | ID = 10
Description =
 
Error - 30.06.2012 06:52:58 | Computer Name = USERs-Com | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 30.06.2012 07:08:08 | Computer Name = USERs-Com | Source = EventSystem | ID = 4609
Description =
 
Error - 30.06.2012 07:08:54 | Computer Name = USERs-Com | Source = WinMgmt | ID = 10
Description =
 
Error - 30.06.2012 11:50:53 | Computer Name = USERs-Com | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 30.06.2012 11:51:18 | Computer Name = USERs-Com | Source = WinMgmt | ID = 10
Description =
 
[ Media Center Events ]
Error - 18.12.2010 14:07:02 | Computer Name = USERs-Com | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.SqmFlushSession failed;
 Win32 GetLastError returned 0D  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 18.06.2011 16:50:17 | Computer Name = USERs-Com | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 23.06.2011 07:13:02 | Computer Name = USERs-Com | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
Error - 05.09.2011 15:30:45 | Computer Name = USERs-Com | Source = Media Center Guide | ID = 0
Description = Ereignisinformationen: ERROR: SqmApiWrapper.TimerRecord failed; Win32
 GetLastError returned 10000105  Prozess: DefaultDomain Objektname: Media Center Guide

 
[ System Events ]
Error - 30.06.2012 07:08:01 | Computer Name = USERs-Com | Source = DCOM | ID = 10005
Description =
 
Error - 30.06.2012 07:08:08 | Computer Name = USERs-Com | Source = DCOM | ID = 10005
Description =
 
Error - 30.06.2012 07:08:10 | Computer Name = USERs-Com | Source = DCOM | ID = 10005
Description =
 
Error - 30.06.2012 07:08:12 | Computer Name = USERs-Com | Source = DCOM | ID = 10005
Description =
 
Error - 30.06.2012 07:08:54 | Computer Name = USERs-Com | Source = Service Control Manager | ID = 7001
Description =
 
Error - 30.06.2012 07:08:54 | Computer Name = USERs-Com | Source = Service Control Manager | ID = 7023
Description =
 
Error - 30.06.2012 07:08:54 | Computer Name = USERs-Com | Source = Service Control Manager | ID = 7026
Description =
 
Error - 30.06.2012 11:50:40 | Computer Name = USERs-Com | Source = Microsoft Antimalware | ID = 5101
Description = Die Karenzzeit für %%860 ist abgelaufen. Der Schutz vor Viren, Spyware
 und anderer potenziell unerwünschter Software wurde deaktiviert.    Grund für den Ablauf:
 %%873    Ablaufdatum (UTC): ?30.?06.?2012 15:50:40    Fehlercode: 0x80092003    Fehlerbeschreibung:
 Beim Lesen oder Schreiben einer Datei ist ein Fehler aufgetreten.
 
Error - 30.06.2012 11:51:18 | Computer Name = USERs-Com | Source = Service Control Manager | ID = 7000
Description =
 
Error - 30.06.2012 11:51:18 | Computer Name = USERs-Com | Source = Service Control Manager | ID = 7023
Description =
 
 
< End of report >

markusg 30.06.2012 18:09
hi
für eine weitere analyse benötige ich mal folgendes.
c:\Users\name\AppData\LocalLow\Sun\Java\Deployment\cache
bei name eigenen namen einsetzen
bitte rechtsklick, mit winrar oder zip packen, hochladen und bescheid geben wenn fertig.
Trojaner-Board Upload Channel

Plex1234 01.07.2012 20:46
Habe den Ordner Hochgeladen

markusg 01.07.2012 21:28
danke
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Plex1234 01.07.2012 22:51
Hier die Combofix log

Code:
ComboFix 12-07-01.03 - USER 01.07.2012  23:38:54.1.4 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3070.1896 [GMT 2:00]
ausgeführt von:: c:\users\USER\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\%APPDATA%
c:\program files\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
c:\users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9B9D2415-05F5-4F51-952C-649F1D189CC6}.xps
c:\users\USER\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BF1DA1A1-8D7F-459C-8A43-51CA2CCD374A}.xps
c:\users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum
c:\users\USER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk
c:\windows\IsUn0407.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-01 bis 2012-07-01  ))))))))))))))))))))))))))))))
.
.
2012-07-01 21:46 . 2012-07-01 21:47        --------        d-----w-        c:\users\USER\AppData\Local\temp
2012-07-01 21:46 . 2012-07-01 21:46        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-07-01 21:46 . 2012-07-01 21:46        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-06-30 16:36 . 2012-06-30 16:36        --------        d-----w-        c:\program files\Common Files\Java
2012-06-30 16:30 . 2012-06-30 16:30        --------        d-----w-        c:\program files\Oracle
2012-06-30 16:30 . 2012-05-04 17:29        772504        ----a-w-        c:\windows\system32\npDeployJava1.dll
2012-06-30 10:00 . 2012-06-30 10:00        --------        d-----w-        c:\users\USER\AppData\Roaming\Malwarebytes
2012-06-30 10:00 . 2012-06-30 10:00        --------        d-----w-        c:\programdata\Malwarebytes
2012-06-30 10:00 . 2012-04-04 13:56        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-30 10:00 . 2012-06-30 10:00        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-06-30 09:08 . 2012-06-30 09:08        --------        d-----w-        c:\programdata\B7E85B2C0004202101238016570F1C8B
2012-06-30 07:30 . 2012-04-23 16:00        984064        ----a-w-        c:\windows\system32\crypt32.dll
2012-06-30 07:30 . 2012-04-23 16:00        98304        ----a-w-        c:\windows\system32\cryptnet.dll
2012-06-30 07:30 . 2012-04-23 16:00        133120        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-06-30 07:30 . 2012-05-01 14:03        180736        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-06-30 07:30 . 2012-05-15 19:51        2045440        ----a-w-        c:\windows\system32\win32k.sys
2012-06-30 07:22 . 2012-06-02 22:19        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-30 07:22 . 2012-06-02 22:19        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-30 07:22 . 2012-06-02 22:12        2422272        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-30 07:22 . 2012-06-02 22:19        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-30 07:21 . 2012-06-02 22:19        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-30 07:21 . 2012-06-02 22:19        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-30 07:21 . 2012-06-02 22:12        88576        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-30 07:21 . 2012-06-02 13:19        171904        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-30 07:21 . 2012-06-02 13:12        33792        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-29 19:31 . 2012-05-31 03:41        6762896        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{6D571A60-BB39-4877-A5A9-1D5192924A2C}\mpengine.dll
2012-06-25 05:56 . 2012-06-25 05:56        --------        d-----w-        c:\users\USER\AppData\Local\Macromedia
2012-06-08 18:30 . 2012-06-08 18:30        770384        ----a-w-        c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-08 18:30 . 2012-06-08 18:30        421200        ----a-w-        c:\program files\Mozilla Firefox\msvcp100.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-25 05:55 . 2012-05-14 18:01        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-06-25 05:55 . 2012-01-16 15:04        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 17:29 . 2010-12-28 17:48        687504        ----a-w-        c:\windows\system32\deployJava1.dll
2012-04-13 07:36 . 2012-05-01 17:15        6734704        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{20A0E49B-3678-4A30-8800-4AD5D10B412B}\mpengine.dll
2012-04-13 07:36 . 2011-09-06 18:29        6734704        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-04-03 08:16 . 2012-05-11 20:15        3602816        ----a-w-        c:\windows\system32\ntkrnlpa.exe
2012-04-03 08:16 . 2012-05-11 20:15        3550080        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-06-30 09:54 . 2011-04-01 07:49        85472        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 14:31        1514152        ----a-w-        c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"dradio-RecorderTimer"="c:\program files\dradio-Recorder\phonostarTimer.exe" [2012-04-03 41472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scanner Finder.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk
backup=c:\windows\pss\Scanner Finder.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37        843712        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-03-13 11:58        75048        ------w-        c:\program files\CyberLink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57        369200        ----a-w-        c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dradio-RecorderTimer]
2012-04-03 15:14        41472        ----a-w-        c:\program files\dradio-Recorder\phonostarTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexwareInfoService]
2010-09-15 09:11        339312        ----a-w-        c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-07-25 14:02        563984        ----a-w-        c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-07-25 14:06        2027792        ----a-w-        c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 08:17        5252408        ----a-w-        c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12        3872080        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 23:08        87336        ------w-        c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2009-02-23 13:05        111856        ----a-w-        c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28        1233920        ----a-w-        c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
2004-11-26 09:43        90112        ------w-        c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23        1008184        ----a-w-        c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 08:21        648072        ----a-w-        c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25        202240        ----a-w-        c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"LexwareInfoService"=c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3768843071-2336861419-4020039175-1000]
"EnableNotificationsRef"=dword:00000003
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S3 ADM851X;ADM851X USB To Fast Ethernet Adapter;c:\windows\system32\DRIVERS\ADM851X.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 05:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801937
mStart Page = hxxp://de.yahoo.com
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ie/defaults/su/msgr9/*hxxp://de.search.yahoo.com
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: t-home.de\www
Trusted Zone: telekom.de\serviceportal
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\lucle53z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.teleboerse.de/|hxxp://de.advfn.com/p.php?pid=staticchart&s=T^lsg&p=0&t=32&dm=0&vol=1|hxxp://portfolio.finanztreff.de/depot_portfolio.htn?u=18986&k=PtNJ4Hyd6On2O1ufyxPTVg|hxxp://www.dealgigant.de/
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - (no file)
URLSearchHooks-{b106b661-3e1b-4015-af5c-195e909f35c6} - (no file)
URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file)
WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file)
MSConfigStartUp-IncrediMail - c:\program files\IncrediMail\bin\IncMail.exe
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
MSConfigStartUp-Ulead AutoDetector - c:\program files\Ulead Systems\Ulead Photo Explorer 8.0 SE Basic\Monitor.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-01 23:47
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
Zeit der Fertigstellung: 2012-07-01  23:48:35
ComboFix-quarantined-files.txt  2012-07-01 21:48
.
Vor Suchlauf: 10 Verzeichnis(se), 423.961.796.608 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 424.201.703.424 Bytes frei
.
- - End Of File - - CE8F698AF63C4130C9F0751E79AA8E6C

markusg 02.07.2012 11:36
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten

Plex1234 08.07.2012 12:56
Sorry hat etwas länger gedauert, aber kann den PC nur am WE bearbeiten. Also so geht es weiter hier der TDS-Killer log bei übersprungenen funden:

Code:
13:54:04.0824 5896        TDSS rootkit removing tool 2.7.44.0 Jul  2 2012 20:01:08
13:54:05.0069 5896        ============================================================
13:54:05.0069 5896        Current date / time: 2012/07/08 13:54:05.0069
13:54:05.0069 5896        SystemInfo:
13:54:05.0069 5896       
13:54:05.0070 5896        OS Version: 6.0.6002 ServicePack: 2.0
13:54:05.0070 5896        Product type: Workstation
13:54:05.0070 5896        ComputerName: USERS-COM
13:54:05.0070 5896        UserName: USER
13:54:05.0070 5896        Windows directory: C:\Windows
13:54:05.0070 5896        System windows directory: C:\Windows
13:54:05.0070 5896        Processor architecture: Intel x86
13:54:05.0070 5896        Number of processors: 4
13:54:05.0071 5896        Page size: 0x1000
13:54:05.0071 5896        Boot type: Normal boot
13:54:05.0071 5896        ============================================================
13:54:06.0261 5896        Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
13:54:06.0309 5896        Drive \Device\Harddisk4\DR4 - Size: 0x1E3C00000 (7.56 Gb), SectorSize: 0x200, Cylinders: 0x3DA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:54:06.0310 5896        ============================================================
13:54:06.0310 5896        \Device\Harddisk0\DR0:
13:54:06.0362 5896        MBR partitions:
13:54:06.0362 5896        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x37B83000
13:54:06.0388 5896        \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x37B8383F, BlocksNum 0x2801402
13:54:06.0388 5896        \Device\Harddisk4\DR4:
13:54:06.0390 5896        MBR partitions:
13:54:06.0390 5896        \Device\Harddisk4\DR4\Partition0: MBR, Type 0xB, StartLBA 0x20, BlocksNum 0xF1DFE0
13:54:06.0390 5896        ============================================================
13:54:06.0465 5896        C: <-> \Device\Harddisk0\DR0\Partition0
13:54:06.0475 5896        D: <-> \Device\Harddisk0\DR0\Partition1
13:54:06.0476 5896        ============================================================
13:54:06.0476 5896        Initialize success
13:54:06.0476 5896        ============================================================
13:54:25.0667 5884        ============================================================
13:54:25.0667 5884        Scan started
13:54:25.0667 5884        Mode: Manual; SigCheck; TDLFS;
13:54:25.0667 5884        ============================================================
13:54:26.0342 5884        ACPI            (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
13:54:26.0548 5884        ACPI - ok
13:54:26.0600 5884        ADM851X        (e8b85009b41a010ee95fe3fc5c7808ad) C:\Windows\system32\DRIVERS\ADM851X.SYS
13:54:26.0643 5884        ADM851X - ok
13:54:26.0949 5884        AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
13:54:26.0969 5884        AdobeARMservice - ok
13:54:27.0127 5884        AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
13:54:27.0153 5884        AdobeFlashPlayerUpdateSvc - ok
13:54:27.0200 5884        adp94xx        (04f0fcac69c7c71a3ac4eb97fafc8303) C:\Windows\system32\drivers\adp94xx.sys
13:54:27.0249 5884        adp94xx - ok
13:54:27.0294 5884        adpahci        (60505e0041f7751bdbb80f88bf45c2ce) C:\Windows\system32\drivers\adpahci.sys
13:54:27.0335 5884        adpahci - ok
13:54:27.0361 5884        adpu160m        (8a42779b02aec986eab64ecfc98f8bd7) C:\Windows\system32\drivers\adpu160m.sys
13:54:27.0387 5884        adpu160m - ok
13:54:27.0456 5884        adpu320        (241c9e37f8ce45ef51c3de27515ca4e5) C:\Windows\system32\drivers\adpu320.sys
13:54:27.0482 5884        adpu320 - ok
13:54:27.0514 5884        AeLookupSvc    (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
13:54:27.0601 5884        AeLookupSvc - ok
13:54:27.0663 5884        AFD            (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
13:54:27.0722 5884        AFD - ok
13:54:27.0753 5884        agp440          (13f9e33747e6b41a3ff305c37db0d360) C:\Windows\system32\drivers\agp440.sys
13:54:27.0776 5884        agp440 - ok
13:54:27.0826 5884        ahcix86s        (8dc09f3b54ddcaeb52e0dcfa1d55b26a) C:\Windows\system32\DRIVERS\ahcix86s.sys
13:54:27.0871 5884        ahcix86s - ok
13:54:28.0133 5884        aic78xx        (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
13:54:28.0234 5884        aic78xx - ok
13:54:28.0285 5884        ALG            (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
13:54:28.0414 5884        ALG - ok
13:54:28.0437 5884        aliide          (9eaef5fc9b8e351afa7e78a6fae91f91) C:\Windows\system32\drivers\aliide.sys
13:54:28.0460 5884        aliide - ok
13:54:28.0491 5884        amdagp          (c47344bc706e5f0b9dce369516661578) C:\Windows\system32\drivers\amdagp.sys
13:54:28.0515 5884        amdagp - ok
13:54:28.0553 5884        amdide          (f12456ad77b1c32d8c5ca51927872850) C:\Windows\system32\DRIVERS\amdide.sys
13:54:28.0570 5884        amdide - ok
13:54:28.0588 5884        AmdK7          (18f29b49ad23ecee3d2a826c725c8d48) C:\Windows\system32\drivers\amdk7.sys
13:54:28.0645 5884        AmdK7 - ok
13:54:28.0669 5884        AmdK8          (93ae7f7dd54ab986a6f1a1b37be7442d) C:\Windows\system32\drivers\amdk8.sys
13:54:28.0740 5884        AmdK8 - ok
13:54:28.0753 5884        AmdLLD - ok
13:54:28.0835 5884        AnyDVD          (7e0323162c933dce87d2bbf11a255174) C:\Windows\system32\Drivers\AnyDVD.sys
13:54:28.0849 5884        AnyDVD - ok
13:54:28.0901 5884        Appinfo        (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
13:54:28.0952 5884        Appinfo - ok
13:54:29.0045 5884        arc            (5d2888182fb46632511acee92fdad522) C:\Windows\system32\drivers\arc.sys
13:54:29.0061 5884        arc - ok
13:54:29.0098 5884        arcsas          (5e2a321bd7c8b3624e41fdec3e244945) C:\Windows\system32\drivers\arcsas.sys
13:54:29.0123 5884        arcsas - ok
13:54:29.0136 5884        ASPI32 - ok
13:54:29.0161 5884        AsyncMac        (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
13:54:29.0217 5884        AsyncMac - ok
13:54:29.0267 5884        atapi          (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
13:54:29.0290 5884        atapi - ok
13:54:29.0302 5884        AtiPcie        (4aa1eb65481c392955939e735d27118b) C:\Windows\system32\DRIVERS\AtiPcie.sys
13:54:29.0345 5884        AtiPcie - ok
13:54:29.0398 5884        AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:54:29.0452 5884        AudioEndpointBuilder - ok
13:54:29.0460 5884        Audiosrv        (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
13:54:29.0498 5884        Audiosrv - ok
13:54:29.0513 5884        Beep            (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
13:54:29.0577 5884        Beep - ok
13:54:29.0632 5884        BFE            (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
13:54:29.0669 5884        BFE - ok
13:54:29.0770 5884        BITS            (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
13:54:29.0840 5884        BITS - ok
13:54:29.0861 5884        blbdrive        (d4df28447741fd3d953526e33a617397) C:\Windows\system32\drivers\blbdrive.sys
13:54:29.0887 5884        blbdrive - ok
13:54:29.0912 5884        bowser          (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
13:54:29.0942 5884        bowser - ok
13:54:29.0967 5884        BrFiltLo        (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
13:54:29.0999 5884        BrFiltLo - ok
13:54:30.0010 5884        BrFiltUp        (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
13:54:30.0053 5884        BrFiltUp - ok
13:54:30.0096 5884        Browser        (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
13:54:30.0150 5884        Browser - ok
13:54:30.0187 5884        Brserid        (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
13:54:30.0363 5884        Brserid - ok
13:54:30.0379 5884        BrSerWdm        (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
13:54:30.0462 5884        BrSerWdm - ok
13:54:30.0492 5884        BrUsbMdm        (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
13:54:30.0553 5884        BrUsbMdm - ok
13:54:30.0572 5884        BrUsbSer        (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
13:54:30.0632 5884        BrUsbSer - ok
13:54:30.0651 5884        BTHMODEM        (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
13:54:30.0709 5884        BTHMODEM - ok
13:54:30.0751 5884        BthServ        (a4c8377fa4a994e07075107dbe2e3dce) C:\Windows\System32\bthserv.dll
13:54:30.0784 5884        BthServ - ok
13:54:30.0850 5884        catchme - ok
13:54:30.0879 5884        cdfs            (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
13:54:30.0927 5884        cdfs - ok
13:54:30.0968 5884        cdrom          (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
13:54:31.0003 5884        cdrom - ok
13:54:31.0047 5884        CertPropSvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:54:31.0088 5884        CertPropSvc - ok
13:54:31.0162 5884        circlass        (e5d4133f37219dbcfe102bc61072589d) C:\Windows\system32\drivers\circlass.sys
13:54:31.0216 5884        circlass - ok
13:54:31.0439 5884        CLFS            (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
13:54:31.0481 5884        CLFS - ok
13:54:31.0631 5884        clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:54:31.0654 5884        clr_optimization_v2.0.50727_32 - ok
13:54:31.0741 5884        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:54:31.0763 5884        clr_optimization_v4.0.30319_32 - ok
13:54:31.0799 5884        cmdide          (0ca25e686a4928484e9fdabd168ab629) C:\Windows\system32\drivers\cmdide.sys
13:54:31.0821 5884        cmdide - ok
13:54:31.0841 5884        Compbatt        (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\drivers\compbatt.sys
13:54:31.0863 5884        Compbatt - ok
13:54:31.0868 5884        COMSysApp - ok
13:54:31.0887 5884        crcdisk        (741e9dff4f42d2d8477d0fc1dc0df871) C:\Windows\system32\drivers\crcdisk.sys
13:54:31.0910 5884        crcdisk - ok
13:54:31.0949 5884        Crusoe          (1f07becdca750766a96cda811ba86410) C:\Windows\system32\drivers\crusoe.sys
13:54:32.0003 5884        Crusoe - ok
13:54:32.0048 5884        CryptSvc        (75c6a297e364014840b48eccd7525e30) C:\Windows\system32\cryptsvc.dll
13:54:32.0112 5884        CryptSvc - ok
13:54:32.0298 5884        DcomLaunch      (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:54:32.0353 5884        DcomLaunch - ok
13:54:32.0384 5884        DfsC            (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
13:54:32.0436 5884        DfsC - ok
13:54:32.0674 5884        DFSR            (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
13:54:32.0834 5884        DFSR - ok
13:54:33.0164 5884        Dhcp            (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
13:54:33.0253 5884        Dhcp - ok
13:54:33.0306 5884        disk            (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
13:54:33.0334 5884        disk - ok
13:54:33.0380 5884        Dnscache        (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
13:54:33.0422 5884        Dnscache - ok
13:54:33.0456 5884        dot3svc        (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
13:54:33.0490 5884        dot3svc - ok
13:54:33.0545 5884        DPS            (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
13:54:33.0588 5884        DPS - ok
13:54:33.0624 5884        drmkaud        (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
13:54:33.0674 5884        drmkaud - ok
13:54:33.0873 5884        DXGKrnl        (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
13:54:33.0898 5884        DXGKrnl - ok
13:54:33.0935 5884        E1G60          (5425f74ac0c1dbd96a1e04f17d63f94c) C:\Windows\system32\DRIVERS\E1G60I32.sys
13:54:33.0971 5884        E1G60 - ok
13:54:33.0988 5884        EapHost        (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
13:54:34.0008 5884        EapHost - ok
13:54:34.0071 5884        Ecache          (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
13:54:34.0086 5884        Ecache - ok
13:54:34.0240 5884        ehRecvr        (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
13:54:34.0290 5884        ehRecvr - ok
13:54:34.0316 5884        ehSched        (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
13:54:34.0357 5884        ehSched - ok
13:54:34.0387 5884        ehstart        (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
13:54:34.0421 5884        ehstart - ok
13:54:34.0462 5884        ElbyCDIO        (309ac30471a0f1c3a89dee1c81230576) C:\Windows\system32\Drivers\ElbyCDIO.sys
13:54:34.0481 5884        ElbyCDIO - ok
13:54:34.0563 5884        elxstor        (23b62471681a124889978f6295b3f4c6) C:\Windows\system32\drivers\elxstor.sys
13:54:34.0599 5884        elxstor - ok
13:54:34.0777 5884        EMDMgmt        (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
13:54:34.0856 5884        EMDMgmt - ok
13:54:34.0883 5884        ErrDev          (3db974f3935483555d7148663f726c61) C:\Windows\system32\drivers\errdev.sys
13:54:34.0938 5884        ErrDev - ok
13:54:34.0979 5884        EventSystem    (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
13:54:35.0030 5884        EventSystem - ok
13:54:35.0082 5884        exfat          (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
13:54:35.0132 5884        exfat - ok
13:54:35.0202 5884        fastfat        (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
13:54:35.0254 5884        fastfat - ok
13:54:35.0275 5884        fdc            (afe1e8b9782a0dd7fb46bbd88e43f89a) C:\Windows\system32\DRIVERS\fdc.sys
13:54:35.0331 5884        fdc - ok
13:54:35.0380 5884        fdPHost        (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
13:54:35.0424 5884        fdPHost - ok
13:54:35.0442 5884        FDResPub        (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
13:54:35.0501 5884        FDResPub - ok
13:54:35.0512 5884        FileInfo        (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
13:54:35.0525 5884        FileInfo - ok
13:54:35.0548 5884        Filetrace      (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
13:54:35.0608 5884        Filetrace - ok
13:54:35.0636 5884        flpydisk        (85b7cf99d532820495d68d747fda9ebd) C:\Windows\system32\DRIVERS\flpydisk.sys
13:54:35.0676 5884        flpydisk - ok
13:54:35.0720 5884        FltMgr          (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
13:54:35.0748 5884        FltMgr - ok
13:54:35.0898 5884        FontCache      (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
13:54:35.0977 5884        FontCache - ok
13:54:36.0108 5884        FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
13:54:36.0129 5884        FontCache3.0.0.0 - ok
13:54:36.0181 5884        Fs_Rec          (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
13:54:36.0219 5884        Fs_Rec - ok
13:54:36.0268 5884        FTDIBUS        (aae37f0f2f613218dce17b42a18c38db) C:\Windows\system32\drivers\ftdibus.sys
13:54:36.0287 5884        FTDIBUS - ok
13:54:36.0341 5884        FTSER2K        (48bfd1ba45c9c9e7ab339e25abfba1d2) C:\Windows\system32\drivers\ftser2k.sys
13:54:36.0358 5884        FTSER2K - ok
13:54:36.0382 5884        gagp30kx        (34582a6e6573d54a07ece5fe24a126b5) C:\Windows\system32\drivers\gagp30kx.sys
13:54:36.0406 5884        gagp30kx - ok
13:54:36.0457 5884        gpsvc          (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
13:54:36.0539 5884        gpsvc - ok
13:54:36.0607 5884        HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
13:54:36.0720 5884        HdAudAddService - ok
13:54:36.0862 5884        HDAudBus        (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:54:36.0933 5884        HDAudBus - ok
13:54:36.0959 5884        HidBth          (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
13:54:37.0047 5884        HidBth - ok
13:54:37.0066 5884        HidIr          (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
13:54:37.0129 5884        HidIr - ok
13:54:37.0171 5884        hidserv        (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
13:54:37.0192 5884        hidserv - ok
13:54:37.0231 5884        HidUsb          (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
13:54:37.0272 5884        HidUsb - ok
13:54:37.0333 5884        hkmsvc          (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
13:54:37.0401 5884        hkmsvc - ok
13:54:37.0446 5884        HpCISSs        (16ee7b23a009e00d835cdb79574a91a6) C:\Windows\system32\drivers\hpcisss.sys
13:54:37.0469 5884        HpCISSs - ok
13:54:37.0523 5884        HTTP            (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
13:54:37.0594 5884        HTTP - ok
13:54:37.0629 5884        i2omp          (c6b032d69650985468160fc9937cf5b4) C:\Windows\system32\drivers\i2omp.sys
13:54:37.0652 5884        i2omp - ok
13:54:37.0684 5884        i8042prt        (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
13:54:37.0727 5884        i8042prt - ok
13:54:37.0751 5884        iaStorV        (54155ea1b0df185878e0fc9ec3ac3a14) C:\Windows\system32\drivers\iastorv.sys
13:54:37.0787 5884        iaStorV - ok
13:54:38.0008 5884        IDriverT        (6f95324909b502e2651442c1548ab12f) C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
13:54:38.0025 5884        IDriverT ( UnsignedFile.Multi.Generic ) - warning
13:54:38.0025 5884        IDriverT - detected UnsignedFile.Multi.Generic (1)
13:54:38.0158 5884        idsvc          (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
13:54:38.0222 5884        idsvc - ok
13:54:38.0241 5884        iirsp          (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
13:54:38.0262 5884        iirsp - ok
13:54:38.0449 5884        IKEEXT          (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
13:54:38.0500 5884        IKEEXT - ok
13:54:38.0758 5884        IntcAzAudAddService (b29e79c67f3779e70ba187e31b639ebc) C:\Windows\system32\drivers\RTKVHDA.sys
13:54:38.0857 5884        IntcAzAudAddService - ok
13:54:39.0048 5884        intelide        (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
13:54:39.0073 5884        intelide - ok
13:54:39.0110 5884        intelppm        (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
13:54:39.0165 5884        intelppm - ok
13:54:39.0192 5884        IPBusEnum      (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
13:54:39.0251 5884        IPBusEnum - ok
13:54:39.0289 5884        IpFilterDriver  (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:54:39.0347 5884        IpFilterDriver - ok
13:54:39.0427 5884        iphlpsvc        (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
13:54:39.0473 5884        iphlpsvc - ok
13:54:39.0480 5884        IpInIp - ok
13:54:39.0518 5884        IPMIDRV        (b25aaf203552b7b3491139d582b39ad1) C:\Windows\system32\drivers\ipmidrv.sys
13:54:39.0564 5884        IPMIDRV - ok
13:54:39.0665 5884        IPNAT          (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
13:54:39.0716 5884        IPNAT - ok
13:54:39.0737 5884        IRENUM          (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
13:54:39.0781 5884        IRENUM - ok
13:54:39.0800 5884        isapnp          (6c70698a3e5c4376c6ab5c7c17fb0614) C:\Windows\system32\drivers\isapnp.sys
13:54:39.0823 5884        isapnp - ok
13:54:39.0874 5884        iScsiPrt        (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
13:54:39.0902 5884        iScsiPrt - ok
13:54:39.0924 5884        iteatapi        (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
13:54:39.0946 5884        iteatapi - ok
13:54:39.0978 5884        iteraid        (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
13:54:40.0000 5884        iteraid - ok
13:54:40.0047 5884        Iviaspi        (94a8c9436c36cd9657cfed0043066b9c) C:\Windows\system32\drivers\iviaspi.sys
13:54:40.0055 5884        Iviaspi ( UnsignedFile.Multi.Generic ) - warning
13:54:40.0056 5884        Iviaspi - detected UnsignedFile.Multi.Generic (1)
13:54:40.0074 5884        kbdclass        (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
13:54:40.0086 5884        kbdclass - ok
13:54:40.0127 5884        kbdhid          (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
13:54:40.0154 5884        kbdhid - ok
13:54:40.0190 5884        KeyIso          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:54:40.0241 5884        KeyIso - ok
13:54:40.0292 5884        KSecDD          (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
13:54:40.0327 5884        KSecDD - ok
13:54:40.0382 5884        KtmRm          (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
13:54:40.0472 5884        KtmRm - ok
13:54:40.0506 5884        LanmanServer    (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
13:54:40.0552 5884        LanmanServer - ok
13:54:40.0596 5884        LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
13:54:40.0645 5884        LanmanWorkstation - ok
13:54:40.0679 5884        lltdio          (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
13:54:40.0719 5884        lltdio - ok
13:54:40.0816 5884        lltdsvc        (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
13:54:40.0871 5884        lltdsvc - ok
13:54:40.0898 5884        lmhosts        (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
13:54:40.0977 5884        lmhosts - ok
13:54:41.0025 5884        LSI_FC          (c7e15e82879bf3235b559563d4185365) C:\Windows\system32\drivers\lsi_fc.sys
13:54:41.0039 5884        LSI_FC - ok
13:54:41.0063 5884        LSI_SAS        (ee01ebae8c9bf0fa072e0ff68718920a) C:\Windows\system32\drivers\lsi_sas.sys
13:54:41.0077 5884        LSI_SAS - ok
13:54:41.0095 5884        LSI_SCSI        (912a04696e9ca30146a62afa1463dd5c) C:\Windows\system32\drivers\lsi_scsi.sys
13:54:41.0109 5884        LSI_SCSI - ok
13:54:41.0146 5884        luafv          (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
13:54:41.0200 5884        luafv - ok
13:54:41.0458 5884        LVcKap          (fb548ff809634bfa866312b37d8a18ae) C:\Windows\system32\DRIVERS\LVcKap.sys
13:54:41.0547 5884        LVcKap - ok
13:54:41.0696 5884        LVCOMSer        (14e4cc4d46169759d874f57604ea6be5) C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
13:54:41.0718 5884        LVCOMSer - ok
13:54:42.0127 5884        LVMVDrv        (fe3fb994f8702d9e37648927819b74b8) C:\Windows\system32\DRIVERS\LVMVDrv.sys
13:54:42.0219 5884        LVMVDrv - ok
13:54:42.0568 5884        LVPr2Mon        (c7ea51f1ab10b0b2b443f4d5589fc1a5) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
13:54:42.0585 5884        LVPr2Mon - ok
13:54:42.0713 5884        LVPrcSrv        (b2d04e813ba12ab179daf0b9fdecba3d) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
13:54:42.0734 5884        LVPrcSrv - ok
13:54:42.0759 5884        LVSrvLauncher  (a7a2ef5000007ca361da1e2b99df8c57) C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
13:54:42.0781 5884        LVSrvLauncher - ok
13:54:42.0818 5884        LVUSBSta        (caef4c05ba2c1acad4ebcaa4261cd55d) C:\Windows\system32\drivers\LVUSBSta.sys
13:54:42.0835 5884        LVUSBSta - ok
13:54:42.0863 5884        MBAMProtector  (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys
13:54:42.0884 5884        MBAMProtector - ok
13:54:43.0094 5884        MBAMService    (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
13:54:43.0162 5884        MBAMService - ok
13:54:43.0187 5884        Mcx2Svc        (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
13:54:43.0212 5884        Mcx2Svc - ok
13:54:43.0278 5884        MDM            (352d5c438a675fa9721e8cf6e02b92b1) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
13:54:43.0308 5884        MDM ( UnsignedFile.Multi.Generic ) - warning
13:54:43.0308 5884        MDM - detected UnsignedFile.Multi.Generic (1)
13:54:43.0348 5884        megasas        (0001ce609d66632fa17b84705f658879) C:\Windows\system32\drivers\megasas.sys
13:54:43.0371 5884        megasas - ok
13:54:43.0423 5884        MegaSR          (c252f32cd9a49dbfc25ecf26ebd51a99) C:\Windows\system32\drivers\megasr.sys
13:54:43.0473 5884        MegaSR - ok
13:54:43.0489 5884        MMCSS          (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:54:43.0551 5884        MMCSS - ok
13:54:43.0575 5884        Modem          (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
13:54:43.0616 5884        Modem - ok
13:54:43.0634 5884        monitor        (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
13:54:43.0676 5884        monitor - ok
13:54:43.0712 5884        mouclass        (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
13:54:43.0725 5884        mouclass - ok
13:54:43.0732 5884        mouhid          (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
13:54:43.0760 5884        mouhid - ok
13:54:43.0894 5884        MountMgr        (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
13:54:43.0920 5884        MountMgr - ok
13:54:43.0985 5884        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
13:54:44.0009 5884        MozillaMaintenance - ok
13:54:44.0066 5884        MpFilter        (fee0baded54222e9f1dae9541212aab1) C:\Windows\system32\DRIVERS\MpFilter.sys
13:54:44.0095 5884        MpFilter - ok
13:54:44.0119 5884        mpio            (511d011289755dd9f9a7579fb0b064e6) C:\Windows\system32\drivers\mpio.sys
13:54:44.0145 5884        mpio - ok
13:54:44.0163 5884        MpNWMon        (2c3489660d4a8d514c123c3f0d67df46) C:\Windows\system32\DRIVERS\MpNWMon.sys
13:54:44.0183 5884        MpNWMon - ok
13:54:44.0197 5884        mpsdrv          (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
13:54:44.0247 5884        mpsdrv - ok
13:54:44.0372 5884        MpsSvc          (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
13:54:44.0434 5884        MpsSvc - ok
13:54:44.0460 5884        Mraid35x        (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
13:54:44.0481 5884        Mraid35x - ok
13:54:44.0509 5884        MRxDAV          (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
13:54:44.0531 5884        MRxDAV - ok
13:54:44.0552 5884        mrxsmb          (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:54:44.0581 5884        mrxsmb - ok
13:54:44.0610 5884        mrxsmb10        (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:54:44.0655 5884        mrxsmb10 - ok
13:54:44.0680 5884        mrxsmb20        (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:54:44.0700 5884        mrxsmb20 - ok
13:54:44.0722 5884        msahci          (28023e86f17001f7cd9b15a5bc9ae07d) C:\Windows\system32\drivers\msahci.sys
13:54:44.0734 5884        msahci - ok
13:54:44.0767 5884        msdsm          (4468b0f385a86ecddaf8d3ca662ec0e7) C:\Windows\system32\drivers\msdsm.sys
13:54:44.0782 5884        msdsm - ok
13:54:44.0834 5884        MSDTC          (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
13:54:44.0879 5884        MSDTC - ok
13:54:44.0892 5884        Msfs            (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
13:54:44.0919 5884        Msfs - ok
13:54:44.0941 5884        msisadrv        (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
13:54:44.0954 5884        msisadrv - ok
13:54:44.0973 5884        MSiSCSI        (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
13:54:45.0010 5884        MSiSCSI - ok
13:54:45.0014 5884        msiserver - ok
13:54:45.0034 5884        MSKSSRV        (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
13:54:45.0072 5884        MSKSSRV - ok
13:54:45.0258 5884        MsMpSvc        (cfce43b70ca0cc4dcc8adb62b792b173) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
13:54:45.0280 5884        MsMpSvc - ok
13:54:45.0310 5884        MSPCLOCK        (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
13:54:45.0354 5884        MSPCLOCK - ok
13:54:45.0411 5884        MSPQM          (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
13:54:45.0462 5884        MSPQM - ok
13:54:45.0702 5884        MsRPC          (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
13:54:45.0738 5884        MsRPC - ok
13:54:45.0759 5884        mssmbios        (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
13:54:45.0781 5884        mssmbios - ok
13:54:45.0803 5884        MSTEE          (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
13:54:45.0846 5884        MSTEE - ok
13:54:45.0870 5884        Mup            (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
13:54:45.0893 5884        Mup - ok
13:54:45.0943 5884        napagent        (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
13:54:45.0999 5884        napagent - ok
13:54:46.0034 5884        NativeWifiP    (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
13:54:46.0060 5884        NativeWifiP - ok
13:54:46.0114 5884        NDIS            (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
13:54:46.0157 5884        NDIS - ok
13:54:46.0208 5884        NdisTapi        (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
13:54:46.0258 5884        NdisTapi - ok
13:54:46.0269 5884        Ndisuio        (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
13:54:46.0314 5884        Ndisuio - ok
13:54:46.0352 5884        NdisWan        (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
13:54:46.0379 5884        NdisWan - ok
13:54:46.0491 5884        NDProxy        (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
13:54:46.0512 5884        NDProxy - ok
13:54:46.0536 5884        NetBIOS        (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
13:54:46.0586 5884        NetBIOS - ok
13:54:47.0028 5884        netbt          (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
13:54:47.0088 5884        netbt - ok
13:54:47.0117 5884        Netlogon        (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:54:47.0139 5884        Netlogon - ok
13:54:47.0399 5884        Netman          (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
13:54:47.0465 5884        Netman - ok
13:54:47.0508 5884        netprofm        (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
13:54:47.0574 5884        netprofm - ok
13:54:47.0788 5884        netr28u        (df938648626332e830a9bd153110aa75) C:\Windows\system32\DRIVERS\netr28u.sys
13:54:47.0871 5884        netr28u - ok
13:54:47.0975 5884        NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:54:47.0989 5884        NetTcpPortSharing - ok
13:54:48.0039 5884        nfrd960        (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
13:54:48.0057 5884        nfrd960 - ok
13:54:48.0103 5884        NisDrv          (7b01c6172cfd0b10116175e09200d4b4) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:54:48.0123 5884        NisDrv - ok
13:54:48.0438 5884        NisSrv          (a5cb074f34bbd89948e34a630d459c0c) c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
13:54:48.0469 5884        NisSrv - ok
13:54:48.0667 5884        NlaSvc          (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
13:54:48.0714 5884        NlaSvc - ok
13:54:48.0739 5884        Npfs            (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
13:54:48.0771 5884        Npfs - ok
13:54:48.0779 5884        nsi            (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
13:54:48.0808 5884        nsi - ok
13:54:48.0881 5884        nsiproxy        (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
13:54:48.0943 5884        nsiproxy - ok
13:54:49.0125 5884        Ntfs            (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
13:54:49.0183 5884        Ntfs - ok
13:54:49.0211 5884        ntrigdigi      (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
13:54:49.0278 5884        ntrigdigi - ok
13:54:49.0290 5884        Null            (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
13:54:49.0328 5884        Null - ok
13:54:52.0515 5884        nvlddmkm        (847b1755f7757f825305a1ffe6dac3e9) C:\Windows\system32\DRIVERS\nvlddmkm.sys
13:54:53.0122 5884        nvlddmkm - ok
13:54:53.0587 5884        nvraid          (2edf9e7751554b42cbb60116de727101) C:\Windows\system32\drivers\nvraid.sys
13:54:53.0615 5884        nvraid - ok
13:54:53.0645 5884        nvstor          (abed0c09758d1d97db0042dbb2688177) C:\Windows\system32\drivers\nvstor.sys
13:54:53.0669 5884        nvstor - ok
13:54:53.0774 5884        nvsvc          (7c732aff202dcd06c3d262966d71604c) C:\Windows\system32\nvvsvc.exe
13:54:53.0797 5884        nvsvc - ok
13:54:54.0150 5884        nvUpdatusService (262d2fbf211a88dcb84249df0f6ef6e7) C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
13:54:54.0257 5884        nvUpdatusService - ok
13:54:54.0635 5884        nv_agp          (18bbdf913916b71bd54575bdb6eeac0b) C:\Windows\system32\drivers\nv_agp.sys
13:54:54.0663 5884        nv_agp - ok
13:54:54.0669 5884        NwlnkFlt - ok
13:54:54.0678 5884        NwlnkFwd - ok
13:54:54.0710 5884        ohci1394        (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
13:54:54.0755 5884        ohci1394 - ok
13:54:54.0866 5884        ose            (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:54:54.0879 5884        ose - ok
13:54:55.0313 5884        osppsvc        (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
13:54:55.0517 5884        osppsvc - ok
13:54:55.0801 5884        p2pimsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:54:55.0885 5884        p2pimsvc - ok
13:54:55.0897 5884        p2psvc          (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:54:55.0936 5884        p2psvc - ok
13:54:56.0043 5884        Parport        (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
13:54:56.0138 5884        Parport - ok
13:54:56.0162 5884        partmgr        (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
13:54:56.0175 5884        partmgr - ok
13:54:56.0192 5884        Parvdm          (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
13:54:56.0259 5884        Parvdm - ok
13:54:56.0298 5884        PcaSvc          (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
13:54:56.0340 5884        PcaSvc - ok
13:54:56.0367 5884        pci            (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
13:54:56.0382 5884        pci - ok
13:54:56.0415 5884        pciide          (fc175f5ddab666d7f4d17449a547626f) C:\Windows\system32\drivers\pciide.sys
13:54:56.0427 5884        pciide - ok
13:54:56.0458 5884        pcmcia          (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
13:54:56.0475 5884        pcmcia - ok
13:54:56.0557 5884        PEAUTH          (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
13:54:56.0631 5884        PEAUTH - ok
13:54:56.0660 5884        pepifilter      (c5d5ea6a29523e0f6016741e9851c6db) C:\Windows\system32\DRIVERS\lv302af.sys
13:54:56.0670 5884        pepifilter - ok
13:54:56.0901 5884        PID_PEPI        (3f96dcd4ac98c8e0d3c03c24fd49a2fe) C:\Windows\system32\DRIVERS\LV302V32.SYS
13:54:56.0982 5884        PID_PEPI - ok
13:54:57.0142 5884        pla            (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
13:54:57.0245 5884        pla - ok
13:54:57.0414 5884        PlugPlay        (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
13:54:57.0478 5884        PlugPlay - ok
13:54:57.0548 5884        PNRPAutoReg    (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:54:57.0588 5884        PNRPAutoReg - ok
13:54:57.0597 5884        PNRPsvc        (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
13:54:57.0621 5884        PNRPsvc - ok
13:54:57.0735 5884        PolicyAgent    (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
13:54:57.0793 5884        PolicyAgent - ok
13:54:57.0847 5884        PptpMiniport    (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
13:54:57.0897 5884        PptpMiniport - ok
13:54:57.0962 5884        Processor      (2027293619dd0f047c584cf2e7df4ffd) C:\Windows\system32\DRIVERS\processr.sys
13:54:58.0017 5884        Processor - ok
13:54:58.0050 5884        ProfSvc        (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
13:54:58.0089 5884        ProfSvc - ok
13:54:58.0186 5884        ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:54:58.0208 5884        ProtectedStorage - ok
13:54:58.0383 5884        ql2300          (0a6db55afb7820c99aa1f3a1d270f4f6) C:\Windows\system32\drivers\ql2300.sys
13:54:58.0473 5884        ql2300 - ok
13:54:58.0562 5884        ql40xx          (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
13:54:58.0587 5884        ql40xx - ok
13:54:58.0704 5884        QWAVE          (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
13:54:58.0785 5884        QWAVE - ok
13:54:58.0895 5884        QWAVEdrv        (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
13:54:58.0938 5884        QWAVEdrv - ok
13:54:59.0147 5884        RapiMgr        (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
13:54:59.0160 5884        RapiMgr - ok
13:54:59.0199 5884        RasAcd          (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
13:54:59.0249 5884        RasAcd - ok
13:54:59.0277 5884        RasAuto        (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
13:54:59.0341 5884        RasAuto - ok
13:54:59.0375 5884        Rasl2tp        (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:54:59.0406 5884        Rasl2tp - ok
13:54:59.0442 5884        RasMan          (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
13:54:59.0477 5884        RasMan - ok
13:54:59.0506 5884        RasPppoe        (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
13:54:59.0526 5884        RasPppoe - ok
13:54:59.0541 5884        RasSstp        (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
13:54:59.0555 5884        RasSstp - ok
13:54:59.0601 5884        rdbss          (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
13:54:59.0656 5884        rdbss - ok
13:54:59.0698 5884        RDPCDD          (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:54:59.0739 5884        RDPCDD - ok
13:54:59.0778 5884        rdpdr          (fbc0bacd9c3d7f6956853f64a66e252d) C:\Windows\system32\drivers\rdpdr.sys
13:54:59.0828 5884        rdpdr - ok
13:54:59.0833 5884        RDPENCDD        (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
13:54:59.0877 5884        RDPENCDD - ok
13:54:59.0909 5884        RDPWD          (c127ebd5afab31524662c48dfceb773a) C:\Windows\system32\drivers\RDPWD.sys
13:54:59.0960 5884        RDPWD - ok
13:55:00.0003 5884        RemoteAccess    (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
13:55:00.0051 5884        RemoteAccess - ok
13:55:00.0122 5884        RemoteRegistry  (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
13:55:00.0144 5884        RemoteRegistry - ok
13:55:00.0183 5884        RpcLocator      (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
13:55:00.0218 5884        RpcLocator - ok
13:55:00.0278 5884        RpcSs          (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
13:55:00.0311 5884        RpcSs - ok
13:55:00.0322 5884        rspndr          (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
13:55:00.0360 5884        rspndr - ok
13:55:00.0414 5884        RTL8169        (2d19a7469ea19993d0c12e627f4530bc) C:\Windows\system32\DRIVERS\Rtlh86.sys
13:55:00.0437 5884        RTL8169 - ok
13:55:00.0451 5884        SamSs          (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
13:55:00.0467 5884        SamSs - ok
13:55:00.0592 5884        sbp2port        (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
13:55:00.0615 5884        sbp2port - ok
13:55:00.0699 5884        SCardSvr        (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
13:55:00.0771 5884        SCardSvr - ok
13:55:00.0930 5884        Schedule        (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
13:55:01.0043 5884        Schedule - ok
13:55:01.0098 5884        SCPolicySvc    (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
13:55:01.0132 5884        SCPolicySvc - ok
13:55:01.0271 5884        SDRSVC          (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
13:55:01.0313 5884        SDRSVC - ok
13:55:01.0326 5884        secdrv          (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
13:55:01.0383 5884        secdrv - ok
13:55:01.0404 5884        seclogon        (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
13:55:01.0431 5884        seclogon - ok
13:55:01.0443 5884        SENS            (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
13:55:01.0485 5884        SENS - ok
13:55:01.0519 5884        Serenum        (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
13:55:01.0549 5884        Serenum - ok
13:55:01.0565 5884        Serial          (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
13:55:01.0596 5884        Serial - ok
13:55:01.0681 5884        sermouse        (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
13:55:01.0742 5884        sermouse - ok
13:55:01.0771 5884        SessionEnv      (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
13:55:01.0821 5884        SessionEnv - ok
13:55:01.0864 5884        sffdisk        (3efa810bdca87f6ecc24f9832243fe86) C:\Windows\system32\drivers\sffdisk.sys
13:55:01.0903 5884        sffdisk - ok
13:55:01.0916 5884        sffp_mmc        (e95d451f7ea3e583aec75f3b3ee42dc5) C:\Windows\system32\drivers\sffp_mmc.sys
13:55:01.0961 5884        sffp_mmc - ok
13:55:01.0967 5884        sffp_sd        (3d0ea348784b7ac9ea9bd9f317980979) C:\Windows\system32\drivers\sffp_sd.sys
13:55:02.0011 5884        sffp_sd - ok
13:55:02.0031 5884        sfloppy        (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
13:55:02.0116 5884        sfloppy - ok
13:55:02.0451 5884        SharedAccess    (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
13:55:02.0512 5884        SharedAccess - ok
13:55:02.0652 5884        ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
13:55:02.0708 5884        ShellHWDetection - ok
13:55:02.0732 5884        sisagp          (1d76624a09a054f682d746b924e2dbc3) C:\Windows\system32\drivers\sisagp.sys
13:55:02.0756 5884        sisagp - ok
13:55:02.0776 5884        SiSRaid2        (43cb7aa756c7db280d01da9b676cfde2) C:\Windows\system32\drivers\sisraid2.sys
13:55:02.0799 5884        SiSRaid2 - ok
13:55:02.0835 5884        SiSRaid4        (a99c6c8b0baa970d8aa59ddc50b57f94) C:\Windows\system32\drivers\sisraid4.sys
13:55:02.0860 5884        SiSRaid4 - ok
13:55:03.0389 5884        slsvc          (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
13:55:03.0590 5884        slsvc - ok
13:55:03.0811 5884        SLUINotify      (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
13:55:03.0849 5884        SLUINotify - ok
13:55:03.0935 5884        Smb            (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
13:55:03.0976 5884        Smb - ok
13:55:04.0026 5884        SNMPTRAP        (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
13:55:04.0049 5884        SNMPTRAP - ok
13:55:04.0086 5884        spldr          (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
13:55:04.0110 5884        spldr - ok
13:55:04.0171 5884        Spooler        (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
13:55:04.0218 5884        Spooler - ok
13:55:04.0285 5884        sptd            (cdddec541bc3c96f91ecb48759673505) C:\Windows\system32\Drivers\sptd.sys
13:55:04.0286 5884        Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: cdddec541bc3c96f91ecb48759673505
13:55:04.0289 5884        sptd ( LockedFile.Multi.Generic ) - warning
13:55:04.0290 5884        sptd - detected LockedFile.Multi.Generic (1)
13:55:04.0384 5884        srv            (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
13:55:04.0432 5884        srv - ok
13:55:04.0491 5884        srv2            (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
13:55:04.0537 5884        srv2 - ok
13:55:04.0558 5884        srvnet          (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
13:55:04.0594 5884        srvnet - ok
13:55:04.0666 5884        SSDPSRV        (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
13:55:04.0717 5884        SSDPSRV - ok
13:55:04.0751 5884        SstpSvc        (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
13:55:04.0781 5884        SstpSvc - ok
13:55:04.0854 5884        stisvc          (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
13:55:04.0942 5884        stisvc - ok
13:55:04.0980 5884        swenum          (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
13:55:05.0005 5884        swenum - ok
13:55:05.0057 5884        swprv          (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
13:55:05.0127 5884        swprv - ok
13:55:05.0187 5884        Symc8xx        (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
13:55:05.0208 5884        Symc8xx - ok
13:55:05.0241 5884        Sym_hi          (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
13:55:05.0263 5884        Sym_hi - ok
13:55:05.0316 5884        Sym_u3          (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
13:55:05.0340 5884        Sym_u3 - ok
13:55:05.0446 5884        SysMain        (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
13:55:05.0514 5884        SysMain - ok
13:55:05.0564 5884        TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
13:55:05.0585 5884        TabletInputService - ok
13:55:05.0655 5884        TapiSrv        (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
13:55:05.0687 5884        TapiSrv - ok
13:55:05.0699 5884        TBS            (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
13:55:05.0739 5884        TBS - ok
13:55:05.0841 5884        Tcpip          (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\drivers\tcpip.sys
13:55:05.0901 5884        Tcpip - ok
13:55:05.0919 5884        Tcpip6          (ee7e10bed85c312c1d5d30c435bdda9f) C:\Windows\system32\DRIVERS\tcpip.sys
13:55:05.0971 5884        Tcpip6 - ok
13:55:05.0989 5884        tcpipreg        (2c2d4cff5e09c73908f9b5af49a51365) C:\Windows\system32\drivers\tcpipreg.sys
13:55:06.0015 5884        tcpipreg - ok
13:55:06.0034 5884        TDPIPE          (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
13:55:06.0071 5884        TDPIPE - ok
13:55:06.0085 5884        TDTCP          (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
13:55:06.0139 5884        TDTCP - ok
13:55:06.0196 5884        tdx            (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
13:55:06.0233 5884        tdx - ok
13:55:06.0277 5884        TermDD          (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
13:55:06.0294 5884        TermDD - ok
13:55:06.0341 5884        TermService    (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
13:55:06.0372 5884        TermService - ok
13:55:06.0408 5884        Themes          (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
13:55:06.0426 5884        Themes - ok
13:55:06.0460 5884        THREADORDER    (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
13:55:06.0499 5884        THREADORDER - ok
13:55:06.0554 5884        TrkWks          (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
13:55:06.0595 5884        TrkWks - ok
13:55:06.0658 5884        TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
13:55:06.0682 5884        TrustedInstaller - ok
13:55:06.0745 5884        tssecsrv        (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:55:06.0786 5884        tssecsrv - ok
13:55:06.0843 5884        tunmp          (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
13:55:06.0869 5884        tunmp - ok
13:55:06.0912 5884        tunnel          (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
13:55:06.0945 5884        tunnel - ok
13:55:06.0968 5884        uagp35          (7d33c4db2ce363c8518d2dfcf533941f) C:\Windows\system32\drivers\uagp35.sys
13:55:06.0993 5884        uagp35 - ok
13:55:07.0025 5884        udfs            (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
13:55:07.0082 5884        udfs - ok
13:55:07.0144 5884        UI0Detect      (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
13:55:07.0210 5884        UI0Detect - ok
13:55:07.0324 5884        UleadBurningHelper (332d341d92b933600d41953b08360dfb) C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
13:55:07.0332 5884        UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
13:55:07.0333 5884        UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
13:55:07.0378 5884        uliagpkx        (b0acfdc9e4af279e9116c03e014b2b27) C:\Windows\system32\drivers\uliagpkx.sys
13:55:07.0399 5884        uliagpkx - ok
13:55:07.0426 5884        uliahci        (9224bb254f591de4ca8d572a5f0d635c) C:\Windows\system32\drivers\uliahci.sys
13:55:07.0455 5884        uliahci - ok
13:55:07.0492 5884        UlSata          (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
13:55:07.0505 5884        UlSata - ok
13:55:07.0524 5884        ulsata2        (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
13:55:07.0539 5884        ulsata2 - ok
13:55:07.0560 5884        umbus          (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
13:55:07.0586 5884        umbus - ok
13:55:07.0623 5884        upnphost        (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
13:55:07.0658 5884        upnphost - ok
13:55:07.0776 5884        usbaudio        (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
13:55:07.0814 5884        usbaudio - ok
13:55:07.0842 5884        usbccgp        (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
13:55:07.0875 5884        usbccgp - ok
13:55:07.0896 5884        usbcir          (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
13:55:07.0945 5884        usbcir - ok
13:55:07.0969 5884        usbehci        (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
13:55:08.0001 5884        usbehci - ok
13:55:08.0042 5884        usbhub          (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
13:55:08.0081 5884        usbhub - ok
13:55:08.0098 5884        usbohci        (ce697fee0d479290d89bec80dfe793b7) C:\Windows\system32\DRIVERS\usbohci.sys
13:55:08.0125 5884        usbohci - ok
13:55:08.0138 5884        usbprint        (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
13:55:08.0177 5884        usbprint - ok
13:55:08.0203 5884        usbscan        (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
13:55:08.0251 5884        usbscan - ok
13:55:08.0489 5884        USBSTOR        (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:55:08.0578 5884        USBSTOR - ok
13:55:08.0627 5884        usbuhci        (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
13:55:08.0671 5884        usbuhci - ok
13:55:08.0702 5884        UxSms          (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
13:55:08.0752 5884        UxSms - ok
13:55:08.0823 5884        vds            (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
13:55:08.0871 5884        vds - ok
13:55:08.0897 5884        vga            (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
13:55:08.0953 5884        vga - ok
13:55:08.0969 5884        VgaSave        (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
13:55:09.0000 5884        VgaSave - ok
13:55:09.0017 5884        viaagp          (5d7159def58a800d5781ba3a879627bc) C:\Windows\system32\drivers\viaagp.sys
13:55:09.0030 5884        viaagp - ok
13:55:09.0048 5884        ViaC7          (c4f3a691b5bad343e6249bd8c2d45dee) C:\Windows\system32\drivers\viac7.sys
13:55:09.0073 5884        ViaC7 - ok
13:55:09.0097 5884        viaide          (aadf5587a4063f52c2c3fed7887426fc) C:\Windows\system32\drivers\viaide.sys
13:55:09.0109 5884        viaide - ok
13:55:09.0120 5884        volmgr          (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
13:55:09.0133 5884        volmgr - ok
13:55:09.0169 5884        volmgrx        (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
13:55:09.0195 5884        volmgrx - ok
13:55:09.0269 5884        volsnap        (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
13:55:09.0299 5884        volsnap - ok
13:55:09.0333 5884        vsmraid        (587253e09325e6bf226b299774b728a9) C:\Windows\system32\drivers\vsmraid.sys
13:55:09.0351 5884        vsmraid - ok
13:55:09.0463 5884        VSS            (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
13:55:09.0578 5884        VSS - ok
13:55:09.0718 5884        W32Time        (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
13:55:09.0763 5884        W32Time - ok
13:55:09.0865 5884        WacomPen        (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
13:55:09.0954 5884        WacomPen - ok
13:55:09.0967 5884        Wanarp          (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:55:10.0001 5884        Wanarp - ok
13:55:10.0007 5884        Wanarpv6        (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
13:55:10.0042 5884        Wanarpv6 - ok
13:55:10.0133 5884        WcesComm        (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
13:55:10.0168 5884        WcesComm - ok
13:55:10.0208 5884        wcncsvc        (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
13:55:10.0238 5884        wcncsvc - ok
13:55:10.0269 5884        WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
13:55:10.0306 5884        WcsPlugInService - ok
13:55:10.0323 5884        Wd              (78fe9542363f297b18c027b2d7e7c07f) C:\Windows\system32\drivers\wd.sys
13:55:10.0337 5884        Wd - ok
13:55:10.0372 5884        Wdf01000        (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
13:55:10.0411 5884        Wdf01000 - ok
13:55:10.0428 5884        WdiServiceHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:55:10.0466 5884        WdiServiceHost - ok
13:55:10.0471 5884        WdiSystemHost  (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
13:55:10.0498 5884        WdiSystemHost - ok
13:55:10.0686 5884        WebClient      (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
13:55:10.0737 5884        WebClient - ok
13:55:10.0786 5884        Wecsvc          (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
13:55:10.0836 5884        Wecsvc - ok
13:55:10.0851 5884        wercplsupport  (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
13:55:10.0905 5884        wercplsupport - ok
13:55:10.0946 5884        WerSvc          (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
13:55:10.0986 5884        WerSvc - ok
13:55:11.0078 5884        WinDefend      (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
13:55:11.0108 5884        WinDefend - ok
13:55:11.0116 5884        WinHttpAutoProxySvc - ok
13:55:11.0190 5884        Winmgmt        (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
13:55:11.0228 5884        Winmgmt - ok
13:55:11.0357 5884        WinRM          (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
13:55:11.0465 5884        WinRM - ok
13:55:11.0555 5884        winusb          (676f4b665bdd8053eaa53ac1695b8074) C:\Windows\system32\DRIVERS\winusb.sys
13:55:11.0590 5884        winusb - ok
13:55:11.0668 5884        Wlansvc        (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
13:55:11.0747 5884        Wlansvc - ok
13:55:11.0768 5884        WmiAcpi        (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\drivers\wmiacpi.sys
13:55:11.0801 5884        WmiAcpi - ok
13:55:11.0845 5884        wmiApSrv        (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
13:55:11.0877 5884        wmiApSrv - ok
13:55:12.0286 5884        WMPNetworkSvc  (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
13:55:12.0353 5884        WMPNetworkSvc - ok
13:55:12.0394 5884        WPCSvc          (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
13:55:12.0463 5884        WPCSvc - ok
13:55:12.0520 5884        WPDBusEnum      (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
13:55:12.0557 5884        WPDBusEnum - ok
13:55:12.0619 5884        WpdUsb          (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
13:55:12.0651 5884        WpdUsb - ok
13:55:12.0913 5884        WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
13:55:12.0990 5884        WPFFontCache_v0400 - ok
13:55:13.0045 5884        ws2ifsl        (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
13:55:13.0117 5884        ws2ifsl - ok
13:55:13.0154 5884        wscsvc          (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
13:55:13.0182 5884        wscsvc - ok
13:55:13.0189 5884        WSearch - ok
13:55:13.0557 5884        wuauserv        (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
13:55:13.0671 5884        wuauserv - ok
13:55:13.0864 5884        WUDFRd          (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:55:13.0938 5884        WUDFRd - ok
13:55:14.0049 5884        wudfsvc        (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
13:55:14.0142 5884        wudfsvc - ok
13:55:14.0262 5884        {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl
13:55:14.0278 5884        {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC} - ok
13:55:14.0308 5884        MBR (0x1B8)    (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
13:55:15.0857 5884        \Device\Harddisk0\DR0 - ok
13:55:15.0864 5884        MBR (0x1B8)    (8f558eb6672622401da993e1e865c861) \Device\Harddisk4\DR4
13:55:19.0607 5884        \Device\Harddisk4\DR4 - ok
13:55:19.0625 5884        Boot (0x1200)  (4e5f708e6b4728c35bd4d0648bd42a88) \Device\Harddisk0\DR0\Partition0
13:55:19.0627 5884        \Device\Harddisk0\DR0\Partition0 - ok
13:55:19.0650 5884        Boot (0x1200)  (b7b853fee4e5f7e85b0e2afc1f779e0d) \Device\Harddisk0\DR0\Partition1
13:55:19.0651 5884        \Device\Harddisk0\DR0\Partition1 - ok
13:55:19.0659 5884        Boot (0x1200)  (b28f1ef549ccba906f2669a8a30b3018) \Device\Harddisk4\DR4\Partition0
13:55:19.0661 5884        \Device\Harddisk4\DR4\Partition0 - ok
13:55:19.0662 5884        ============================================================
13:55:19.0662 5884        Scan finished
13:55:19.0662 5884        ============================================================
13:55:19.0682 5924        Detected object count: 5
13:55:19.0682 5924        Actual detected object count: 5
13:55:33.0877 5924        IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
13:55:33.0877 5924        IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:55:33.0881 5924        Iviaspi ( UnsignedFile.Multi.Generic ) - skipped by user
13:55:33.0881 5924        Iviaspi ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:55:33.0885 5924        MDM ( UnsignedFile.Multi.Generic ) - skipped by user
13:55:33.0885 5924        MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
13:55:33.0889 5924        sptd ( LockedFile.Multi.Generic ) - skipped by user
13:55:33.0889 5924        sptd ( LockedFile.Multi.Generic ) - User select action: Skip
13:55:33.0892 5924        UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
13:55:33.0892 5924        UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip

markusg 09.07.2012 17:33
hi
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Plex1234 14.07.2012 09:12
Hier der 2. Combofix log

Code:
ComboFix 12-07-13.03 - USER 14.07.2012  9:03.2.4 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3070.1824 [GMT 2:00]
ausgeführt von:: c:\users\USER\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-14 bis 2012-07-14  ))))))))))))))))))))))))))))))
.
.
2012-07-14 07:10 . 2012-07-14 07:10        --------        d-----w-        c:\users\USER\AppData\Local\temp
2012-07-14 07:10 . 2012-07-14 07:10        --------        d-----w-        c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-07-14 07:10 . 2012-07-14 07:10        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-07-14 07:10 . 2012-07-14 07:10        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-07-14 07:00 . 2012-07-14 07:00        711240        ----a-w-        c:\windows\is-ML7LC.exe
2012-07-12 06:19 . 2012-05-31 03:41        6762896        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{F14EDDA5-6C1D-48DD-A3A4-6D0C03593393}\mpengine.dll
2012-07-12 06:15 . 2012-06-13 13:40        2047488        ----a-w-        c:\windows\system32\win32k.sys
2012-07-11 06:22 . 2012-06-05 16:47        708608        ----a-w-        c:\program files\Common Files\System\ado\msado15.dll
2012-07-11 06:22 . 2012-06-05 16:47        1401856        ----a-w-        c:\windows\system32\msxml6.dll
2012-07-11 06:22 . 2012-06-05 16:47        1248768        ----a-w-        c:\windows\system32\msxml3.dll
2012-07-11 06:22 . 2012-06-04 15:26        440704        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2012-07-11 06:22 . 2012-06-02 00:04        278528        ----a-w-        c:\windows\system32\schannel.dll
2012-07-11 06:22 . 2012-06-02 00:03        204288        ----a-w-        c:\windows\system32\ncrypt.dll
2012-06-30 16:36 . 2012-06-30 16:36        --------        d-----w-        c:\program files\Common Files\Java
2012-06-30 16:30 . 2012-06-30 16:30        --------        d-----w-        c:\program files\Oracle
2012-06-30 16:30 . 2012-05-04 17:29        772504        ----a-w-        c:\windows\system32\npDeployJava1.dll
2012-06-30 10:00 . 2012-06-30 10:00        --------        d-----w-        c:\users\USER\AppData\Roaming\Malwarebytes
2012-06-30 10:00 . 2012-07-03 11:46        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-06-30 10:00 . 2012-06-30 10:00        --------        d-----w-        c:\programdata\Malwarebytes
2012-06-30 10:00 . 2012-07-14 07:00        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-06-30 09:08 . 2012-06-30 09:08        --------        d-----w-        c:\programdata\B7E85B2C0004202101238016570F1C8B
2012-06-30 07:30 . 2012-04-23 16:00        984064        ----a-w-        c:\windows\system32\crypt32.dll
2012-06-30 07:30 . 2012-04-23 16:00        98304        ----a-w-        c:\windows\system32\cryptnet.dll
2012-06-30 07:30 . 2012-04-23 16:00        133120        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-06-30 07:30 . 2012-05-01 14:03        180736        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-06-30 07:22 . 2012-06-02 22:19        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-30 07:22 . 2012-06-02 22:19        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-30 07:22 . 2012-06-02 22:12        2422272        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-30 07:22 . 2012-06-02 22:19        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-30 07:21 . 2012-06-02 22:19        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-30 07:21 . 2012-06-02 22:19        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-30 07:21 . 2012-06-02 22:12        88576        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-30 07:21 . 2012-06-02 13:19        171904        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-30 07:21 . 2012-06-02 13:12        33792        ----a-w-        c:\windows\system32\wuapp.exe
2012-06-25 05:56 . 2012-06-25 05:56        --------        d-----w-        c:\users\USER\AppData\Local\Macromedia
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 06:55 . 2012-05-14 18:01        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-07-12 06:55 . 2012-01-16 15:04        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-04 17:29 . 2010-12-28 17:48        687504        ----a-w-        c:\windows\system32\deployJava1.dll
2012-06-30 09:54 . 2011-04-01 07:49        85472        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-01-03 14:31        1514152        ----a-w-        c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"dradio-RecorderTimer"="c:\program files\dradio-Recorder\phonostarTimer.exe" [2012-04-03 41472]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-05 7703072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-01-03 1391272]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"InnoSetupRegFile.0000000001"="c:\windows\is-ML7LC.exe" [2012-07-14 711240]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Scanner Finder.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk
backup=c:\windows\pss\Scanner Finder.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 07:37        843712        ----a-w-        c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2010-03-13 11:58        75048        ------w-        c:\program files\CyberLink\Shared files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-10-30 11:57        369200        ----a-w-        c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dradio-RecorderTimer]
2012-04-03 15:14        41472        ----a-w-        c:\program files\dradio-Recorder\phonostarTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LexwareInfoService]
2010-09-15 09:11        339312        ----a-w-        c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2007-07-25 14:02        563984        ----a-w-        c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2007-07-25 14:06        2027792        ----a-w-        c:\program files\Logitech\QuickCam\Quickcam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2010-06-01 08:17        5252408        ----a-w-        c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 20:12        3872080        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10]
2010-02-02 23:08        87336        ------w-        c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Search Protection]
2009-02-23 13:05        111856        ----a-w-        c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2009-04-11 06:28        1233920        ----a-w-        c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
2004-11-26 09:43        90112        ------w-        c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23        1008184        ----a-w-        c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Mobile Device Center]
2007-05-31 08:21        648072        ----a-w-        c:\windows\WindowsMobile\wmdc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25        202240        ----a-w-        c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"LexwareInfoService"=c:\program files\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3768843071-2336861419-4020039175-1000]
"EnableNotificationsRef"=dword:00000003
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S3 ADM851X;ADM851X USB To Fast Ethernet Adapter;c:\windows\system32\DRIVERS\ADM851X.SYS [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile        REG_MULTI_SZ          wcescomm rapimgr
LocalServiceRestricted        REG_MULTI_SZ          WcesComm RapiMgr
bthsvcs        REG_MULTI_SZ          BthServ
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-14 06:55]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2801937
mStart Page = hxxp://de.yahoo.com
uSearchURL,(Default) = hxxp://de.rd.yahoo.com/customize/ie/defaults/su/msgr9/*hxxp://de.search.yahoo.com
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: t-home.de\www
Trusted Zone: telekom.de\serviceportal
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\USER\AppData\Roaming\Mozilla\Firefox\Profiles\lucle53z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.teleboerse.de/|hxxp://de.advfn.com/p.php?pid=staticchart&s=T^lsg&p=0&t=32&dm=0&vol=1|hxxp://portfolio.finanztreff.de/depot_portfolio.htn?u=18986&k=PtNJ4Hyd6On2O1ufyxPTVg|hxxp://www.dealgigant.de/
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2012-07-14 09:10
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
Zeit der Fertigstellung: 2012-07-14  09:12:18
ComboFix-quarantined-files.txt  2012-07-14 07:12
.
Vor Suchlauf: 12 Verzeichnis(se), 423.950.872.576 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 423.917.297.664 Bytes frei
.
- - End Of File - - 94F27950EAFA78A6F0FED1D1E1D600ED

markusg 14.07.2012 15:21
hi
lade den CCleaner standard:
CCleaner Download - CCleaner 3.20.1750
falls der CCleaner
bereits instaliert, überspringen.
instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.

Plex1234 14.07.2012 18:58
hier der install log:

Code:
Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        12.07.2012                11.3.300.265                                unbekannt
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        14.07.2012                11.3.300.265                                unbekannt
Adobe Reader X (10.1.3) - Deutsch        Adobe Systems Incorporated        29.04.2012        118MB        10.1.3                                notwendig
AFPL Ghostscript 8.54                07.02.2012        28,4MB                                                                                unbekannt
AFPL Ghostscript Fonts                07.02.2012        4,81MB                                                                                unbekannt
Ask Toolbar        Ask.com        05.04.2012        4,64MB        1.14.1.0                                                                        unnötig
Ask Toolbar Updater        Ask.com        05.04.2012        1,36MB        1.2.0.20007                                                                unnötig
ATI Catalyst Install Manager        ATI Technologies, Inc.        17.08.2009        13,8MB        3.0.664.0                                        unbekannt
CCleaner        Piriform        22.06.2012        4,20MB        3.20                                                                        notwendig (für log datei)
CyberLink PowerDVD 10        CyberLink Corp.        26.03.2010        210MB        10.0.1516                                                        notwendig
dradio-Recorder Version 3.02.6                01.06.2012        38,0MB                                                                        notwendig
Fotoservice                26.05.2010        167MB                                                                                        notwendig
Google Chrome        Google Inc.        14.07.2012        189MB        20.0.1132.57                                                                unnötig
Haufe iDesk-Browser        Haufe-Lexware GmbH & Co. KG        27.12.2010        26,4MB        10.10.14.0000                                        notwendig
Haufe iDesk-Service        Haufe        27.12.2010        136MB        10.10.25.7810                                                                notwendig
InterVideo MediaOne Gallery                19.05.2010        119MB                                                                        notwendig
Java(TM) 7 Update 5        Oracle        30.06.2012        99,3MB        7.0.50                                                                        unbekannt
JavaFX 2.1.1        Oracle Corporation        30.06.2012        20,8MB        2.1.1                                                                unbekannt
Konz 2012        USM        27.12.2011        11,3MB        1.00.0000                                                                        notwendig
Lexware Info Service        Haufe-Lexware GmbH & Co.KG        27.12.2010        12,4MB        2.70.00.0081                                        notwendig
Logitech QuickCam        Logitech Inc.        18.10.2009        33,9MB        11.10.2030                                                        notwendig
Logitech® Camera-Treiber                18.10.2009        31,6MB                q                                                        notwendig
Malwarebytes Anti-Malware Version 1.62.0.1300        Malwarebytes Corporation        14.07.2012        11,6MB        1.62.0.1300                notwendig (???)
Medion Media Center for Medion        Medion        19.05.2010                1.0.0.0                                                                notwendig
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        21.05.2011        36,9MB                                notwendig
Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        17.08.2009        27,8MB                                                unbekannt
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        18.06.2011        120MB        4.0.30319                        unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        18.06.2011        24,5MB        4.0.30319        unbekannt
Microsoft Office Professional 2010        Microsoft Corporation        12.12.2011        824MB        14.0.6029.1000                                notwendig
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        05.09.2011        294KB        8.0.61001                        unbekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        21.05.2011        199KB        9.0.30729.4148        unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        26.05.2010        1,36MB        9.0.21022                unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        27.12.2011        222KB        9.0.30729.4148                unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        19.06.2011        594KB        9.0.30729.6161                unbekannt
Mozilla Firefox 13.0.1 (x86 de)        Mozilla        30.06.2012        39,5MB        13.0.1                                                                notwendig
Mozilla Maintenance Service        Mozilla        30.06.2012        204KB        13.0.1                                                                unbekannt
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        25.02.2010        35,0KB        4.20.9870.0                                        unbekannt
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        25.02.2010        1,33MB        4.20.9876.0                                        unbekannt
NVIDIA Display Control Panel        NVIDIA Corporation        02.02.2010        19,6MB        6.14.11.9621                                        notwendig
NVIDIA Grafiktreiber 275.33        NVIDIA Corporation        05.09.2011        187MB        275.33                                                notwendig
NVIDIA PhysX        NVIDIA Corporation        17.08.2009        119MB        9.09.0428                                                        notwendig
NVIDIA Update 1.3.5        NVIDIA Corporation        05.09.2011        6,37MB        1.3.5                                                        notwendig
PDF Blender                07.02.2012        1,27MB                                                                                        unnötig
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista        Realtek        17.08.2009        1,37MB        1.00.0000        notwendig
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        17.08.2009        11,0MB        6.0.1.5911                                notwendig
ScanWizard 5                20.05.2010        3,72MB                                                                                                notwendig
Skype™ 5.3        Skype Technologies S.A.        14.05.2011        22,6MB        5.3.111                                                                        notwendig
Spybot - Search & Destroy        Safer Networking Limited        01.11.2011        46,6MB        1.6.2                                                unnötig ???
Steuer 2008        Lexware        11.11.2009        150MB        15.00.00.0033                                                                                notwendig
Steuer 2009        Haufe-Lexware GmbH & Co. KG        02.04.2012                16.14.00.0001                                                        notwendig
Steuer 2010        Haufe-Lexware GmbH & Co.KG        02.04.2012                17.07.00.0001                                                        notwendig
Steuer 2011        Buhl Data Service GmbH        27.12.2011        571MB        19.00.7304                                                                notwendig
Steuer Hilfesammlung        Haufe Mediengruppe        11.11.2009        114MB        15.0.0.0                                                        notwendig
Steuer-Hilfesammlung 2009        Haufe Mediengruppe        14.01.2010                16.0.1.0                                                notwendig
Steuer-Hilfesammlung 2010        Haufe-Lexware GmbH & Co. KG        02.02.2011                17.10.0.0                                        notwendig
Ulead PhotoImpact 10        Ulead System        19.05.2010        215MB        10.0                                                                        notwendig
VLC media player 1.0.5        VideoLAN Team        21.05.2010        75,6MB        1.0.5                                                                        notwendig
Warcraft III                15.01.2012        1,11GB                                                                                                unnötig
Warcraft III: All Products                15.01.2012        1,11GB                                                                                unnötig
Windows Live Anmelde-Assistent        Microsoft Corporation        09.08.2010        1,93MB        5.000.818.5                                                unnötig
Windows Live Essentials        Microsoft Corporation        09.08.2010        43,8MB        14.0.8117.0416                                                        unnötig
Windows Live-Uploadtool        Microsoft Corporation        09.08.2010        225KB        14.0.8014.1029                                                        unnötig
Windows Mobile-Gerätecenter        Microsoft Corporation        07.02.2010        27,5MB        6.1.6965.0                                                unnötig
Windows Mobile-Gerätecenter: Treiberupdate        Microsoft Corporation        07.02.2010        42,4MB        6.1.6965.0                                unnötig
WinRAR 4.20 (32-bit)        win.rar GmbH        01.07.2012        3,62MB        4.20.0                                                                        notwendig
Yahoo! Messenger        Yahoo! Inc.        09.08.2010        27,6MB                                                                                notwendig
Yahoo! Suche Schutzvorkehrung                09.08.2010        86,7MB                                                                                unnötig
Hier der install log:

Code:
Adobe Flash Player 11 ActiveX        Adobe Systems Incorporated        12.07.2012                11.3.300.265                                unbekannt
Adobe Flash Player 11 Plugin        Adobe Systems Incorporated        14.07.2012                11.3.300.265                                unbekannt
Adobe Reader X (10.1.3) - Deutsch        Adobe Systems Incorporated        29.04.2012        118MB        10.1.3                                notwendig
AFPL Ghostscript 8.54                07.02.2012        28,4MB                                                                                unbekannt
AFPL Ghostscript Fonts                07.02.2012        4,81MB                                                                                unbekannt
Ask Toolbar        Ask.com        05.04.2012        4,64MB        1.14.1.0                                                                        unnötig
Ask Toolbar Updater        Ask.com        05.04.2012        1,36MB        1.2.0.20007                                                                unnötig
ATI Catalyst Install Manager        ATI Technologies, Inc.        17.08.2009        13,8MB        3.0.664.0                                        unbekannt
CCleaner        Piriform        22.06.2012        4,20MB        3.20                                                                        notwendig (für log datei)
CyberLink PowerDVD 10        CyberLink Corp.        26.03.2010        210MB        10.0.1516                                                        notwendig
dradio-Recorder Version 3.02.6                01.06.2012        38,0MB                                                                        notwendig
Fotoservice                26.05.2010        167MB                                                                                        notwendig
Google Chrome        Google Inc.        14.07.2012        189MB        20.0.1132.57                                                                unnötig
Haufe iDesk-Browser        Haufe-Lexware GmbH & Co. KG        27.12.2010        26,4MB        10.10.14.0000                                        notwendig
Haufe iDesk-Service        Haufe        27.12.2010        136MB        10.10.25.7810                                                                notwendig
InterVideo MediaOne Gallery                19.05.2010        119MB                                                                        notwendig
Java(TM) 7 Update 5        Oracle        30.06.2012        99,3MB        7.0.50                                                                        unbekannt
JavaFX 2.1.1        Oracle Corporation        30.06.2012        20,8MB        2.1.1                                                                unbekannt
Konz 2012        USM        27.12.2011        11,3MB        1.00.0000                                                                        notwendig
Lexware Info Service        Haufe-Lexware GmbH & Co.KG        27.12.2010        12,4MB        2.70.00.0081                                        notwendig
Logitech QuickCam        Logitech Inc.        18.10.2009        33,9MB        11.10.2030                                                        notwendig
Logitech® Camera-Treiber                18.10.2009        31,6MB                q                                                        notwendig
Malwarebytes Anti-Malware Version 1.62.0.1300        Malwarebytes Corporation        14.07.2012        11,6MB        1.62.0.1300                notwendig (???)
Medion Media Center for Medion        Medion        19.05.2010                1.0.0.0                                                                notwendig
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU        Microsoft Corporation        21.05.2011        36,9MB                                notwendig
Microsoft .NET Framework 3.5 SP1        Microsoft Corporation        17.08.2009        27,8MB                                                unbekannt
Microsoft .NET Framework 4 Client Profile        Microsoft Corporation        18.06.2011        120MB        4.0.30319                        unbekannt
Microsoft .NET Framework 4 Client Profile DEU Language Pack        Microsoft Corporation        18.06.2011        24,5MB        4.0.30319        unbekannt
Microsoft Office Professional 2010        Microsoft Corporation        12.12.2011        824MB        14.0.6029.1000                                notwendig
Microsoft Visual C++ 2005 Redistributable        Microsoft Corporation        05.09.2011        294KB        8.0.61001                        unbekannt
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148        Microsoft Corporation        21.05.2011        199KB        9.0.30729.4148        unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022        Microsoft Corporation        26.05.2010        1,36MB        9.0.21022                unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148        Microsoft Corporation        27.12.2011        222KB        9.0.30729.4148                unbekannt
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161        Microsoft Corporation        19.06.2011        594KB        9.0.30729.6161                unbekannt
Mozilla Firefox 13.0.1 (x86 de)        Mozilla        30.06.2012        39,5MB        13.0.1                                                                notwendig
Mozilla Maintenance Service        Mozilla        30.06.2012        204KB        13.0.1                                                                unbekannt
MSXML 4.0 SP2 (KB954430)        Microsoft Corporation        25.02.2010        35,0KB        4.20.9870.0                                        unbekannt
MSXML 4.0 SP2 (KB973688)        Microsoft Corporation        25.02.2010        1,33MB        4.20.9876.0                                        unbekannt
NVIDIA Display Control Panel        NVIDIA Corporation        02.02.2010        19,6MB        6.14.11.9621                                        notwendig
NVIDIA Grafiktreiber 275.33        NVIDIA Corporation        05.09.2011        187MB        275.33                                                notwendig
NVIDIA PhysX        NVIDIA Corporation        17.08.2009        119MB        9.09.0428                                                        notwendig
NVIDIA Update 1.3.5        NVIDIA Corporation        05.09.2011        6,37MB        1.3.5                                                        notwendig
PDF Blender                07.02.2012        1,27MB                                                                                        unnötig
Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista        Realtek        17.08.2009        1,37MB        1.00.0000        notwendig
Realtek High Definition Audio Driver        Realtek Semiconductor Corp.        17.08.2009        11,0MB        6.0.1.5911                                notwendig
ScanWizard 5                20.05.2010        3,72MB                                                                                                notwendig
Skype™ 5.3        Skype Technologies S.A.        14.05.2011        22,6MB        5.3.111                                                                        notwendig
Spybot - Search & Destroy        Safer Networking Limited        01.11.2011        46,6MB        1.6.2                                                unnötig ???
Steuer 2008        Lexware        11.11.2009        150MB        15.00.00.0033                                                                                notwendig
Steuer 2009        Haufe-Lexware GmbH & Co. KG        02.04.2012                16.14.00.0001                                                        notwendig
Steuer 2010        Haufe-Lexware GmbH & Co.KG        02.04.2012                17.07.00.0001                                                        notwendig
Steuer 2011        Buhl Data Service GmbH        27.12.2011        571MB        19.00.7304                                                                notwendig
Steuer Hilfesammlung        Haufe Mediengruppe        11.11.2009        114MB        15.0.0.0                                                        notwendig
Steuer-Hilfesammlung 2009        Haufe Mediengruppe        14.01.2010                16.0.1.0                                                notwendig
Steuer-Hilfesammlung 2010        Haufe-Lexware GmbH & Co. KG        02.02.2011                17.10.0.0                                        notwendig
Ulead PhotoImpact 10        Ulead System        19.05.2010        215MB        10.0                                                                        notwendig
VLC media player 1.0.5        VideoLAN Team        21.05.2010        75,6MB        1.0.5                                                                        notwendig
Warcraft III                15.01.2012        1,11GB                                                                                                unnötig
Warcraft III: All Products                15.01.2012        1,11GB                                                                                unnötig
Windows Live Anmelde-Assistent        Microsoft Corporation        09.08.2010        1,93MB        5.000.818.5                                                unnötig
Windows Live Essentials        Microsoft Corporation        09.08.2010        43,8MB        14.0.8117.0416                                                        unnötig
Windows Live-Uploadtool        Microsoft Corporation        09.08.2010        225KB        14.0.8014.1029                                                        unnötig
Windows Mobile-Gerätecenter        Microsoft Corporation        07.02.2010        27,5MB        6.1.6965.0                                                unnötig
Windows Mobile-Gerätecenter: Treiberupdate        Microsoft Corporation        07.02.2010        42,4MB        6.1.6965.0                                unnötig
WinRAR 4.20 (32-bit)        win.rar GmbH        01.07.2012        3,62MB        4.20.0                                                                        notwendig
Yahoo! Messenger        Yahoo! Inc.        09.08.2010        27,6MB                                                                                notwendig
Yahoo! Suche Schutzvorkehrung                09.08.2010        86,7MB                                                                                unnötig

markusg 16.07.2012 18:25
deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Ask beide
Google
PDF
Spybot
Warcraft : beide
Windows Live : alle für dich unnötigen
Yahoo! Suche Schutzvorkehrung

öffne ccleaner analysieren, starten
öffne otl, cealnup, pc startet neu, testen wie er läuft


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:43 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131