Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Live Security Platinum Virusinfektion - alle Logs angehangen (https://www.trojaner-board.de/121641-live-security-platinum-virusinfektion-alle-logs-angehangen.html)

exedcuter 09.08.2012 13:20
Live Security Platinum Virusinfektion - alle Logs angehangen
 
Hallo,

ich bin neu hier und habe mich schon jetzt ein bißchen in diesem Forum informiert.

Leider bin ich auch betroffen von diesem vermaledeitem Live Security Platinum Virus.

Ich habe wie gewünscht mittels des defoggers alle Emulatoren deaktiviert und mit OTL und gmer einen Scan durchgeführt.

Anbei findet ihr die Logs

OTL:

Code:
OTL logfile created on: 09.08.2012 11:22:58 - Run 1
OTL by OldTimer - Version 3.2.56.0    Folder = C:\Users\Patti\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 84,58% Memory free
6,19 Gb Paging File | 5,93 Gb Available in Paging File | 95,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 81,26 Gb Total Space | 4,79 Gb Free Space | 5,89% Space Free | Partition Type: NTFS
Drive D: | 49,50 Gb Total Space | 8,15 Gb Free Space | 16,47% Space Free | Partition Type: FAT32
Drive E: | 167,32 Gb Total Space | 5,10 Gb Free Space | 3,05% Space Free | Partition Type: NTFS
Drive F: | 272,36 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PATTI-PC | User Name: Patti | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.09 11:04:06 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Patti\Desktop\OTL.exe
PRC - [2009.08.05 12:17:12 | 000,204,800 | ---- | M] (DT Soft Ltd) -- C:\Programme\DAEMON Tools Pro\DTProShellHlp.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2007.11.02 12:28:16 | 000,434,176 | ---- | M] () -- C:\Programme\Softex\OmniPass\userdata.dll
MOD - [2007.11.02 12:28:04 | 001,077,248 | ---- | M] () -- C:\Programme\Softex\OmniPass\autheng.dll
MOD - [2007.11.02 12:27:48 | 000,532,480 | ---- | M] () -- C:\Programme\Softex\OmniPass\storeng.dll
MOD - [2007.11.02 12:27:38 | 000,065,536 | ---- | M] () -- C:\Programme\Softex\OmniPass\opfsdll.dll
MOD - [2007.11.02 12:27:28 | 000,016,896 | ---- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll
MOD - [2007.11.02 12:27:26 | 000,013,824 | ---- | M] () -- C:\Programme\Softex\OmniPass\SSPLogon.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.08.03 21:12:01 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.26 19:40:56 | 000,794,560 | ---- | M] (Spigot, Inc.) [Auto | Stopped] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2012.07.23 23:28:41 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () [Auto | Stopped] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.11.02 12:31:08 | 000,040,960 | ---- | M] (Softex Inc.) [Auto | Stopped] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Stopped] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Stopped] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.02.20 23:36:27 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.26 17:26:44 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.09 19:09:04 | 000,722,416 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008.02.15 14:52:20 | 000,039,472 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2008.01.21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007.12.20 02:46:00 | 007,630,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.11.06 08:58:50 | 000,131,672 | ---- | M] (Paragon) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2007.11.06 08:58:50 | 000,032,080 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2007.08.28 15:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007.08.08 08:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.07.31 11:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2007.06.01 10:29:04 | 000,210,736 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2007.05.25 09:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2007.05.25 09:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2007.04.30 13:42:14 | 000,081,408 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {43CB0ED4-FFA5-4BB7-86CB-DF81DDD8853A}
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKCU\..\SearchScopes\{43CB0ED4-FFA5-4BB7-86CB-DF81DDD8853A}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7MEDA_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=vuIH2sYg_KdJOtqKkqNh7fC8PB8?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.3.4
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q="
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.17 01:25:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.17 01:25:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.09 20:38:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.23 23:28:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.18 14:51:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.09 20:38:29 | 000,000,000 | ---D | M]
 
[2009.06.11 20:57:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patti\AppData\Roaming\mozilla\Extensions
[2012.07.30 19:14:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions
[2010.02.12 01:26:58 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2012.07.26 23:23:12 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.06.23 22:38:57 | 000,000,000 | ---D | M] (FoxTrick) -- C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
[2009.07.04 09:44:10 | 000,000,000 | ---D | M] (jDownFF) -- C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2012.08.09 09:31:23 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-1.xml
[2010.10.15 09:08:08 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-10.xml
[2010.10.22 17:37:05 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-11.xml
[2010.10.29 12:20:59 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-12.xml
[2010.11.03 22:46:01 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-13.xml
[2011.03.11 01:04:13 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-14.xml
[2011.03.26 01:04:51 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-15.xml
[2011.05.01 22:12:46 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-16.xml
[2011.07.05 23:16:32 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-17.xml
[2011.08.21 10:38:23 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-18.xml
[2011.08.25 08:37:53 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-19.xml
[2009.08.06 22:19:20 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-2.xml
[2011.09.09 22:18:37 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-20.xml
[2011.10.12 22:35:18 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-21.xml
[2011.11.08 19:55:20 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-22.xml
[2012.01.15 17:35:51 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-23.xml
[2012.02.06 23:14:15 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-24.xml
[2012.02.16 23:40:14 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-25.xml
[2012.02.18 01:19:17 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-26.xml
[2012.02.20 23:34:22 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-27.xml
[2012.05.08 00:39:50 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-28.xml
[2012.07.01 13:44:52 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-29.xml
[2009.09.13 10:55:01 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-3.xml
[2012.07.23 23:29:05 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-30.xml
[2009.10.31 19:42:23 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-4.xml
[2009.12.19 11:17:35 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-5.xml
[2010.01.07 01:28:25 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-6.xml
[2010.07.26 21:59:04 | 000,000,961 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-7.xml
[2010.07.27 19:10:25 | 000,000,961 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-8.xml
[2010.09.18 18:28:01 | 000,000,961 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-9.xml
[2012.07.24 14:48:30 | 000,000,168 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin.gif
[2012.07.24 14:48:30 | 000,000,618 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin.src
[2010.06.21 17:35:24 | 000,001,042 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin.xml
[2009.06.26 19:26:39 | 000,000,945 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\youtube-videosuche.xml
[2011.11.14 23:12:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.06.14 20:51:29 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.10.19 00:30:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.30 19:14:25 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2012.07.30 19:14:25 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES\PDFFORGE TOOLBAR\FF
[2011.10.31 00:17:27 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\PATTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S066D2HQ.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012.07.23 23:28:42 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.07.01 13:44:28 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.01 13:44:28 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.01 13:44:28 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2011.08.31 23:25:03 | 000,002,048 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2012.07.01 13:44:28 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.01 13:44:28 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.01 13:44:28 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" File not found
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe File not found
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKCU..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{168DF045-4E75-449B-B791-44073669C676}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44A128CB-9F60-4BBA-8DA4-61D65F626837}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.04.06 09:56:36 | 000,000,050 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{16eee8bf-bc67-11dd-90f7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{16eee8bf-bc67-11dd-90f7-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Welcome.exe -- [2010.05.28 16:11:06 | 000,626,080 | R--- | M] (Nikon Corporation)
O33 - MountPoints2\{79d3f352-8507-11de-8363-001f1603e7e5}\Shell - "" = AutoRun
O33 - MountPoints2\{79d3f352-8507-11de-8363-001f1603e7e5}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{79d3f352-8507-11de-8363-001f1603e7e5}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{79d3f352-8507-11de-8363-001f1603e7e5}\Shell\install\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{888839a6-2604-11e0-9dad-001f1603e7e5}\Shell\AutoRun\command - "" = I:\EmDesk.exe
O33 - MountPoints2\{888839a6-2604-11e0-9dad-001f1603e7e5}\Shell\EmDesk\command - "" = I:\EmDesk.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.09 11:22:21 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Patti\Desktop\OTL.exe
[2012.08.09 09:33:01 | 000,000,000 | ---D | C] -- C:\Users\Patti\AppData\Roaming\Malwarebytes
[2012.08.09 09:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.09 09:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.09 09:32:45 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.09 09:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.05 22:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF9800533D8A1932A77A2F3B707C
[2012.07.30 19:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Nikon
[2012.07.30 19:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot
[2012.07.30 19:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar
[2012.07.30 19:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater
[2012.07.30 19:12:18 | 000,000,000 | ---D | C] -- C:\Users\Patti\AppData\Local\Macromedia
[2012.07.29 22:44:45 | 000,000,000 | ---D | C] -- C:\Users\Patti\AppData\Roaming\Nikon
[2012.07.29 22:44:45 | 000,000,000 | ---D | C] -- C:\Users\Patti\AppData\Local\Nikon
[2012.07.29 21:00:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2
[2012.07.29 20:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViewNX 2
[2012.07.29 20:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon
[2012.07.29 20:56:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Sports
[2012.07.29 20:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Sounds
[2012.07.29 20:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Screen Savers
[2012.07.29 20:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Ultima_T15
[2012.07.29 20:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\EnterNHelp
[2012.07.29 20:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\Nikon
[2012.07.29 20:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\System32\
[2012.08.09 11:15:53 | 000,002,735 | ---- | M] () -- C:\Users\Patti\Desktop\Microsoft Office Outlook 2007.lnk
[2012.08.09 11:14:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.09 11:13:24 | 000,000,020 | ---- | M] () -- C:\Users\Patti\defogger_reenable
[2012.08.09 11:04:06 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Patti\Desktop\OTL.exe
[2012.08.09 09:44:39 | 000,000,680 | ---- | M] () -- C:\Users\Patti\AppData\Local\d3d9caps.dat
[2012.08.09 09:32:46 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.07 16:19:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.07 16:19:32 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.07 16:16:05 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.08.07 16:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.07 16:00:08 | 000,109,553 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\nvModes.001
[2012.08.03 22:17:59 | 000,109,553 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\nvModes.dat
[2012.07.29 22:53:02 | 000,001,437 | ---- | M] () -- C:\Users\Public\Desktop\Hattrick Organizer.lnk
[2012.07.29 22:45:18 | 000,000,000 | ---- | M] () -- C:\Windows\ViewNX2.INI
[2012.07.29 22:44:49 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2012.07.29 20:56:55 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\ViewNX 2.lnk
[2012.07.29 20:56:20 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Clips
[2012.07.29 20:56:20 | 000,000,268 | RH-- | M] () -- C:\Users\Patti\AppData\Roaming\Chorus
[2012.07.29 20:56:20 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLev.DAT
[2012.07.29 20:56:19 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Clean Electric Guitar
[2012.07.29 20:56:19 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Classical
[2012.07.29 20:56:19 | 000,000,268 | RH-- | M] () -- C:\Users\Patti\AppData\Roaming\Chiller
[2012.07.29 20:56:19 | 000,000,268 | RH-- | M] () -- C:\Users\Patti\AppData\Roaming\Channel
[2012.07.29 20:56:19 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLes.DAT
[2012.07.12 23:06:13 | 000,386,408 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\System32\
[2012.08.09 11:12:58 | 000,000,020 | ---- | C] () -- C:\Users\Patti\defogger_reenable
[2012.08.09 09:38:05 | 000,000,680 | ---- | C] () -- C:\Users\Patti\AppData\Local\d3d9caps.dat
[2012.08.09 09:32:46 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.09 09:22:52 | 000,013,312 | ---- | C] () -- C:\Users\Patti\AppData\Local\{197538d8-ccc8-f96e-3793-730a2117a111}\U\80000000.@
[2012.08.05 22:38:11 | 000,001,712 | ---- | C] () -- C:\Users\Patti\AppData\Local\{197538d8-ccc8-f96e-3793-730a2117a111}\U\00000001.@
[2012.08.05 22:24:12 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{197538d8-ccc8-f96e-3793-730a2117a111}\U\00000001.@
[2012.07.30 19:10:50 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.29 22:53:02 | 000,001,437 | ---- | C] () -- C:\Users\Public\Desktop\Hattrick Organizer.lnk
[2012.07.29 22:45:18 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2012.07.29 20:56:55 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\ViewNX 2.lnk
[2012.07.29 20:56:20 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Clips
[2012.07.29 20:56:20 | 000,000,268 | RH-- | C] () -- C:\Users\Patti\AppData\Roaming\Chorus
[2012.07.29 20:56:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012.07.29 20:56:19 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Clean Electric Guitar
[2012.07.29 20:56:19 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Classical
[2012.07.29 20:56:19 | 000,000,268 | RH-- | C] () -- C:\Users\Patti\AppData\Roaming\Chiller
[2012.07.29 20:56:19 | 000,000,268 | RH-- | C] () -- C:\Users\Patti\AppData\Roaming\Channel
[2012.07.29 20:56:19 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012.07.29 20:56:18 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012.04.09 20:26:31 | 000,203,568 | ---- | C] () -- C:\Windows\hpwins20.dat.temp
[2012.04.09 20:26:31 | 000,002,428 | ---- | C] () -- C:\Windows\hpwmdl20.dat.temp
[2012.02.19 20:18:51 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012.01.11 22:29:40 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{197538d8-ccc8-f96e-3793-730a2117a111}\@
[2012.01.11 22:29:40 | 000,002,048 | -HS- | C] () -- C:\Users\Patti\AppData\Local\{197538d8-ccc8-f96e-3793-730a2117a111}\@
[2011.10.18 15:10:49 | 000,000,261 | ---- | C] () -- C:\Windows\n02.ini
[2011.10.18 15:01:08 | 000,001,015 | ---- | C] () -- C:\Windows\kaillera.ini
[2011.07.26 17:26:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.07.26 17:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.07.26 17:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.07.26 17:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.07.26 17:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.03.05 13:27:07 | 000,146,252 | ---- | C] () -- C:\Windows\hpoins18.dat
[2011.03.05 13:26:47 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2011.02.26 11:40:46 | 735,422,464 | ---- | C] () -- C:\Users\Patti\ps-bangema.avi
[2009.07.19 22:24:36 | 000,000,164 | ---- | C] () -- C:\Users\Patti\AppData\Roaming\Default.PLS
[2009.06.29 17:53:31 | 000,109,553 | ---- | C] () -- C:\Users\Patti\AppData\Roaming\nvModes.001
[2009.06.29 17:53:29 | 000,109,553 | ---- | C] () -- C:\Users\Patti\AppData\Roaming\nvModes.dat
[2009.06.26 17:56:45 | 000,034,304 | ---- | C] () -- C:\Users\Patti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.15 20:32:32 | 000,000,020 | ---- | C] () -- C:\Users\Patti\ho.dir
 
========== LOP Check ==========
 
[2009.08.09 19:20:49 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\DAEMON Tools Pro
[2011.07.05 23:46:38 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\DVDVideoSoft
[2011.01.05 17:13:43 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\ICQ
[2012.04.16 22:35:07 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Image Zone Express
[2012.07.01 14:04:47 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\IrfanView
[2011.02.11 23:25:00 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\mkvtoolnix
[2012.07.29 22:44:45 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Nikon
[2012.02.19 20:18:58 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\pdfforge
[2011.12.06 20:29:50 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Printer Info Cache
[2011.08.05 11:36:59 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Registry Mechanic
[2011.08.12 17:51:27 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Samsung
[2012.08.07 16:16:16 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
Extra:

Code:
OTL Extras logfile created on: 09.08.2012 11:22:59 - Run 1
OTL by OldTimer - Version 3.2.56.0    Folder = C:\Users\Patti\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,54 Gb Available Physical Memory | 84,58% Memory free
6,19 Gb Paging File | 5,93 Gb Available in Paging File | 95,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 81,26 Gb Total Space | 4,79 Gb Free Space | 5,89% Space Free | Partition Type: NTFS
Drive D: | 49,50 Gb Total Space | 8,15 Gb Free Space | 16,47% Space Free | Partition Type: FAT32
Drive E: | 167,32 Gb Total Space | 5,10 Gb Free Space | 3,05% Space Free | Partition Type: NTFS
Drive F: | 272,36 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PATTI-PC | User Name: Patti | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
"AntiVirusDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallDisableNotify" = 0
"FirewallOverride" = 1
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
========== Firewall Settings ==========
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{00180407-78E1-11D2-B60F-006097C998E7}" = Microsoft Access 2000 Runtime
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{04DDE210-DEE1-45D0-9D47-D6107EE471FD}" = TLH-Klassisch
"{06A1D88C-E102-4527-AF70-29FFD7AF215A}" = Scan
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15619017-86DB-49F8-AD97-DC1BC616502E}" = ProductContext
"{2511D82C-2688-41C2-ABF8-AF237795989B}" = pdfforge Toolbar v6.2
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java(TM) 6 Update 26
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B540E44-8382-4899-B481-1E2E02E38F3E}" = 4660_4680_Help
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4945F319-A24D-454C-A411-F3689987315D}" = HP OfficeJet J4600 All-In-One Series
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{60FFB3E0-6D5B-4D73-AE5B-07E58B83AF0C}" = 32 Bit HP CIO Components Installer
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{70B45586-B51E-4947-A258-A895596C5CED}" = Photo Loader 2.1G
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87441A59-5E64-4096-A170-14EFE67200C3}" = Picture Control Utility
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C2690CF-5B74-4F93-8139-7B5644CD6A3B}" = MobileMe Control Panel
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{901C0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Access 2003 Runtime
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91F7F3F3-CE80-48C3-8327-7D24A0A5716A}" = iTunes
"{9294F169-72EE-4D74-AE92-CA25F64B4FF8}" = Fax
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.5
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AFAC914D-9E83-4A89-8ABE-427521C82CCF}" = Safari
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B014EE44-9197-4513-9613-71E6EB1B514E}" = Nikon Message Center 2
"{B22C0B70-6EE0-4027-A16B-4023C5C5B747}" = FloorPlan 3D V.9
"{B629CD93-A629-4A9F-8B6E-218E741A316E}" = BPDSoftware_Ini
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C887C75D-2636-41F6-BB7B-FD4B0314C1E1}" = Paragon Partition Manager 9.0 Professional
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.4.9
"{D155D300-C235-44FC-981C-F7B34683439C}" = Paragon Drive Backup 8.51 Professional Trial
"{D1E7142C-6BC3-49EB-A71A-E5D7ADAC7599}" = Nikon File Uploader 2
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{D7D3E265-119C-4EFD-BB43-BEAF464FC969}" = J4680
"{DC24971E-1946-445D-8A82-CE685433FA7D}" = Realtek USB 2.0 Card Reader
"{DCE9C52A-95DD-4075-9FC6-3313FB8748A5}" = BPDSoftware
"{DDD62492-32A7-412B-8AF1-2CF032AD42E3}" = ViewNX 2
"{E7004147-2CCA-431C-AA05-2AB166B9785D}" = QuickTime
"{E815FB81-995F-4F33-8E25-F16712123AB7}" = AuthenTec Fingerprint Sensor Minimum Install
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4E57F49-84B4-4CF2-B0A1-8CA1752BDF7E}" = OmniPass 5.00.91
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FEDE400D-3381-4087-ACCB-689DD8A56123}" = Inst5657
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"Amiga SWOS_is1" = Amiga SWOS v1.02
"AmoK Playlist Copy" = AmoK Playlist Copy 2.04
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Setup" = DivX-Setup
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Free Video to iPod Converter_is1" = Free Video to iPod Converter version 4.2.20.602
"Google Desktop" = Google Desktop
"Hattrick Organizer" = Hattrick Organizer (remove only)
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"HPOCR" = OCR Software by I.R.I.S. 14.0
"ICQToolbar" = ICQ Toolbar
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MKV Player_is1" = MKV Player 1.0
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MyTomTom" = MyTomTom 3.1.0.530
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"SopCast" = SopCast 3.2.4
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TLH Grundschule Niedersachsen Version Klassisch" = TLH Grundschule Niedersachsen Version Klassisch
"Virtual DJ Home - Atomix Productions" = Virtual DJ Home - Atomix Productions
"VLC media player" = VLC media player 1.0.5
"Winamp" = Winamp
"WinRAR archiver" = WinRAR
"WinUAE" = WinUAE 1.6.1
"X10Hardware" = X10 Hardware(TM)
"YTdetect" = Yahoo! Detect
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.03.2011 04:30:40 | Computer Name = Patti-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 29.03.2011 04:30:40 | Computer Name = Patti-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 29.03.2011 04:30:40 | Computer Name = Patti-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 29.03.2011 04:30:42 | Computer Name = Patti-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 29.03.2011 04:30:42 | Computer Name = Patti-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 29.03.2011 04:30:42 | Computer Name = Patti-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 29.03.2011 04:30:42 | Computer Name = Patti-PC | Source = Windows Search Service | ID = 3013
Description =
 
Error - 29.03.2011 05:17:15 | Computer Name = Patti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 29.03.2011 05:17:15 | Computer Name = Patti-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description =
 
Error - 29.03.2011 05:18:19 | Computer Name = Patti-PC | Source = WinMgmt | ID = 10
Description =
 
[ OSession Events ]
Error - 16.06.2010 16:23:29 | Computer Name = Patti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 650
 seconds with 360 seconds of active time.  This session ended with a crash.
 
Error - 23.01.2011 14:18:20 | Computer Name = Patti-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 565
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 29.08.2009 04:52:00 | Computer Name = Patti-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 29.08.2009 06:17:54 | Computer Name = Patti-PC | Source = HTTP | ID = 15016
Description =
 
Error - 29.08.2009 06:19:10 | Computer Name = Patti-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 29.08.2009 11:25:40 | Computer Name = Patti-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 29.08.2009 um 13:17:55 unerwartet heruntergefahren.
 
Error - 29.08.2009 11:25:45 | Computer Name = Patti-PC | Source = HTTP | ID = 15016
Description =
 
Error - 29.08.2009 11:26:45 | Computer Name = Patti-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 29.08.2009 11:52:53 | Computer Name = Patti-PC | Source = HTTP | ID = 15016
Description =
 
Error - 29.08.2009 11:53:03 | Computer Name = Patti-PC | Source = Service Control Manager | ID = 7000
Description =
 
Error - 29.08.2009 14:24:22 | Computer Name = Patti-PC | Source = HTTP | ID = 15016
Description =
 
Error - 29.08.2009 14:24:47 | Computer Name = Patti-PC | Source = Service Control Manager | ID = 7000
Description =
 
 
< End of report >

gmer:

Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-09 13:48:42
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD32 rev.11.0
Running: 1smgnkw6.exe; Driver: C:\Users\Patti\AppData\Local\Temp\pwloapow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                              SiWinAcc.sys (Windows Accelerator Driver/Silicon Image, Inc.)
AttachedDevice  \Driver\kbdclass \Device\KeyboardClass0                                                                            Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                              hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                              hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                              hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                              hotcore3.sys (Hotbackup helper driver/Paragon Software Group)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                            fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg            HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0015aff3f58f                                       
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                   
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                0x38 0x0F 0x98 0x02 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                C:\Program Files\DAEMON Tools Pro\
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                0
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x32 0xE6 0x59 0x8B ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                         
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                    0x44 0xD1 0xF0 0xFF ...
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                     
Reg            HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0xA4 0xD0 0x47 0xDC ...
Reg            HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\0015aff3f58f (not active ControlSet)                   
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)               
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                    0x38 0x0F 0x98 0x02 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                    C:\Program Files\DAEMON Tools Pro\
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                    0
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x32 0xE6 0x59 0x8B ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)     
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0x20 0x01 0x00 0x00 ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                        0x44 0xD1 0xF0 0xFF ...
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) 
Reg            HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0xA4 0xD0 0x47 0xDC ...
Reg            HKLM\SOFTWARE\Classes\CLSID\{B6A930A0-A4F5-43A5-9B4E-6189A6C2B9E8}@\24!s!y!f!c!`!j!t!f!t!t!e!d!c!s!f!              19583823

---- EOF - GMER 1.0.15 ----

Zudem habe ich wie empfohlem auch Malwarebytes schon einmal über das System laufen lassen. Anbei die Log-Datei von Malwarebytes.

Code:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.09.02

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Patti :: PATTI-PC [Administrator]

Schutz: Deaktiviert

09.08.2012 09:38:29
mbam-log-2012-08-09 (09-38-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 469844
Laufzeit: 1 Stunde(n), 7 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Trojan.LameShield) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|036DFF9800533D8A1932A77A2F3B707C (Trojan.LameShield) -> Daten: C:\ProgramData\036DFF9800533D8A1932A77A2F3B707C\036DFF9800533D8A1932A77A2F3B707C.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\Patti\AppData\Local\{197538d8-ccc8-f96e-3793-730a2117a111}\n. -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 1
C:\Users\Patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 8
C:\ProgramData\036DFF9800533D8A1932A77A2F3B707C\036DFF9800533D8A1932A77A2F3B707C.exe (Trojan.LameShield) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Patti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UXWMN4P\soft4[1].exe (Trojan.LameShield) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Patti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MA6G9IPH\soft3[1].exe (RootKit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Patti\AppData\Local\{197538d8-ccc8-f96e-3793-730a2117a111}\n (RootKit.0Access) -> Löschen bei Neustart.
C:\Users\Patti\AppData\Local\{197538d8-ccc8-f96e-3793-730a2117a111}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{197538d8-ccc8-f96e-3793-730a2117a111}\n (RootKit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Patti\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Wie soll ich jetzt weiter vorgehen um sicherzustellen, dass ich den Virus komplett los bin bzw los werde?

Über eure Hilfe wäre ich sehr dankbar.

Viele Grüße

Exedcuter

cosinus 13.08.2012 18:12
Bitte erstmal routinemäßig einen neuen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

exedcuter 13.08.2012 19:54
Hallo Cosinus,

danke dass du dich meiner Sache angenommen hast.

Ich habe heute vormittag bereits einen Scan mit dem ESET gemacht. Anbei das log:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=f5b1a7885997e4499f92bbcb3f71f1f0
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-08-13 12:08:14
# local_time=2012-08-13 02:08:14 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1792 16777215 100 0 26000007 26000007 0 0
# compatibility_mode=5892 16776574 66 100 829230 182382026 0 0
# compatibility_mode=8192 67108863 100 0 319 319 0 0
# scanned=269181
# found=20
# cleaned=0
# scan_time=10396
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.10        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.11        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.12        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.13        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.14        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.15        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.6        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.7        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.8        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.9        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe        Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Program Files\pdfforge Toolbar\IE\6.2\pdfforgeToolbarIE.dll        a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Patti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UXWMN4P\firstload_com[1].htm        HTML/ScrInject.B.Gen virus (unable to clean)        00000000000000000000000000000000        I
C:\Users\Patti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MA6G9IPH\team-hardcore-emsland_de[1].htm        HTML/Iframe.B.Gen virus (unable to clean)        00000000000000000000000000000000        I
C:\Users\Patti\AppData\Local\{197538d8-ccc8-f96e-3793-730a2117a111}\U\80000000.@        a variant of Win32/Sirefef.FA trojan (unable to clean)        00000000000000000000000000000000        I
C:\Users\Patti\Downloads\PDFCreator-1_2_3_setup.exe        Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Windows\Installer\626e3.msi        probably a variant of Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
Und nun einmal noch der alte Malwarebytes Log vom 09.08.2012:

Code:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.09.02

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Patti :: PATTI-PC [Administrator]

Schutz: Deaktiviert

09.08.2012 09:38:29
mbam-log-2012-08-09 (09-38-29).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 469844
Laufzeit: 1 Stunde(n), 7 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Trojan.LameShield) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|036DFF9800533D8A1932A77A2F3B707C (Trojan.LameShield) -> Daten: C:\ProgramData\036DFF9800533D8A1932A77A2F3B707C\036DFF9800533D8A1932A77A2F3B707C.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\Patti\AppData\Local\{197538d8-ccc8-f96e-3793-730a2117a111}\n. -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt.

Infizierte Verzeichnisse: 1
C:\Users\Patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 8
C:\ProgramData\036DFF9800533D8A1932A77A2F3B707C\036DFF9800533D8A1932A77A2F3B707C.exe (Trojan.LameShield) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Patti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2UXWMN4P\soft4[1].exe (Trojan.LameShield) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Patti\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MA6G9IPH\soft3[1].exe (RootKit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Patti\AppData\Local\{197538d8-ccc8-f96e-3793-730a2117a111}\n (RootKit.0Access) -> Löschen bei Neustart.
C:\Users\Patti\AppData\Local\{197538d8-ccc8-f96e-3793-730a2117a111}\U\800000cb.@ (Rootkit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\Installer\{197538d8-ccc8-f96e-3793-730a2117a111}\n (RootKit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Patti\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Und nun der Malwarebytes Log von heute:

Code:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.13.05

Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Patti :: PATTI-PC [Administrator]

Schutz: Deaktiviert

13.08.2012 19:33:03
mbam-log-2012-08-13 (19-33-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 471778
Laufzeit: 1 Stunde(n), 6 Minute(n), 1 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Nochmals vielen Dank für die Unterstützung

Gruß
Exedcuter

cosinus 14.08.2012 13:20
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

exedcuter 14.08.2012 18:51
Hallo,

weil ich das in einem anderen Thread bereits gelesen habe, habe ich das gestern bereits gemacht.

Anbei das Log:

Code:
# AdwCleaner v1.800 - Logfile created 08/13/2012 at 15:04:29
# Updated 01/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Patti - PATTI-PC
# Running from : C:\Users\Patti\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : Application Updater

***** [Files / Folders] *****

Folder Found : C:\Users\Patti\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Patti\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Patti\AppData\LocalLow\pdfforge
Folder Found : C:\Users\Patti\AppData\LocalLow\Search Settings
Folder Found : C:\Users\Ines\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Ines\AppData\LocalLow\Search Settings
Folder Found : C:\Users\Patti\AppData\Roaming\pdfforge
Folder Found : C:\Program Files\Application Updater
Folder Found : C:\Program Files\pdfforge Toolbar
Folder Found : C:\Program Files\Common Files\spigot
File Found : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\pdfforge
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Found : HKCU\Software\pdfforge
Key Found : HKCU\Software\Search Settings
Key Found : HKLM\SOFTWARE\Application Updater
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Found : HKLM\SOFTWARE\DT Soft
Key Found : HKLM\SOFTWARE\pdfforge
Key Found : HKLM\SOFTWARE\Search Settings
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\8l306cv2.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4084 octets] - [13/08/2012 15:04:29]

########## EOF - C:\AdwCleaner[R1].txt - [4212 octets] ##########
Vielen Dank nochmal und viele Grüße :dankeschoen:

Exedcuter

cosinus 15.08.2012 13:38
Von adeCleaner hast du eine ältere Version benutzt
Lösche die alte adwCleaner, lade das Tool neu runter und mach einen neuen Suchlauf und poste wieder das Log

exedcuter 16.08.2012 11:41
Hallo Cosinus,

habe mir den adwcleaner nochmal runtergeladen und den Suchlauf durchgeführt.

Anbei das Log:

Code:
# AdwCleaner v1.801 - Logfile created 08/16/2012 at 12:41:25
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Patti - PATTI-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Patti\Downloads\adwcleaner(1).exe
# Option [Search]


***** [Services] *****

Found : Application Updater

***** [Files / Folders] *****

Folder Found : C:\Users\Patti\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Patti\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Patti\AppData\LocalLow\pdfforge
Folder Found : C:\Users\Patti\AppData\LocalLow\Search Settings
Folder Found : C:\Users\Ines\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Ines\AppData\LocalLow\Search Settings
Folder Found : C:\Users\Patti\AppData\Roaming\pdfforge
Folder Found : C:\Program Files\Application Updater
Folder Found : C:\Program Files\pdfforge Toolbar
Folder Found : C:\Program Files\Common Files\spigot
File Found : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\pdfforge
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Found : HKCU\Software\pdfforge
Key Found : HKCU\Software\Search Settings
Key Found : HKLM\SOFTWARE\Application Updater
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Found : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Found : HKLM\SOFTWARE\pdfforge
Key Found : HKLM\SOFTWARE\Search Settings
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\prefs.js

[OK] File is clean.

Profile name : default
File : C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\8l306cv2.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4213 octets] - [13/08/2012 15:04:29]
AdwCleaner[S1].txt - [279 octets] - [13/08/2012 16:01:01]
AdwCleaner[R2].txt - [4127 octets] - [16/08/2012 12:39:47]
AdwCleaner[R3].txt - [4058 octets] - [16/08/2012 12:41:25]

########## EOF - C:\AdwCleaner[R3].txt - [4186 octets] ##########
Vielen Dank schon mal und viele Grüße
Exedcuter

cosinus 16.08.2012 13:36
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

exedcuter 16.08.2012 19:37
Hi Cosinus,

habe mit adwcleaner deleted. Anbei das Log:

Code:
# AdwCleaner v1.801 - Logfile created 08/16/2012 at 20:22:39
# Updated 14/08/2012 by Xplode
# Operating system : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# User : Patti - PATTI-PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Patti\Downloads\adwcleaner(1).exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Application Updater

***** [Files / Folders] *****

Folder Deleted : C:\Users\Patti\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Patti\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Patti\AppData\LocalLow\pdfforge
Folder Deleted : C:\Users\Patti\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Ines\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Ines\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Patti\AppData\Roaming\pdfforge
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\pdfforge Toolbar
Folder Deleted : C:\Program Files\Common Files\spigot
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\pdfforge
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKCU\Software\pdfforge
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Application Updater
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\pdfforge
Key Deleted : HKLM\SOFTWARE\Search Settings
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (de)

Profile name : default
File : C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\prefs.js

C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\user.js ... Deleted !

[OK] File is clean.

Profile name : default
File : C:\Users\Ines\AppData\Roaming\Mozilla\Firefox\Profiles\8l306cv2.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [4213 octets] - [13/08/2012 15:04:29]
AdwCleaner[S1].txt - [279 octets] - [13/08/2012 16:01:01]
AdwCleaner[R2].txt - [4127 octets] - [16/08/2012 12:39:47]
AdwCleaner[R3].txt - [4187 octets] - [16/08/2012 12:41:25]
AdwCleaner[S2].txt - [4306 octets] - [16/08/2012 20:22:39]

########## EOF - C:\AdwCleaner[S2].txt - [4434 octets] ##########
Vielen Dank und viele Grüße Exedcuter

cosinus 17.08.2012 19:21
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

exedcuter 17.08.2012 20:41
Hallo,

ich kann den Rechner wieder normal starten. Unter Programme ist eigentlich alles normal. Nur die Ordner Brettspielewelt und Autostart sind leer.

Gruß
Exedcuter

cosinus 18.08.2012 12:28
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

exedcuter 18.08.2012 19:40
Hallo Cosinus,

anbei das Log vom neuen Scan mit OTL:

OTL Logfile:
Code:
OTL logfile created on: 18.08.2012 19:20:13 - Run 2
OTL by OldTimer - Version 3.2.58.0    Folder = C:\Users\Patti\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 52,70% Memory free
6,19 Gb Paging File | 4,67 Gb Available in Paging File | 75,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 81,26 Gb Total Space | 0,96 Gb Free Space | 1,18% Space Free | Partition Type: NTFS
Drive D: | 49,50 Gb Total Space | 8,15 Gb Free Space | 16,47% Space Free | Partition Type: FAT32
Drive E: | 167,32 Gb Total Space | 5,10 Gb Free Space | 3,05% Space Free | Partition Type: NTFS
Drive F: | 272,36 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: PATTI-PC | User Name: Patti | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.18 19:15:31 | 000,598,016 | ---- | M] (OldTimer Tools) -- C:\Users\Patti\Downloads\OTL(1).exe
PRC - [2012.08.17 22:12:05 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe
PRC - [2012.07.23 23:28:42 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.06.08 13:02:10 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Programme\Microsoft\BingBar\7.1.361.0\SeaPort.EXE
PRC - [2011.10.11 15:00:02 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.11 14:59:37 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.04.08 12:59:52 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Common Files\Java\Java Update\jucheck.exe
PRC - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () -- C:\Programme\ICQ6Toolbar\ICQ Service.exe
PRC - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 11:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2009.01.08 07:36:42 | 002,521,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\Updater6\Adobe_Updater.exe
PRC - [2008.02.28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 04:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.12.17 11:02:28 | 004,718,592 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007.11.02 12:35:42 | 002,564,096 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe
PRC - [2007.11.02 12:31:24 | 000,069,632 | ---- | M] () -- C:\Programme\Softex\OmniPass\opvapp.exe
PRC - [2007.11.02 12:31:08 | 000,040,960 | ---- | M] (Softex Inc.) -- C:\Programme\Softex\OmniPass\OmniServ.exe
PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\WisLMSvc.exe
PRC - [2007.09.07 09:26:54 | 000,086,016 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\WButton.exe
PRC - [2007.09.06 11:23:36 | 000,188,416 | ---- | M] (Wistron) -- C:\Programme\Launch Manager\HotkeyApp.exe
PRC - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
PRC - [2007.08.31 11:04:26 | 000,102,400 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPStart.exe
PRC - [2006.12.26 11:23:34 | 000,180,224 | ---- | M] (Wistron Corp.) -- C:\Programme\Launch Manager\OSD.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.17 22:12:04 | 009,465,032 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_271.dll
MOD - [2012.07.23 23:28:41 | 002,003,424 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.07.01 12:54:04 | 000,115,137 | ---- | M] () -- C:\Users\Patti\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
MOD - [2012.06.16 21:42:26 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\f2691cfa7671cdc58179e56ba9227591\System.Windows.Forms.ni.dll
MOD - [2012.06.16 21:42:07 | 001,592,320 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\18f9789aa214c657113e676b3a9015aa\System.Drawing.ni.dll
MOD - [2012.06.16 21:41:37 | 014,329,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7343fbab1ba137db2f8b284047ef3f3c\PresentationFramework.ni.dll
MOD - [2012.06.16 21:40:31 | 012,219,392 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7b6293b0c23321c255c2530aea8e32bb\PresentationCore.ni.dll
MOD - [2012.06.08 13:02:10 | 000,021,432 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012.05.24 03:50:18 | 000,649,680 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll
MOD - [2012.05.24 03:50:18 | 000,539,088 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\FirmwareUpdateAgent.Common.dll
MOD - [2012.05.24 03:50:18 | 000,007,168 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\IPCServer.dll
MOD - [2012.05.24 03:50:18 | 000,003,584 | ---- | M] () -- C:\Programme\Samsung\Kies\External\FirmwareUpdate\ISharedIPCInterface.dll
MOD - [2012.05.12 18:50:55 | 000,998,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\f3d4d5fe5ab848fbfcf91a49960dc8ae\System.Management.ni.dll
MOD - [2012.05.12 18:30:27 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll
MOD - [2012.05.12 18:29:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll
MOD - [2012.05.12 18:28:28 | 005,450,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll
MOD - [2012.05.12 18:26:05 | 002,295,296 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\0f2b877ed16daa577f95be735a63d19c\System.Core.ni.dll
MOD - [2012.05.12 18:25:52 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\c8c3ab08933fef9fb6657da871395c46\PresentationFramework.Aero.ni.dll
MOD - [2012.05.12 11:05:48 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\54426ee1881b42af5b090e223f43823c\WindowsBase.ni.dll
MOD - [2012.05.12 11:05:41 | 007,953,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll
MOD - [2012.05.12 11:05:23 | 011,492,352 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll
MOD - [2009.03.30 06:42:11 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2007.11.02 12:36:16 | 000,048,208 | ---- | M] () -- C:\Programme\Softex\OmniPass\hdddrv.dll
MOD - [2007.11.02 12:35:42 | 002,564,096 | ---- | M] () -- C:\Programme\Softex\OmniPass\scureapp.exe
MOD - [2007.11.02 12:28:16 | 000,434,176 | ---- | M] () -- C:\Programme\Softex\OmniPass\userdata.dll
MOD - [2007.11.02 12:28:04 | 001,077,248 | ---- | M] () -- C:\Programme\Softex\OmniPass\autheng.dll
MOD - [2007.11.02 12:27:48 | 000,532,480 | ---- | M] () -- C:\Programme\Softex\OmniPass\storeng.dll
MOD - [2007.11.02 12:27:40 | 000,061,440 | ---- | M] () -- C:\Programme\Softex\OmniPass\scuredll.dll
MOD - [2007.11.02 12:27:28 | 000,016,896 | ---- | M] () -- C:\Programme\Softex\OmniPass\cryptodll.dll
MOD - [2007.11.02 12:27:26 | 000,013,824 | ---- | M] () -- C:\Programme\Softex\OmniPass\SSPLogon.dll
MOD - [2007.09.01 14:03:50 | 000,032,768 | ---- | M] () -- C:\Programme\Launch Manager\LaunchAp.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.08.17 22:12:05 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.23 23:28:41 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.10 11:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Programme\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012.02.10 11:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Programme\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.11 14:59:49 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.11 14:59:37 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2009.08.18 11:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007.11.02 12:31:08 | 000,040,960 | ---- | M] (Softex Inc.) [Auto | Running] -- C:\Programme\Softex\OmniPass\OmniServ.exe -- (omniserv)
SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.09.11 15:37:58 | 000,118,784 | ---- | M] (Wistron Corp.) [On_Demand | Running] -- C:\Programme\Launch Manager\WisLMSvc.exe -- (WisLMSvc)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.02.20 23:36:27 | 000,137,416 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011.10.11 15:00:01 | 000,074,640 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.07.26 17:26:44 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.09 19:09:04 | 000,722,416 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV - [2008.02.15 14:52:20 | 000,039,472 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hotcore3.sys -- (hotcore3)
DRV - [2008.01.21 04:23:21 | 000,016,896 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV - [2007.12.20 02:46:00 | 007,630,400 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.11.06 08:58:50 | 000,131,672 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\System32\drivers\Uim_IM.sys -- (Uim_IM)
DRV - [2007.11.06 08:58:50 | 000,032,080 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\System32\drivers\UimBus.sys -- (UimBus)
DRV - [2007.08.28 15:47:36 | 000,146,560 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atswpdrv.sys -- (ATSWPDRV)
DRV - [2007.08.08 08:26:06 | 002,226,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.07.31 11:58:18 | 000,908,896 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PhilCap.sys -- (PhilCap)
DRV - [2007.06.01 10:29:04 | 000,210,736 | ---- | M] (Silicon Image, Inc) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\Si3531.sys -- (Si3531)
DRV - [2007.05.25 09:41:00 | 000,017,328 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiWinAcc.sys -- (SiFilter)
DRV - [2007.05.25 09:40:58 | 000,012,464 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SiRemFil.sys -- (SiRemFil)
DRV - [2007.04.30 13:42:14 | 000,081,408 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2006.11.28 15:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006.11.17 10:31:04 | 000,013,976 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2003.04.28 11:27:06 | 000,009,867 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\HOTKEY.sys -- (Hotkey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1528014813-652953021-2396465278-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKU\S-1-5-21-1528014813-652953021-2396465278-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1528014813-652953021-2396465278-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1528014813-652953021-2396465278-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-1528014813-652953021-2396465278-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1528014813-652953021-2396465278-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-1528014813-652953021-2396465278-1000\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKU\S-1-5-21-1528014813-652953021-2396465278-1000\..\SearchScopes,DefaultScope = {43CB0ED4-FFA5-4BB7-86CB-DF81DDD8853A}
IE - HKU\S-1-5-21-1528014813-652953021-2396465278-1000\..\SearchScopes\{43CB0ED4-FFA5-4BB7-86CB-DF81DDD8853A}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-1528014813-652953021-2396465278-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1528014813-652953021-2396465278-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-21-1528014813-652953021-2396465278-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7MEDA_de&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1528014813-652953021-2396465278-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=vuIH2sYg_KdJOtqKkqNh7fC8PB8?q={searchTerms}
IE - HKU\S-1-5-21-1528014813-652953021-2396465278-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1528014813-652953021-2396465278-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1528014813-652953021-2396465278-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com/
IE - HKU\S-1-5-21-1528014813-652953021-2396465278-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.medion.com/
IE - HKU\S-1-5-21-1528014813-652953021-2396465278-1001\..\SearchScopes,DefaultScope = {6B31462F-3628-4234-B6E7-D7165317D01B}
IE - HKU\S-1-5-21-1528014813-652953021-2396465278-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA
IE - HKU\S-1-5-21-1528014813-652953021-2396465278-1001\..\SearchScopes\{6B31462F-3628-4234-B6E7-D7165317D01B}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-1528014813-652953021-2396465278-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://start.icq.com/"
FF - prefs.js..extensions.enabledItems: {4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}:0.6.7
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {9d1f059c-cada-4111-9696-41a62d64e3ba}:0.5.3.4
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011.02.17 01:25:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011.02.17 01:25:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.09 20:38:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.07.23 23:28:42 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.10.18 14:51:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.09 20:38:29 | 000,000,000 | ---D | M]
 
[2009.06.11 20:57:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patti\AppData\Roaming\mozilla\Extensions
[2012.08.16 20:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions
[2010.02.12 01:26:58 | 000,000,000 | ---D | M] (Ad blocker) -- C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3612C}
[2012.07.26 23:23:12 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.06.23 22:38:57 | 000,000,000 | ---D | M] (FoxTrick) -- C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
[2009.07.04 09:44:10 | 000,000,000 | ---D | M] (jDownFF) -- C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions\{a3b24d40-bac4-11dc-95ff-0800200c9a66}
[2012.08.16 12:39:06 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-1.xml
[2010.10.15 09:08:08 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-10.xml
[2010.10.22 17:37:05 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-11.xml
[2010.10.29 12:20:59 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-12.xml
[2010.11.03 22:46:01 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-13.xml
[2011.03.11 01:04:13 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-14.xml
[2011.03.26 01:04:51 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-15.xml
[2011.05.01 22:12:46 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-16.xml
[2011.07.05 23:16:32 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-17.xml
[2011.08.21 10:38:23 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-18.xml
[2011.08.25 08:37:53 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-19.xml
[2009.08.06 22:19:20 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-2.xml
[2011.09.09 22:18:37 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-20.xml
[2011.10.12 22:35:18 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-21.xml
[2011.11.08 19:55:20 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-22.xml
[2012.01.15 17:35:51 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-23.xml
[2012.02.06 23:14:15 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-24.xml
[2012.02.16 23:40:14 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-25.xml
[2012.02.18 01:19:17 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-26.xml
[2012.02.20 23:34:22 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-27.xml
[2012.05.08 00:39:50 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-28.xml
[2012.07.01 13:44:52 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-29.xml
[2009.09.13 10:55:01 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-3.xml
[2012.07.23 23:29:05 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-30.xml
[2012.08.16 20:35:46 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-31.xml
[2009.10.31 19:42:23 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-4.xml
[2009.12.19 11:17:35 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-5.xml
[2010.01.07 01:28:25 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-6.xml
[2010.07.26 21:59:04 | 000,000,961 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-7.xml
[2010.07.27 19:10:25 | 000,000,961 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-8.xml
[2010.09.18 18:28:01 | 000,000,961 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-9.xml
[2010.06.21 17:35:24 | 000,001,042 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin.xml
[2009.06.26 19:26:39 | 000,000,945 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\youtube-videosuche.xml
[2011.11.14 23:12:20 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2009.06.14 20:51:29 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2011.10.19 00:30:45 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.10.31 00:17:27 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\PATTI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S066D2HQ.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012.07.23 23:28:42 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2012.07.01 13:44:28 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.01 13:44:28 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.01 13:44:28 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.01 13:44:28 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.01 13:44:28 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.01 13:44:28 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O1 - Hosts: ::1            localhost
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Programme\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" File not found
O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron)
O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe ()
O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [OmniPass] C:\Programme\Softex\OmniPass\scureapp.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [SynTPStart] C:\Programme\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.)
O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe File not found
O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1528014813-652953021-2396465278-1000..\Run: [KiesPDLR] C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-1528014813-652953021-2396465278-1000..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1528014813-652953021-2396465278-1001..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKU\S-1-5-21-1528014813-652953021-2396465278-1001..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-1528014813-652953021-2396465278-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-1528014813-652953021-2396465278-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-21-1528014813-652953021-2396465278-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-1528014813-652953021-2396465278-1000\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1528014813-652953021-2396465278-1000\..Trusted Ranges: GD ([http] in Local intranet)
O15 - HKU\S-1-5-21-1528014813-652953021-2396465278-1001\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKU\S-1-5-21-1528014813-652953021-2396465278-1001\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{168DF045-4E75-449B-B791-44073669C676}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{44A128CB-9F60-4BBA-8DA4-61D65F626837}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.04.06 09:56:36 | 000,000,050 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{16eee8bf-bc67-11dd-90f7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{16eee8bf-bc67-11dd-90f7-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Welcome.exe -- [2010.05.28 16:11:06 | 000,626,080 | R--- | M] (Nikon Corporation)
O33 - MountPoints2\{79d3f352-8507-11de-8363-001f1603e7e5}\Shell - "" = AutoRun
O33 - MountPoints2\{79d3f352-8507-11de-8363-001f1603e7e5}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{79d3f352-8507-11de-8363-001f1603e7e5}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{79d3f352-8507-11de-8363-001f1603e7e5}\Shell\install\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{888839a6-2604-11e0-9dad-001f1603e7e5}\Shell\AutoRun\command - "" = I:\EmDesk.exe
O33 - MountPoints2\{888839a6-2604-11e0-9dad-001f1603e7e5}\Shell\EmDesk\command - "" = I:\EmDesk.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: Sharedaccess -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: wuauserv -  File not found
NetSvcs: BITS -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk - C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe - (Hewlett-Packard Co.)
MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Photo Loader resident.lnk - C:\Programme\CASIO\Photo Loader\Plauto.exe - (CASIO COMPUTER CO.,LTD.)
MsConfig - StartUpReg: DAEMON Tools Pro Agent - hkey= - key= - C:\Program Files\DAEMON Tools Pro\DTProAgent.exe (DT Soft Ltd)
MsConfig - StartUpReg: IAAnotif - hkey= - key= - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
MsConfig - StartUpReg: KiesHelper - hkey= - key= -  File not found
MsConfig - StartUpReg: KiesPDLR - hkey= - key= - C:\Programme\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MsConfig - StartUpReg: KiesTrayAgent - hkey= - key= - C:\Programme\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
MsConfig - StartUpReg: NBKeyScan - hkey= - key= - C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
MsConfig - StartUpReg: RemoteControl - hkey= - key= - C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.)
MsConfig - StartUpReg: SearchSettings - hkey= - key= -  File not found
MsConfig - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files\Winamp\winampa.exe ()
MsConfig - StartUpReg: Windows Defender - hkey= - key= -  File not found
MsConfig - State: "startup" - 2
 
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS -  File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: WinDefend - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: BFE - Service
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: MPSSvc - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS -  File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: SharedAccess -  File not found
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: WinDefend - Service
SafeBootNet: WudfPf - Driver
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} -
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} -
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Reg Error: Value error.
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.13 11:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.08.09 11:22:21 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Patti\Desktop\OTL.exe
[2012.08.09 09:33:01 | 000,000,000 | ---D | C] -- C:\Users\Patti\AppData\Roaming\Malwarebytes
[2012.08.09 09:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.09 09:32:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.09 09:32:45 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.09 09:32:45 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.05 22:25:01 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF9800533D8A1932A77A2F3B707C
[2012.07.30 19:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Nikon
[2012.07.30 19:12:18 | 000,000,000 | ---D | C] -- C:\Users\Patti\AppData\Local\Macromedia
[2012.07.29 22:44:45 | 000,000,000 | ---D | C] -- C:\Users\Patti\AppData\Roaming\Nikon
[2012.07.29 22:44:45 | 000,000,000 | ---D | C] -- C:\Users\Patti\AppData\Local\Nikon
[2012.07.29 21:00:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nikon Message Center 2
[2012.07.29 20:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ViewNX 2
[2012.07.29 20:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nikon
[2012.07.29 20:56:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Sports
[2012.07.29 20:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Sounds
[2012.07.29 20:56:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Screen Savers
[2012.07.29 20:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Ultima_T15
[2012.07.29 20:56:18 | 000,000,000 | ---D | C] -- C:\ProgramData\EnterNHelp
[2012.07.29 20:55:18 | 000,000,000 | ---D | C] -- C:\Program Files\Nikon
[2012.07.29 20:51:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Link to Nikon
 
========== Files - Modified Within 30 Days ==========
 
File not found -- C:\Windows\System32\
[2012.08.18 19:14:14 | 000,002,735 | ---- | M] () -- C:\Users\Patti\Desktop\Microsoft Office Outlook 2007.lnk
[2012.08.18 19:14:11 | 000,109,553 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\nvModes.001
[2012.08.18 19:12:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.18 18:11:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.18 16:50:22 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.18 16:50:21 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.18 16:50:06 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.18 00:00:27 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.08.13 12:55:12 | 000,000,680 | ---- | M] () -- C:\Users\Patti\AppData\Local\d3d9caps.dat
[2012.08.09 11:13:24 | 000,000,020 | ---- | M] () -- C:\Users\Patti\defogger_reenable
[2012.08.09 11:05:06 | 000,302,592 | ---- | M] () -- C:\Users\Patti\Desktop\1smgnkw6.exe
[2012.08.09 11:04:06 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Patti\Desktop\OTL.exe
[2012.08.09 09:32:46 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.03 22:17:59 | 000,109,553 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\nvModes.dat
[2012.07.29 22:53:02 | 000,001,437 | ---- | M] () -- C:\Users\Public\Desktop\Hattrick Organizer.lnk
[2012.07.29 22:45:18 | 000,000,000 | ---- | M] () -- C:\Windows\ViewNX2.INI
[2012.07.29 22:44:49 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLet.DAT
[2012.07.29 20:56:55 | 000,001,847 | ---- | M] () -- C:\Users\Public\Desktop\ViewNX 2.lnk
[2012.07.29 20:56:20 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Clips
[2012.07.29 20:56:20 | 000,000,268 | RH-- | M] () -- C:\Users\Patti\AppData\Roaming\Chorus
[2012.07.29 20:56:20 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLev.DAT
[2012.07.29 20:56:19 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Clean Electric Guitar
[2012.07.29 20:56:19 | 000,000,268 | RH-- | M] () -- C:\ProgramData\Classical
[2012.07.29 20:56:19 | 000,000,268 | RH-- | M] () -- C:\Users\Patti\AppData\Roaming\Chiller
[2012.07.29 20:56:19 | 000,000,268 | RH-- | M] () -- C:\Users\Patti\AppData\Roaming\Channel
[2012.07.29 20:56:19 | 000,000,020 | -H-- | M] () -- C:\ProgramData\PKP_DLes.DAT
 
========== Files Created - No Company Name ==========
 
File not found -- C:\Windows\System32\
[2012.08.17 21:32:42 | 3219,578,880 | -HS- | C] () -- C:\hiberfil.sys
[2012.08.09 11:12:58 | 000,000,020 | ---- | C] () -- C:\Users\Patti\defogger_reenable
[2012.08.09 11:05:06 | 000,302,592 | ---- | C] () -- C:\Users\Patti\Desktop\1smgnkw6.exe
[2012.08.09 09:38:05 | 000,000,680 | ---- | C] () -- C:\Users\Patti\AppData\Local\d3d9caps.dat
[2012.08.09 09:32:46 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.09 09:22:52 | 000,013,312 | ---- | C] () -- C:\Users\Patti\AppData\Local\{197538d8-ccc8-f96e-3793-730a2117a111}\U\80000000.@
[2012.08.05 22:38:11 | 000,001,712 | ---- | C] () -- C:\Users\Patti\AppData\Local\{197538d8-ccc8-f96e-3793-730a2117a111}\U\00000001.@
[2012.08.05 22:24:12 | 000,001,712 | ---- | C] () -- C:\Windows\Installer\{197538d8-ccc8-f96e-3793-730a2117a111}\U\00000001.@
[2012.07.30 19:10:50 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.29 22:53:02 | 000,001,437 | ---- | C] () -- C:\Users\Public\Desktop\Hattrick Organizer.lnk
[2012.07.29 22:45:18 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI
[2012.07.29 20:56:55 | 000,001,847 | ---- | C] () -- C:\Users\Public\Desktop\ViewNX 2.lnk
[2012.07.29 20:56:20 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Clips
[2012.07.29 20:56:20 | 000,000,268 | RH-- | C] () -- C:\Users\Patti\AppData\Roaming\Chorus
[2012.07.29 20:56:20 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT
[2012.07.29 20:56:19 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Clean Electric Guitar
[2012.07.29 20:56:19 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Classical
[2012.07.29 20:56:19 | 000,000,268 | RH-- | C] () -- C:\Users\Patti\AppData\Roaming\Chiller
[2012.07.29 20:56:19 | 000,000,268 | RH-- | C] () -- C:\Users\Patti\AppData\Roaming\Channel
[2012.07.29 20:56:19 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT
[2012.07.29 20:56:18 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT
[2012.04.09 20:26:31 | 000,203,568 | ---- | C] () -- C:\Windows\hpwins20.dat.temp
[2012.04.09 20:26:31 | 000,002,428 | ---- | C] () -- C:\Windows\hpwmdl20.dat.temp
[2012.02.19 20:18:51 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012.01.11 22:29:40 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{197538d8-ccc8-f96e-3793-730a2117a111}\@
[2012.01.11 22:29:40 | 000,002,048 | -HS- | C] () -- C:\Users\Patti\AppData\Local\{197538d8-ccc8-f96e-3793-730a2117a111}\@
[2011.10.18 15:10:49 | 000,000,261 | ---- | C] () -- C:\Windows\n02.ini
[2011.10.18 15:01:08 | 000,001,015 | ---- | C] () -- C:\Windows\kaillera.ini
[2011.07.26 17:26:48 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.07.26 17:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011.07.26 17:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011.07.26 17:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011.07.26 17:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2011.03.05 13:27:07 | 000,146,252 | ---- | C] () -- C:\Windows\hpoins18.dat
[2011.03.05 13:26:47 | 000,006,600 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2011.02.26 11:40:46 | 735,422,464 | ---- | C] () -- C:\Users\Patti\ps-bangema.avi
[2009.07.19 22:24:36 | 000,000,164 | ---- | C] () -- C:\Users\Patti\AppData\Roaming\Default.PLS
[2009.06.29 17:53:31 | 000,109,553 | ---- | C] () -- C:\Users\Patti\AppData\Roaming\nvModes.001
[2009.06.29 17:53:29 | 000,109,553 | ---- | C] () -- C:\Users\Patti\AppData\Roaming\nvModes.dat
[2009.06.26 17:56:45 | 000,034,304 | ---- | C] () -- C:\Users\Patti\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.06.15 20:32:32 | 000,000,020 | ---- | C] () -- C:\Users\Patti\ho.dir
 
========== LOP Check ==========
 
[2010.06.22 21:36:17 | 000,000,000 | ---D | M] -- C:\Users\Ines\AppData\Roaming\Template
[2009.08.09 19:20:49 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\DAEMON Tools Pro
[2011.07.05 23:46:38 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\DVDVideoSoft
[2011.01.05 17:13:43 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\ICQ
[2012.04.16 22:35:07 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Image Zone Express
[2012.07.01 14:04:47 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\IrfanView
[2011.02.11 23:25:00 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\mkvtoolnix
[2012.07.29 22:44:45 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Nikon
[2011.12.06 20:29:50 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Printer Info Cache
[2011.08.05 11:36:59 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Registry Mechanic
[2011.08.12 17:51:27 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Samsung
[2012.08.18 00:00:28 | 000,032,606 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2009.06.16 22:15:30 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Adobe
[2010.06.21 22:44:47 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Apple Computer
[2011.10.17 13:02:50 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Avira
[2010.01.09 14:01:22 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\CyberLink
[2009.08.09 19:20:49 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\DAEMON Tools Pro
[2011.02.28 01:12:13 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\DivX
[2011.07.11 19:35:19 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\dvdcss
[2011.07.05 23:46:38 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\DVDVideoSoft
[2012.04.09 20:49:11 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\HP
[2012.05.06 19:00:31 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\HPAppData
[2010.07.20 22:02:52 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\HpUpdate
[2011.01.05 17:13:43 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\ICQ
[2009.06.11 19:04:47 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Identities
[2012.04.16 22:35:07 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Image Zone Express
[2012.07.01 14:04:47 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\IrfanView
[2009.06.11 19:44:45 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Macromedia
[2012.08.09 09:33:01 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Malwarebytes
[2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Media Center Programs
[2012.07.30 19:12:18 | 000,000,000 | --SD | M] -- C:\Users\Patti\AppData\Roaming\Microsoft
[2011.02.11 23:25:00 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\mkvtoolnix
[2009.06.11 20:57:23 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Mozilla
[2009.06.11 19:05:12 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Nero
[2012.07.29 22:44:45 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Nikon
[2011.12.06 20:29:50 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Printer Info Cache
[2011.08.05 11:36:59 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Registry Mechanic
[2011.08.12 17:51:27 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Samsung
[2011.12.24 02:56:22 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Skype
[2011.10.19 00:29:58 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\skypePM
[2011.10.06 00:12:08 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\vlc
[2011.11.26 12:04:15 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\Winamp
[2009.06.14 22:13:09 | 000,000,000 | ---D | M] -- C:\Users\Patti\AppData\Roaming\WinRAR
 
< %APPDATA%\*.exe /s >
[2012.07.29 20:58:18 | 000,057,344 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Patti\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
[2012.07.16 06:23:56 | 000,975,800 | ---- | M] (Samsung) -- C:\Users\Patti\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\Kies.exe
[2012.07.16 06:23:58 | 000,278,968 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesDriverInstaller.exe
[2012.06.26 09:04:30 | 000,320,000 | ---- | M] (Samsung) -- C:\Users\Patti\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesLogger.exe
[2012.07.16 06:23:56 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Patti\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\KiesTrayAgent.exe
[2012.06.26 09:03:34 | 000,182,784 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Patti\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\ConnectionManager.exe
[2012.06.26 09:03:34 | 000,321,536 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Patti\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceDataService.exe
[2012.07.16 06:19:36 | 000,717,312 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Patti\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\DeviceManager.exe
[2012.07.16 06:24:02 | 000,067,512 | ---- | M] (Samsung) -- C:\Users\Patti\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\DeviceModules\Kies_Tutorial.exe
[2012.06.26 09:03:16 | 000,106,960 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AgentInstaller.exe
[2012.06.26 09:03:16 | 000,101,328 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\AgentUpdate.exe
[2012.07.16 06:24:04 | 000,183,736 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\BinaryLoaderMgr.exe
[2012.07.16 06:24:06 | 000,021,432 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\FirmwareUpdate\KiesPDLR.exe
[2012.07.16 06:24:06 | 003,742,648 | ---- | M] (Freeware) -- C:\Users\Patti\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\MediaModules\MyFreeCodecPack.exe
[2012.06.26 09:03:02 | 000,262,144 | ---- | M] (ENJsoft corp.) -- C:\Users\Patti\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\TransModules\SelfMV.exe
[2012.06.26 09:03:04 | 000,090,112 | ---- | M] (ENJsoft corp.) -- C:\Users\Patti\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\External\TransModules\SelfMV2.exe
[2012.06.26 09:02:34 | 024,164,152 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Patti\AppData\Roaming\Samsung\Kies\UpdateTemp\Sub\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe
[2012.06.08 13:02:14 | 000,371,128 | ---- | M] (ml) -- C:\Users\Patti\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2012.07.16 06:24:08 | 000,451,000 | ---- | M] (ml) -- C:\Users\Patti\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_4c9c5a00\atapi.sys
[2008.03.12 08:38:18 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=0D83C87A801A3DFCD1BF73893FE7518C -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18034_none_dd1bb97e219e87cb\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2008.03.12 08:24:20 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=96DC4E1A9F90CCD489950A8935425C59 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.22134_none_dda556493abc2795\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2007.09.29 23:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys
[2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_7baf6192\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
[2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2011.09.23 23:12:07 | 000,353,792 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll
[2011.09.23 23:12:07 | 000,223,232 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll
[2011.09.23 23:12:05 | 000,580,608 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msfeeds.dll
[2008.01.21 04:24:11 | 001,386,496 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\msvbvm60.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
--- --- ---


Vielen dank nochmal für deine Bemühungen.:dankeschoen:

Gruß
Exedcuter

cosinus 20.08.2012 16:44
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
SRV - [2010.09.06 19:56:38 | 000,247,096 | ---- | M] () [Auto | Running] -- C:\Programme\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
IE - HKU\S-1-5-21-1528014813-652953021-2396465278-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKU\S-1-5-21-1528014813-652953021-2396465278-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=vuIH2sYg_KdJOtqKkqNh7fC8PB8?q={searchTerms}
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://start.icq.com/"
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q="
FF - user.js - File not found
[2012.07.26 23:23:12 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2012.08.16 12:39:06 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-1.xml
[2010.10.15 09:08:08 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-10.xml
[2010.10.22 17:37:05 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-11.xml
[2010.10.29 12:20:59 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-12.xml
[2010.11.03 22:46:01 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-13.xml
[2011.03.11 01:04:13 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-14.xml
[2011.03.26 01:04:51 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-15.xml
[2011.05.01 22:12:46 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-16.xml
[2011.07.05 23:16:32 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-17.xml
[2011.08.21 10:38:23 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-18.xml
[2011.08.25 08:37:53 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-19.xml
[2009.08.06 22:19:20 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-2.xml
[2011.09.09 22:18:37 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-20.xml
[2011.10.12 22:35:18 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-21.xml
[2011.11.08 19:55:20 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-22.xml
[2012.01.15 17:35:51 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-23.xml
[2012.02.06 23:14:15 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-24.xml
[2012.02.16 23:40:14 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-25.xml
[2012.02.18 01:19:17 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-26.xml
[2012.02.20 23:34:22 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-27.xml
[2012.05.08 00:39:50 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-28.xml
[2012.07.01 13:44:52 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-29.xml
[2009.09.13 10:55:01 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-3.xml
[2012.07.23 23:29:05 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-30.xml
[2012.08.16 20:35:46 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-31.xml
[2009.10.31 19:42:23 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-4.xml
[2009.12.19 11:17:35 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-5.xml
[2010.01.07 01:28:25 | 000,000,950 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-6.xml
[2010.07.26 21:59:04 | 000,000,961 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-7.xml
[2010.07.27 19:10:25 | 000,000,961 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-8.xml
[2010.09.18 18:28:01 | 000,000,961 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-9.xml
[2010.06.21 17:35:24 | 000,001,042 | ---- | M] () -- C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin.xml
[2009.06.14 20:51:29 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Programme\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O4 - HKLM..\Run: []  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.04.06 09:56:36 | 000,000,050 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{16eee8bf-bc67-11dd-90f7-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{16eee8bf-bc67-11dd-90f7-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Welcome.exe -- [2010.05.28 16:11:06 | 000,626,080 | R--- | M] (Nikon Corporation)
O33 - MountPoints2\{79d3f352-8507-11de-8363-001f1603e7e5}\Shell - "" = AutoRun
O33 - MountPoints2\{79d3f352-8507-11de-8363-001f1603e7e5}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{79d3f352-8507-11de-8363-001f1603e7e5}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{79d3f352-8507-11de-8363-001f1603e7e5}\Shell\install\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{888839a6-2604-11e0-9dad-001f1603e7e5}\Shell\AutoRun\command - "" = I:\EmDesk.exe
O33 - MountPoints2\{888839a6-2604-11e0-9dad-001f1603e7e5}\Shell\EmDesk\command - "" = I:\EmDesk.exe
@Alternate Data Stream - 104 bytes -> C:\ProgramData\TEMP:D1B5B4F1
:Files
C:\ProgramData\036DFF9800533D8A1932A77A2F3B707C
C:\Programme\ICQ6Toolbar
C:\Users\Patti\AppData\Local\{197538d8-ccc8-f96e-3793-730a2117a111}\L
C:\Users\Patti\AppData\Local\{197538d8-ccc8-f96e-3793-730a2117a111}\U
C:\Users\Patti\AppData\Local\{197538d8-ccc8-f96e-3793-730a2117a111}\n
C:\Users\Patti\AppData\Local\{197538d8-ccc8-f96e-3793-730a2117a111}\@
C:\Windows\Installer\{197538d8-ccc8-f96e-3793-730a2117a111}\L
C:\Windows\Installer\{197538d8-ccc8-f96e-3793-730a2117a111}\U
C:\Windows\Installer\{197538d8-ccc8-f96e-3793-730a2117a111}\n
C:\Windows\Installer\{197538d8-ccc8-f96e-3793-730a2117a111}\@
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

exedcuter 20.08.2012 21:35
Hallo Cosinus,

anbei das neu Log von OTL nach dem fixen.

Code:
All processes killed
========== OTL ==========
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
C:\Programme\ICQ6Toolbar\ICQ Service.exe moved successfully.
Registry key HKEY_USERS\S-1-5-21-1528014813-652953021-2396465278-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_USERS\S-1-5-21-1528014813-652953021-2396465278-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{70D46D94-BF1E-45ED-B567-48701376298E}\ not found.
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "chr-greentree_ff&type=827316&ilc=12" removed from browser.search.param.yahoo-fr
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "hxxp://start.icq.com/" removed from browser.startup.homepage
Prefs.js: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.3&q=" removed from keyword.URL
C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\skin folder moved successfully.
C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\tr folder moved successfully.
C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\sk folder moved successfully.
C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\ru folder moved successfully.
C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\it folder moved successfully.
C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\he folder moved successfully.
C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\fr folder moved successfully.
C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\es folder moved successfully.
C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\en-US folder moved successfully.
C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\de folder moved successfully.
C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\cs folder moved successfully.
C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale\bg folder moved successfully.
C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\locale folder moved successfully.
C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content\img folder moved successfully.
C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome\content folder moved successfully.
C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Users\Patti\AppData\Roaming\mozilla\Firefox\Profiles\s066d2hq.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-14.xml moved successfully.
C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-15.xml moved successfully.
C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-16.xml moved successfully.
C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-17.xml moved successfully.
C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-18.xml moved successfully.
C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-19.xml moved successfully.
C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-20.xml moved successfully.
C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-21.xml moved successfully.
C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-22.xml moved successfully.
C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-23.xml moved successfully.
C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-24.xml moved successfully.
C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-25.xml moved successfully.
C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-26.xml moved successfully.
C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-27.xml moved successfully.
C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-28.xml moved successfully.
C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-29.xml moved successfully.
C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-30.xml moved successfully.
C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-31.xml moved successfully.
C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\searchplugins\icqplugin.xml moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\search_engine folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\META-INF folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults\preferences folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\defaults folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\components folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}\chrome folder moved successfully.
C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} folder moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ deleted successfully.
C:\Programme\ICQ6Toolbar\ICQToolBar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLUA deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
File move failed. F:\AUTORUN.INF scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16eee8bf-bc67-11dd-90f7-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16eee8bf-bc67-11dd-90f7-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{16eee8bf-bc67-11dd-90f7-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{16eee8bf-bc67-11dd-90f7-806e6f6e6963}\ not found.
File move failed. F:\Welcome.exe scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79d3f352-8507-11de-8363-001f1603e7e5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79d3f352-8507-11de-8363-001f1603e7e5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79d3f352-8507-11de-8363-001f1603e7e5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79d3f352-8507-11de-8363-001f1603e7e5}\ not found.
File G:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79d3f352-8507-11de-8363-001f1603e7e5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79d3f352-8507-11de-8363-001f1603e7e5}\ not found.
File G:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{79d3f352-8507-11de-8363-001f1603e7e5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79d3f352-8507-11de-8363-001f1603e7e5}\ not found.
File G:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{888839a6-2604-11e0-9dad-001f1603e7e5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{888839a6-2604-11e0-9dad-001f1603e7e5}\ not found.
File I:\EmDesk.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{888839a6-2604-11e0-9dad-001f1603e7e5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{888839a6-2604-11e0-9dad-001f1603e7e5}\ not found.
File I:\EmDesk.exe not found.
ADS C:\ProgramData\TEMP:D1B5B4F1 deleted successfully.
========== FILES ==========
C:\ProgramData\036DFF9800533D8A1932A77A2F3B707C folder moved successfully.
File\Folder C:\Programme\ICQ6Toolbar not found.
C:\Users\Patti\AppData\Local\{197538d8-ccc8-f96e-3793-730a2117a111}\L folder moved successfully.
C:\Users\Patti\AppData\Local\{197538d8-ccc8-f96e-3793-730a2117a111}\U folder moved successfully.
File\Folder C:\Users\Patti\AppData\Local\{197538d8-ccc8-f96e-3793-730a2117a111}\n not found.
C:\Users\Patti\AppData\Local\{197538d8-ccc8-f96e-3793-730a2117a111}\@ moved successfully.
C:\Windows\Installer\{197538d8-ccc8-f96e-3793-730a2117a111}\L folder moved successfully.
C:\Windows\Installer\{197538d8-ccc8-f96e-3793-730a2117a111}\U folder moved successfully.
File\Folder C:\Windows\Installer\{197538d8-ccc8-f96e-3793-730a2117a111}\n not found.
C:\Windows\Installer\{197538d8-ccc8-f96e-3793-730a2117a111}\@ moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Ines
->Temp folder emptied: 79921597 bytes
->Temporary Internet Files folder emptied: 10870871 bytes
->Java cache emptied: 32024924 bytes
->FireFox cache emptied: 92278438 bytes
->Flash cache emptied: 4885 bytes
 
User: Patti
->Temp folder emptied: 5855327003 bytes
->Temporary Internet Files folder emptied: 111708556 bytes
->Java cache emptied: 80998007 bytes
->FireFox cache emptied: 61284220 bytes
->Flash cache emptied: 506 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 115879978 bytes
RecycleBin emptied: 1699750555 bytes
 
Total Files Cleaned = 7.763,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: Ines
->Flash cache emptied: 0 bytes
 
User: Patti
->Flash cache emptied: 0 bytes
 
User: Public
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.58.0 log created on 08202012_222139

Files\Folders moved on Reboot...
File move failed. F:\AUTORUN.INF scheduled to be moved on reboot.
File move failed. F:\Welcome.exe scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2007.04.06 09:56:36 | 000,000,050 | R--- | M] () F:\AUTORUN.INF : MD5=75D195D46D8563DCD4C6E938C9B58078
[2010.05.28 16:11:06 | 000,626,080 | R--- | M] (Nikon Corporation) F:\Welcome.exe : MD5=ABC39F7CE096B172C767BBCA00E39B84

Registry entries deleted on Reboot...
Danke und viele Grüße
Exedcuter

cosinus 21.08.2012 12:50
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

exedcuter 21.08.2012 22:35
Hallo Cosinus,

habe mir das TDSSKiller runtergeladen und den Scan wie gewünscht durchgeführt.

Anbei das Log:

Code:
23:29:40.0912 6084  TDSS rootkit removing tool 2.8.7.0 Aug 20 2012 17:30:03
23:29:41.0336 6084  ============================================================
23:29:41.0336 6084  Current date / time: 2012/08/21 23:29:41.0336
23:29:41.0336 6084  SystemInfo:
23:29:41.0336 6084 
23:29:41.0336 6084  OS Version: 6.0.6002 ServicePack: 2.0
23:29:41.0337 6084  Product type: Workstation
23:29:41.0337 6084  ComputerName: PATTI-PC
23:29:41.0337 6084  UserName: Patti
23:29:41.0337 6084  Windows directory: C:\Windows
23:29:41.0337 6084  System windows directory: C:\Windows
23:29:41.0337 6084  Processor architecture: Intel x86
23:29:41.0337 6084  Number of processors: 2
23:29:41.0337 6084  Page size: 0x1000
23:29:41.0337 6084  Boot type: Normal boot
23:29:41.0337 6084  ============================================================
23:29:42.0297 6084  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:29:42.0316 6084  ============================================================
23:29:42.0316 6084  \Device\Harddisk0\DR0:
23:29:42.0316 6084  MBR partitions:
23:29:42.0335 6084  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xA285D31
23:29:42.0335 6084  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xA285D70, BlocksNum 0x14EA2ED2
23:29:42.0336 6084  ============================================================
23:29:42.0368 6084  C: <-> \Device\Harddisk0\DR0\Partition1
23:29:42.0403 6084  E: <-> \Device\Harddisk0\DR0\Partition2
23:29:42.0403 6084  ============================================================
23:29:42.0403 6084  Initialize success
23:29:42.0403 6084  ============================================================
23:31:11.0757 4376  ============================================================
23:31:11.0757 4376  Scan started
23:31:11.0757 4376  Mode: Manual; SigCheck; TDLFS;
23:31:11.0757 4376  ============================================================
23:31:12.0137 4376  ================ Scan services =============================
23:31:12.0357 4376  [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI            C:\Windows\system32\drivers\acpi.sys
23:31:12.0567 4376  ACPI - ok
23:31:12.0677 4376  [ A9D3B95E8466BD58EEB8A1154654E162 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:31:12.0707 4376  AdobeFlashPlayerUpdateSvc - ok
23:31:12.0777 4376  [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
23:31:12.0827 4376  adp94xx - ok
23:31:12.0867 4376  [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci        C:\Windows\system32\drivers\adpahci.sys
23:31:12.0907 4376  adpahci - ok
23:31:12.0927 4376  [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
23:31:12.0957 4376  adpu160m - ok
23:31:12.0987 4376  [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
23:31:13.0017 4376  adpu320 - ok
23:31:13.0067 4376  [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
23:31:13.0197 4376  AeLookupSvc - ok
23:31:13.0247 4376  [ 3911B972B55FEA0478476B2E777B29FA ] AFD            C:\Windows\system32\drivers\afd.sys
23:31:13.0347 4376  AFD - ok
23:31:13.0417 4376  [ CE91B158FA490CF4C4D487A4130F4660 ] AgereSoftModem  C:\Windows\system32\DRIVERS\AGRSM.sys
23:31:13.0567 4376  AgereSoftModem - ok
23:31:13.0607 4376  [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440          C:\Windows\system32\drivers\agp440.sys
23:31:13.0627 4376  agp440 - ok
23:31:13.0647 4376  [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
23:31:13.0667 4376  aic78xx - ok
23:31:13.0697 4376  [ A1545B731579895D8CC44FC0481C1192 ] ALG            C:\Windows\System32\alg.exe
23:31:13.0837 4376  ALG - ok
23:31:13.0857 4376  [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:31:13.0877 4376  aliide - ok
23:31:13.0897 4376  [ C47344BC706E5F0B9DCE369516661578 ] amdagp          C:\Windows\system32\drivers\amdagp.sys
23:31:13.0917 4376  amdagp - ok
23:31:13.0937 4376  [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide          C:\Windows\system32\drivers\amdide.sys
23:31:13.0957 4376  amdide - ok
23:31:13.0987 4376  [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7          C:\Windows\system32\drivers\amdk7.sys
23:31:14.0057 4376  AmdK7 - ok
23:31:14.0087 4376  [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
23:31:14.0167 4376  AmdK8 - ok
23:31:14.0277 4376  [ A122D68EA2541453F787F341877CB40B ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
23:31:14.0307 4376  AntiVirSchedulerService - ok
23:31:14.0347 4376  [ 2FE359EDEB34EFCF42574752F8AEBD3F ] AntiVirService  C:\Program Files\Avira\AntiVir Desktop\avguard.exe
23:31:14.0367 4376  AntiVirService - ok
23:31:14.0437 4376  [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo        C:\Windows\System32\appinfo.dll
23:31:14.0517 4376  Appinfo - ok
23:31:14.0617 4376  [ 018857EAD9A077A56AEDFC0E5EF7A24A ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:31:14.0627 4376  Apple Mobile Device - ok
23:31:14.0677 4376  [ 5D2888182FB46632511ACEE92FDAD522 ] arc            C:\Windows\system32\drivers\arc.sys
23:31:14.0697 4376  arc - ok
23:31:14.0757 4376  [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
23:31:14.0787 4376  arcsas - ok
23:31:14.0817 4376  [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:31:14.0877 4376  AsyncMac - ok
23:31:14.0937 4376  [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi          C:\Windows\system32\drivers\atapi.sys
23:31:14.0967 4376  atapi - ok
23:31:15.0007 4376  [ 69E65A2CE11619F0C868967CA9540B80 ] ATSWPDRV        C:\Windows\system32\DRIVERS\ATSwpDrv.sys
23:31:15.0567 4376  ATSWPDRV - ok
23:31:15.0627 4376  [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:31:15.0687 4376  AudioEndpointBuilder - ok
23:31:15.0717 4376  [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv        C:\Windows\System32\Audiosrv.dll
23:31:15.0757 4376  Audiosrv - ok
23:31:15.0807 4376  [ 7713E4EB0276702FAA08E52A6E23F2A6 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
23:31:15.0827 4376  avgntflt - ok
23:31:15.0867 4376  [ 13B02B9B969DDE270CD7C351203DAD3C ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
23:31:15.0897 4376  avipbb - ok
23:31:15.0947 4376  [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
23:31:15.0967 4376  avkmgr - ok
23:31:16.0067 4376  [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc          C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
23:31:16.0097 4376  BBSvc - ok
23:31:16.0147 4376  [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate        C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
23:31:16.0187 4376  BBUpdate - ok
23:31:16.0227 4376  [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep            C:\Windows\system32\drivers\Beep.sys
23:31:16.0307 4376  Beep - ok
23:31:16.0347 4376  [ D4DF28447741FD3D953526E33A617397 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
23:31:16.0407 4376  blbdrive - ok
23:31:16.0477 4376  [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:31:16.0507 4376  Bonjour Service - ok
23:31:16.0567 4376  [ 35F376253F687BDE63976CCB3F2108CA ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:31:16.0607 4376  bowser - ok
23:31:16.0647 4376  [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
23:31:16.0697 4376  BrFiltLo - ok
23:31:16.0717 4376  [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
23:31:16.0777 4376  BrFiltUp - ok
23:31:16.0807 4376  [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser        C:\Windows\System32\browser.dll
23:31:16.0917 4376  Browser - ok
23:31:16.0947 4376  [ B304E75CFF293029EDDF094246747113 ] Brserid        C:\Windows\system32\drivers\brserid.sys
23:31:17.0197 4376  Brserid - ok
23:31:17.0217 4376  [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
23:31:17.0317 4376  BrSerWdm - ok
23:31:17.0337 4376  [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
23:31:17.0457 4376  BrUsbMdm - ok
23:31:17.0477 4376  [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
23:31:17.0577 4376  BrUsbSer - ok
23:31:17.0627 4376  [ DA7B195275BDA7F8FCF79B40E0F45DDE ] BthEnum        C:\Windows\system32\DRIVERS\BthEnum.sys
23:31:17.0677 4376  BthEnum - ok
23:31:17.0697 4376  [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
23:31:17.0797 4376  BTHMODEM - ok
23:31:17.0827 4376  [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan          C:\Windows\system32\DRIVERS\bthpan.sys
23:31:17.0907 4376  BthPan - ok
23:31:17.0937 4376  [ 671134053D59E23704F08DB19F11E10B ] BTHPORT        C:\Windows\system32\Drivers\BTHport.sys
23:31:18.0027 4376  BTHPORT - ok
23:31:18.0087 4376  [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ        C:\Windows\System32\bthserv.dll
23:31:18.0147 4376  BthServ - ok
23:31:18.0167 4376  [ 93D7007E2C660DFCCA6AE72622740B14 ] BTHUSB          C:\Windows\system32\Drivers\BTHUSB.sys
23:31:18.0237 4376  BTHUSB - ok
23:31:18.0277 4376  [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:31:18.0337 4376  cdfs - ok
23:31:18.0387 4376  [ 6B4BFFB9BECD728097024276430DB314 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
23:31:18.0447 4376  cdrom - ok
23:31:18.0487 4376  [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc    C:\Windows\System32\certprop.dll
23:31:18.0567 4376  CertPropSvc - ok
23:31:18.0597 4376  [ E5D4133F37219DBCFE102BC61072589D ] circlass        C:\Windows\system32\drivers\circlass.sys
23:31:18.0677 4376  circlass - ok
23:31:18.0747 4376  [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS            C:\Windows\system32\CLFS.sys
23:31:18.0777 4376  CLFS - ok
23:31:18.0857 4376  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:31:18.0877 4376  clr_optimization_v2.0.50727_32 - ok
23:31:18.0937 4376  [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:31:18.0997 4376  CmBatt - ok
23:31:19.0047 4376  [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:31:19.0067 4376  cmdide - ok
23:31:19.0077 4376  [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:31:19.0107 4376  Compbatt - ok
23:31:19.0137 4376  COMSysApp - ok
23:31:19.0147 4376  [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
23:31:19.0177 4376  crcdisk - ok
23:31:19.0197 4376  [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe          C:\Windows\system32\drivers\crusoe.sys
23:31:19.0267 4376  Crusoe - ok
23:31:19.0347 4376  [ 75C6A297E364014840B48ECCD7525E30 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:31:19.0397 4376  CryptSvc - ok
23:31:19.0437 4376  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:31:19.0557 4376  DcomLaunch - ok
23:31:19.0597 4376  [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:31:19.0657 4376  DfsC - ok
23:31:19.0747 4376  [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR            C:\Windows\system32\DFSR.exe
23:31:20.0047 4376  DFSR - ok
23:31:20.0107 4376  [ 6216FD7FD227DE454238A702B218CEC7 ] dgderdrv        C:\Windows\system32\drivers\dgderdrv.sys
23:31:20.0127 4376  dgderdrv - ok
23:31:20.0227 4376  [ 9028559C132146FB75EB7ACF384B086A ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
23:31:20.0287 4376  Dhcp - ok
23:31:20.0357 4376  [ 5D4AEFC3386920236A548271F8F1AF6A ] disk            C:\Windows\system32\drivers\disk.sys
23:31:20.0377 4376  disk - ok
23:31:20.0447 4376  [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:31:20.0497 4376  Dnscache - ok
23:31:20.0537 4376  [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc        C:\Windows\System32\dot3svc.dll
23:31:20.0597 4376  dot3svc - ok
23:31:20.0677 4376  [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4            C:\Windows\system32\DRIVERS\Dot4.sys
23:31:20.0757 4376  Dot4 - ok
23:31:20.0797 4376  [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print      C:\Windows\system32\DRIVERS\Dot4Prt.sys
23:31:20.0847 4376  Dot4Print - ok
23:31:20.0897 4376  [ C55004CA6B419B6695970DFE849B122F ] dot4usb        C:\Windows\system32\DRIVERS\dot4usb.sys
23:31:20.0947 4376  dot4usb - ok
23:31:21.0007 4376  [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS            C:\Windows\system32\dps.dll
23:31:21.0067 4376  DPS - ok
23:31:21.0117 4376  [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
23:31:21.0157 4376  drmkaud - ok
23:31:21.0207 4376  [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
23:31:21.0257 4376  DXGKrnl - ok
23:31:21.0327 4376  [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60          C:\Windows\system32\DRIVERS\E1G60I32.sys
23:31:21.0387 4376  E1G60 - ok
23:31:21.0427 4376  [ C0B95E40D85CD807D614E264248A45B9 ] EapHost        C:\Windows\System32\eapsvc.dll
23:31:21.0467 4376  EapHost - ok
23:31:21.0517 4376  [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache          C:\Windows\system32\drivers\ecache.sys
23:31:21.0547 4376  Ecache - ok
23:31:21.0597 4376  [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
23:31:21.0657 4376  ehRecvr - ok
23:31:21.0697 4376  [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched        C:\Windows\ehome\ehsched.exe
23:31:21.0757 4376  ehSched - ok
23:31:21.0787 4376  [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart        C:\Windows\ehome\ehstart.dll
23:31:21.0827 4376  ehstart - ok
23:31:21.0887 4376  [ 23B62471681A124889978F6295B3F4C6 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
23:31:21.0927 4376  elxstor - ok
23:31:21.0987 4376  [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt        C:\Windows\system32\emdmgmt.dll
23:31:22.0067 4376  EMDMgmt - ok
23:31:22.0127 4376  [ 3DB974F3935483555D7148663F726C61 ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:31:22.0187 4376  ErrDev - ok
23:31:22.0257 4376  [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem    C:\Windows\system32\es.dll
23:31:22.0307 4376  EventSystem - ok
23:31:22.0387 4376  [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat          C:\Windows\system32\drivers\exfat.sys
23:31:22.0437 4376  exfat - ok
23:31:22.0487 4376  [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
23:31:22.0527 4376  fastfat - ok
23:31:22.0547 4376  [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
23:31:22.0617 4376  fdc - ok
23:31:22.0657 4376  [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost        C:\Windows\system32\fdPHost.dll
23:31:22.0707 4376  fdPHost - ok
23:31:22.0717 4376  [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub        C:\Windows\system32\fdrespub.dll
23:31:22.0837 4376  FDResPub - ok
23:31:22.0877 4376  [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:31:22.0897 4376  FileInfo - ok
23:31:22.0917 4376  [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
23:31:22.0977 4376  Filetrace - ok
23:31:22.0997 4376  [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:31:23.0057 4376  flpydisk - ok
23:31:23.0107 4376  [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:31:23.0137 4376  FltMgr - ok
23:31:23.0207 4376  [ 452FEAAB2A8DBB42ED751754CB2594F5 ] FontCache      C:\Windows\system32\FntCache.dll
23:31:23.0367 4376  FontCache - ok
23:31:23.0427 4376  [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:31:23.0457 4376  FontCache3.0.0.0 - ok
23:31:23.0487 4376  [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:31:23.0547 4376  Fs_Rec - ok
23:31:23.0577 4376  [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23:31:23.0607 4376  gagp30kx - ok
23:31:23.0647 4376  [ 8182FF89C65E4D38B2DE4BB0FB18564E ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:31:23.0657 4376  GEARAspiWDM - ok
23:31:23.0737 4376  [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
23:31:23.0757 4376  GoogleDesktopManager-051210-111108 - ok
23:31:23.0837 4376  [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc          C:\Windows\System32\gpsvc.dll
23:31:23.0987 4376  gpsvc - ok
23:31:24.0037 4376  [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:31:24.0137 4376  HdAudAddService - ok
23:31:24.0207 4376  [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:31:24.0307 4376  HDAudBus - ok
23:31:24.0347 4376  [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth          C:\Windows\system32\drivers\hidbth.sys
23:31:24.0437 4376  HidBth - ok
23:31:24.0457 4376  [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr          C:\Windows\system32\drivers\hidir.sys
23:31:24.0557 4376  HidIr - ok
23:31:24.0587 4376  [ 84067081F3318162797385E11A8F0582 ] hidserv        C:\Windows\system32\hidserv.dll
23:31:24.0627 4376  hidserv - ok
23:31:24.0687 4376  [ CCA4B519B17E23A00B826C55716809CC ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:31:24.0737 4376  HidUsb - ok
23:31:24.0767 4376  [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:31:24.0827 4376  hkmsvc - ok
23:31:24.0877 4376  [ 18FB2C0D28E0E6F0A478EDCAA4DD99CC ] hotcore3        C:\Windows\system32\drivers\hotcore3.sys
23:31:24.0897 4376  hotcore3 - ok
23:31:24.0967 4376  [ 8B566EA71D5B76157A9CDB78F25A5731 ] Hotkey          C:\Windows\system32\drivers\Hotkey.sys
23:31:24.0987 4376  Hotkey ( UnsignedFile.Multi.Generic ) - warning
23:31:24.0987 4376  Hotkey - detected UnsignedFile.Multi.Generic (1)
23:31:25.0017 4376  [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs        C:\Windows\system32\drivers\hpcisss.sys
23:31:25.0047 4376  HpCISSs - ok
23:31:25.0127 4376  [ 97AAC45A375168C6A2297BEEB9692E31 ] hpqcxs08        C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
23:31:25.0157 4376  hpqcxs08 - ok
23:31:25.0187 4376  [ 19A4FB67B1C97EA18EDFF44340973CD9 ] hpqddsvc        C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
23:31:25.0207 4376  hpqddsvc - ok
23:31:25.0267 4376  [ 56FC98F1014EA8DC51B92839C32759EC ] HPSLPSVC        C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
23:31:25.0337 4376  HPSLPSVC - ok
23:31:25.0387 4376  [ F870AA3E254628EBEAFE754108D664DE ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:31:25.0477 4376  HTTP - ok
23:31:25.0517 4376  [ C6B032D69650985468160FC9937CF5B4 ] i2omp          C:\Windows\system32\drivers\i2omp.sys
23:31:25.0537 4376  i2omp - ok
23:31:25.0597 4376  [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:31:25.0637 4376  i8042prt - ok
23:31:25.0727 4376  [ 72B53E9C8924949DEC8F3799BCBA2251 ] IAANTMON        C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
23:31:25.0757 4376  IAANTMON - ok
23:31:25.0797 4376  [ E5A0034847537EAEE3C00349D5C34C5F ] iaStor          C:\Windows\system32\DRIVERS\iaStor.sys
23:31:25.0827 4376  iaStor - ok
23:31:25.0857 4376  [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV        C:\Windows\system32\drivers\iastorv.sys
23:31:25.0887 4376  iaStorV - ok
23:31:25.0977 4376  [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT        C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
23:31:25.0997 4376  IDriverT ( UnsignedFile.Multi.Generic ) - warning
23:31:25.0997 4376  IDriverT - detected UnsignedFile.Multi.Generic (1)
23:31:26.0067 4376  [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc          C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:31:26.0187 4376  idsvc - ok
23:31:26.0237 4376  [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
23:31:26.0257 4376  iirsp - ok
23:31:26.0347 4376  [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT          C:\Windows\System32\ikeext.dll
23:31:26.0437 4376  IKEEXT - ok
23:31:26.0547 4376  [ A82C70CBAEC7B10E4C9C1341D729640F ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
23:31:26.0747 4376  IntcAzAudAddService - ok
23:31:26.0777 4376  [ 83AA759F3189E6370C30DE5DC5590718 ] intelide        C:\Windows\system32\drivers\intelide.sys
23:31:26.0807 4376  intelide - ok
23:31:26.0867 4376  [ 224191001E78C89DFA78924C3EA595FF ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:31:26.0937 4376  intelppm - ok
23:31:26.0997 4376  [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
23:31:27.0067 4376  IPBusEnum - ok
23:31:27.0087 4376  [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:31:27.0147 4376  IpFilterDriver - ok
23:31:27.0157 4376  IpInIp - ok
23:31:27.0187 4376  [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV        C:\Windows\system32\drivers\ipmidrv.sys
23:31:27.0237 4376  IPMIDRV - ok
23:31:27.0257 4376  [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT          C:\Windows\system32\DRIVERS\ipnat.sys
23:31:27.0307 4376  IPNAT - ok
23:31:27.0367 4376  [ 630D74599070824AF3DC63A894ADCDFC ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:31:27.0417 4376  iPod Service - ok
23:31:27.0437 4376  [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:31:27.0487 4376  IRENUM - ok
23:31:27.0517 4376  [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:31:27.0537 4376  isapnp - ok
23:31:27.0607 4376  [ 232FA340531D940AAC623B121A595034 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
23:31:27.0637 4376  iScsiPrt - ok
23:31:27.0657 4376  [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
23:31:27.0687 4376  iteatapi - ok
23:31:27.0717 4376  [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid        C:\Windows\system32\drivers\iteraid.sys
23:31:27.0737 4376  iteraid - ok
23:31:27.0767 4376  [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:31:27.0787 4376  kbdclass - ok
23:31:27.0827 4376  [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:31:27.0877 4376  kbdhid - ok
23:31:27.0917 4376  [ A3E186B4B935905B829219502557314E ] KeyIso          C:\Windows\system32\lsass.exe
23:31:27.0957 4376  KeyIso - ok
23:31:28.0017 4376  [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:31:28.0077 4376  KSecDD - ok
23:31:28.0177 4376  [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm          C:\Windows\system32\msdtckrm.dll
23:31:28.0267 4376  KtmRm - ok
23:31:28.0317 4376  [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer    C:\Windows\system32\srvsvc.dll
23:31:28.0357 4376  LanmanServer - ok
23:31:28.0387 4376  [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:31:28.0457 4376  LanmanWorkstation - ok
23:31:28.0497 4376  [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:31:28.0567 4376  lltdio - ok
23:31:28.0627 4376  [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
23:31:28.0697 4376  lltdsvc - ok
23:31:28.0717 4376  [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts        C:\Windows\System32\lmhsvc.dll
23:31:28.0807 4376  lmhosts - ok
23:31:28.0857 4376  [ C7E15E82879BF3235B559563D4185365 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
23:31:28.0887 4376  LSI_FC - ok
23:31:28.0917 4376  [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
23:31:28.0947 4376  LSI_SAS - ok
23:31:28.0967 4376  [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
23:31:28.0997 4376  LSI_SCSI - ok
23:31:29.0027 4376  [ 8F5C7426567798E62A3B3614965D62CC ] luafv          C:\Windows\system32\drivers\luafv.sys
23:31:29.0087 4376  luafv - ok
23:31:29.0117 4376  [ 6DFE7F2E8E8A337263AA5C92A215F161 ] MBAMProtector  C:\Windows\system32\drivers\mbam.sys
23:31:29.0137 4376  MBAMProtector - ok
23:31:29.0227 4376  [ 43683E970F008C93C9429EF428147A54 ] MBAMService    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
23:31:29.0317 4376  MBAMService - ok
23:31:29.0387 4376  [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
23:31:29.0417 4376  Mcx2Svc - ok
23:31:29.0487 4376  [ 0001CE609D66632FA17B84705F658879 ] megasas        C:\Windows\system32\drivers\megasas.sys
23:31:29.0517 4376  megasas - ok
23:31:29.0567 4376  [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
23:31:29.0627 4376  MegaSR - ok
23:31:29.0717 4376  [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
23:31:29.0737 4376  Microsoft Office Groove Audit Service - ok
23:31:29.0787 4376  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS          C:\Windows\system32\mmcss.dll
23:31:29.0847 4376  MMCSS - ok
23:31:29.0877 4376  [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem          C:\Windows\system32\drivers\modem.sys
23:31:29.0947 4376  Modem - ok
23:31:29.0997 4376  [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
23:31:30.0047 4376  monitor - ok
23:31:30.0077 4376  [ 5BF6A1326A335C5298477754A506D263 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:31:30.0097 4376  mouclass - ok
23:31:30.0147 4376  [ 93B8D4869E12CFBE663915502900876F ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:31:30.0207 4376  mouhid - ok
23:31:30.0227 4376  [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
23:31:30.0247 4376  MountMgr - ok
23:31:30.0297 4376  [ 46297FA8E30A6007F14118FC2B942FBC ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
23:31:30.0327 4376  MozillaMaintenance - ok
23:31:30.0357 4376  [ 511D011289755DD9F9A7579FB0B064E6 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:31:30.0387 4376  mpio - ok
23:31:30.0417 4376  [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:31:30.0477 4376  mpsdrv - ok
23:31:30.0507 4376  [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
23:31:30.0537 4376  Mraid35x - ok
23:31:30.0577 4376  [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:31:30.0617 4376  MRxDAV - ok
23:31:30.0637 4376  [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:31:30.0677 4376  mrxsmb - ok
23:31:30.0727 4376  [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:31:30.0767 4376  mrxsmb10 - ok
23:31:30.0777 4376  [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:31:30.0817 4376  mrxsmb20 - ok
23:31:30.0827 4376  [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci          C:\Windows\system32\drivers\msahci.sys
23:31:30.0857 4376  msahci - ok
23:31:30.0877 4376  [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
23:31:30.0907 4376  msdsm - ok
23:31:30.0937 4376  [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC          C:\Windows\System32\msdtc.exe
23:31:31.0027 4376  MSDTC - ok
23:31:31.0087 4376  [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:31:31.0137 4376  Msfs - ok
23:31:31.0177 4376  [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:31:31.0207 4376  msisadrv - ok
23:31:31.0247 4376  [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
23:31:31.0317 4376  MSiSCSI - ok
23:31:31.0327 4376  MSIServer - ok
23:31:31.0347 4376  [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
23:31:31.0417 4376  MSKSSRV - ok
23:31:31.0437 4376  [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:31:31.0477 4376  MSPCLOCK - ok
23:31:31.0547 4376  [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
23:31:31.0597 4376  MSPQM - ok
23:31:31.0637 4376  [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
23:31:31.0667 4376  MsRPC - ok
23:31:31.0687 4376  [ E384487CB84BE41D09711C30CA79646C ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:31:31.0717 4376  mssmbios - ok
23:31:31.0787 4376  [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
23:31:31.0827 4376  MSTEE - ok
23:31:31.0857 4376  [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup            C:\Windows\system32\Drivers\mup.sys
23:31:31.0887 4376  Mup - ok
23:31:31.0947 4376  [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent        C:\Windows\system32\qagentRT.dll
23:31:32.0027 4376  napagent - ok
23:31:32.0067 4376  [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
23:31:32.0097 4376  NativeWifiP - ok
23:31:32.0147 4376  [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:31:32.0237 4376  NDIS - ok
23:31:32.0267 4376  [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:31:32.0327 4376  NdisTapi - ok
23:31:32.0357 4376  [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
23:31:32.0397 4376  Ndisuio - ok
23:31:32.0457 4376  [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
23:31:32.0497 4376  NdisWan - ok
23:31:32.0547 4376  [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
23:31:32.0577 4376  NDProxy - ok
23:31:32.0737 4376  [ 40D7D0A208EE863BCA8D89E299216F15 ] Nero BackItUp Scheduler 3 C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
23:31:32.0847 4376  Nero BackItUp Scheduler 3 - ok
23:31:32.0917 4376  [ 69C503C004F49AEE8B8E3067CC047BA7 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
23:31:32.0937 4376  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:31:32.0937 4376  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:31:32.0977 4376  [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
23:31:33.0027 4376  NetBIOS - ok
23:31:33.0067 4376  [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt          C:\Windows\system32\DRIVERS\netbt.sys
23:31:33.0137 4376  netbt - ok
23:31:33.0167 4376  [ A3E186B4B935905B829219502557314E ] Netlogon        C:\Windows\system32\lsass.exe
23:31:33.0197 4376  Netlogon - ok
23:31:33.0247 4376  [ C8052711DAECC48B982434C5116CA401 ] Netman          C:\Windows\System32\netman.dll
23:31:33.0297 4376  Netman - ok
23:31:33.0327 4376  [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm        C:\Windows\System32\netprofm.dll
23:31:33.0397 4376  netprofm - ok
23:31:33.0457 4376  [ B05FFE38336193A9B988B00B230C5B80 ] netr28          C:\Windows\system32\DRIVERS\netr28.sys
23:31:33.0527 4376  netr28 - ok
23:31:33.0557 4376  [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:31:33.0577 4376  NetTcpPortSharing - ok
23:31:33.0687 4376  [ DD194A025D1C0472F45F57DE8D8388EB ] NETw4v32        C:\Windows\system32\DRIVERS\NETw4v32.sys
23:31:33.0987 4376  NETw4v32 - ok
23:31:34.0047 4376  [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
23:31:34.0067 4376  nfrd960 - ok
23:31:34.0157 4376  [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:31:34.0207 4376  NlaSvc - ok
23:31:34.0287 4376  [ EBA1B4BF2E2375ABDADEDB649F283541 ] NMIndexingService C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
23:31:34.0387 4376  NMIndexingService - ok
23:31:34.0447 4376  [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:31:34.0497 4376  Npfs - ok
23:31:34.0517 4376  [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi            C:\Windows\system32\nsisvc.dll
23:31:34.0577 4376  nsi - ok
23:31:34.0617 4376  [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:31:34.0677 4376  nsiproxy - ok
23:31:34.0757 4376  [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:31:34.0907 4376  Ntfs - ok
23:31:34.0937 4376  [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi      C:\Windows\system32\drivers\ntrigdigi.sys
23:31:35.0027 4376  ntrigdigi - ok
23:31:35.0057 4376  [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null            C:\Windows\system32\drivers\Null.sys
23:31:35.0097 4376  Null - ok
23:31:35.0357 4376  [ 3F6D9DECAD6E6EF48B7FB0BB560B76BB ] nvlddmkm        C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:31:35.0807 4376  nvlddmkm - ok
23:31:35.0887 4376  [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:31:35.0917 4376  nvraid - ok
23:31:35.0937 4376  [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:31:35.0957 4376  nvstor - ok
23:31:36.0007 4376  [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:31:36.0037 4376  nv_agp - ok
23:31:36.0047 4376  NwlnkFlt - ok
23:31:36.0057 4376  NwlnkFwd - ok
23:31:36.0137 4376  [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv          C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:31:36.0187 4376  odserv - ok
23:31:36.0237 4376  [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
23:31:36.0327 4376  ohci1394 - ok
23:31:36.0417 4376  [ 27915BDFF44CA08E85DA3D1DDB7B6ECD ] omniserv        C:\Program Files\Softex\OmniPass\OmniServ.exe
23:31:36.0447 4376  omniserv ( UnsignedFile.Multi.Generic ) - warning
23:31:36.0447 4376  omniserv - detected UnsignedFile.Multi.Generic (1)
23:31:36.0477 4376  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:31:36.0507 4376  ose - ok
23:31:36.0587 4376  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc        C:\Windows\system32\p2psvc.dll
23:31:36.0737 4376  p2pimsvc - ok
23:31:36.0757 4376  [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc          C:\Windows\system32\p2psvc.dll
23:31:36.0837 4376  p2psvc - ok
23:31:36.0887 4376  [ 0FA9B5055484649D63C303FE404E5F4D ] Parport        C:\Windows\system32\drivers\parport.sys
23:31:36.0997 4376  Parport - ok
23:31:37.0037 4376  [ B9C2B89F08670E159F7181891E449CD9 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
23:31:37.0067 4376  partmgr - ok
23:31:37.0117 4376  [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm          C:\Windows\system32\drivers\parvdm.sys
23:31:37.0197 4376  Parvdm - ok
23:31:37.0227 4376  [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:31:37.0297 4376  PcaSvc - ok
23:31:37.0357 4376  [ 941DC1D19E7E8620F40BBC206981EFDB ] pci            C:\Windows\system32\drivers\pci.sys
23:31:37.0387 4376  pci - ok
23:31:37.0427 4376  [ FC175F5DDAB666D7F4D17449A547626F ] pciide          C:\Windows\system32\drivers\pciide.sys
23:31:37.0457 4376  pciide - ok
23:31:37.0487 4376  [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
23:31:37.0517 4376  pcmcia - ok
23:31:37.0577 4376  [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:31:37.0717 4376  PEAUTH - ok
23:31:37.0797 4376  [ F433B5AA6DBAC3C8626EEFAF134E4763 ] PhilCap        C:\Windows\system32\DRIVERS\PhilCap.sys
23:31:37.0927 4376  PhilCap - ok
23:31:38.0027 4376  [ B1689DF169143F57053F795390C99DB3 ] pla            C:\Windows\system32\pla.dll
23:31:38.0257 4376  pla - ok
23:31:38.0317 4376  [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
23:31:38.0337 4376  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
23:31:38.0337 4376  PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
23:31:38.0387 4376  [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:31:38.0467 4376  PlugPlay - ok
23:31:38.0537 4376  [ 12B4549D515CB26BB8D375038017CA65 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
23:31:38.0537 4376  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
23:31:38.0537 4376  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
23:31:38.0577 4376  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg    C:\Windows\system32\p2psvc.dll
23:31:38.0677 4376  PNRPAutoReg - ok
23:31:38.0727 4376  [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc        C:\Windows\system32\p2psvc.dll
23:31:38.0817 4376  PNRPsvc - ok
23:31:38.0887 4376  [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
23:31:38.0947 4376  PolicyAgent - ok
23:31:38.0997 4376  [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:31:39.0067 4376  PptpMiniport - ok
23:31:39.0127 4376  [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor      C:\Windows\system32\drivers\processr.sys
23:31:39.0187 4376  Processor - ok
23:31:39.0227 4376  [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc        C:\Windows\system32\profsvc.dll
23:31:39.0267 4376  ProfSvc - ok
23:31:39.0297 4376  [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
23:31:39.0327 4376  ProtectedStorage - ok
23:31:39.0367 4376  [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
23:31:39.0427 4376  PSched - ok
23:31:39.0507 4376  [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
23:31:39.0667 4376  ql2300 - ok
23:31:39.0727 4376  [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
23:31:39.0747 4376  ql40xx - ok
23:31:39.0777 4376  [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE          C:\Windows\system32\qwave.dll
23:31:39.0837 4376  QWAVE - ok
23:31:39.0857 4376  [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:31:39.0877 4376  QWAVEdrv - ok
23:31:39.0897 4376  [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:31:39.0967 4376  RasAcd - ok
23:31:40.0007 4376  [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto        C:\Windows\System32\rasauto.dll
23:31:40.0077 4376  RasAuto - ok
23:31:40.0117 4376  [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
23:31:40.0187 4376  Rasl2tp - ok
23:31:40.0227 4376  [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan          C:\Windows\System32\rasmans.dll
23:31:40.0277 4376  RasMan - ok
23:31:40.0307 4376  [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:31:40.0367 4376  RasPppoe - ok
23:31:40.0407 4376  [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
23:31:40.0437 4376  RasSstp - ok
23:31:40.0487 4376  [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
23:31:40.0547 4376  rdbss - ok
23:31:40.0577 4376  [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:31:40.0637 4376  RDPCDD - ok
23:31:40.0677 4376  [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr          C:\Windows\system32\drivers\rdpdr.sys
23:31:40.0727 4376  rdpdr - ok
23:31:40.0737 4376  [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:31:40.0787 4376  RDPENCDD - ok
23:31:40.0837 4376  [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
23:31:40.0877 4376  RDPWD - ok
23:31:40.0937 4376  [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:31:40.0987 4376  RemoteAccess - ok
23:31:41.0017 4376  [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:31:41.0057 4376  RemoteRegistry - ok
23:31:41.0107 4376  [ 34CC78C06587718C2AD6D3AA83B1F072 ] RFCOMM          C:\Windows\system32\DRIVERS\rfcomm.sys
23:31:41.0157 4376  RFCOMM - ok
23:31:41.0247 4376  [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo      C:\Program Files\CyberLink\Shared Files\RichVideo.exe
23:31:41.0277 4376  RichVideo - ok
23:31:41.0317 4376  [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator      C:\Windows\system32\locator.exe
23:31:41.0367 4376  RpcLocator - ok
23:31:41.0437 4376  [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs          C:\Windows\system32\rpcss.dll
23:31:41.0487 4376  RpcSs - ok
23:31:41.0537 4376  [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:31:41.0587 4376  rspndr - ok
23:31:41.0607 4376  [ B8B159FA669C6386A458FCD468EBB1E6 ] RTL8169        C:\Windows\system32\DRIVERS\Rtlh86.sys
23:31:41.0677 4376  RTL8169 - ok
23:31:41.0717 4376  [ 0D1C1B0DE2819FE1EA25098183130B64 ] RTSTOR          C:\Windows\system32\drivers\RTSTOR.SYS
23:31:41.0757 4376  RTSTOR - ok
23:31:41.0777 4376  [ A3E186B4B935905B829219502557314E ] SamSs          C:\Windows\system32\lsass.exe
23:31:41.0807 4376  SamSs - ok
23:31:41.0827 4376  [ 3CE8F073A557E172B330109436984E30 ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:31:41.0867 4376  sbp2port - ok
23:31:41.0907 4376  [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:31:41.0947 4376  SCardSvr - ok
23:31:41.0997 4376  [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule        C:\Windows\system32\schedsvc.dll
23:31:42.0127 4376  Schedule - ok
23:31:42.0167 4376  [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc    C:\Windows\System32\certprop.dll
23:31:42.0207 4376  SCPolicySvc - ok
23:31:42.0267 4376  [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:31:42.0327 4376  SDRSVC - ok
23:31:42.0377 4376  [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:31:42.0477 4376  secdrv - ok
23:31:42.0497 4376  [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon        C:\Windows\system32\seclogon.dll
23:31:42.0547 4376  seclogon - ok
23:31:42.0587 4376  [ A9BBAB5759771E523F55563D6CBE140F ] SENS            C:\Windows\System32\sens.dll
23:31:42.0657 4376  SENS - ok
23:31:42.0697 4376  [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum        C:\Windows\system32\drivers\serenum.sys
23:31:42.0777 4376  Serenum - ok
23:31:42.0797 4376  [ C70D69A918B178D3C3B06339B40C2E1B ] Serial          C:\Windows\system32\drivers\serial.sys
23:31:42.0877 4376  Serial - ok
23:31:42.0907 4376  [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
23:31:42.0957 4376  sermouse - ok
23:31:42.0997 4376  [ D2193326F729B163125610DBF3E17D57 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:31:43.0057 4376  SessionEnv - ok
23:31:43.0087 4376  [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
23:31:43.0127 4376  sffdisk - ok
23:31:43.0157 4376  [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:31:43.0217 4376  sffp_mmc - ok
23:31:43.0247 4376  [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
23:31:43.0307 4376  sffp_sd - ok
23:31:43.0337 4376  [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
23:31:43.0437 4376  sfloppy - ok
23:31:43.0477 4376  [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:31:43.0547 4376  ShellHWDetection - ok
23:31:43.0607 4376  [ 4346D5BBDDE7756D8614A3F193D60984 ] Si3531          C:\Windows\system32\DRIVERS\Si3531.sys
23:31:43.0627 4376  Si3531 - ok
23:31:43.0657 4376  [ E853C341BBF4AC0007A8DB0858DBB09D ] SiFilter        C:\Windows\system32\DRIVERS\SiWinAcc.sys
23:31:43.0677 4376  SiFilter - ok
23:31:43.0717 4376  [ D80E6F142EB4963E82A8537DD745F51B ] SiRemFil        C:\Windows\system32\DRIVERS\SiRemFil.sys
23:31:43.0737 4376  SiRemFil - ok
23:31:43.0787 4376  [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp          C:\Windows\system32\drivers\sisagp.sys
23:31:43.0817 4376  sisagp - ok
23:31:43.0837 4376  [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
23:31:43.0867 4376  SiSRaid2 - ok
23:31:43.0897 4376  [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
23:31:43.0927 4376  SiSRaid4 - ok
23:31:44.0047 4376  [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc          C:\Windows\system32\SLsvc.exe
23:31:44.0477 4376  slsvc - ok
23:31:44.0597 4376  [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify      C:\Windows\system32\SLUINotify.dll
23:31:44.0657 4376  SLUINotify - ok
23:31:44.0717 4376  [ 7B75299A4D201D6A6533603D6914AB04 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
23:31:44.0797 4376  Smb - ok
23:31:44.0847 4376  [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:31:44.0867 4376  SNMPTRAP - ok
23:31:44.0907 4376  [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr          C:\Windows\system32\drivers\spldr.sys
23:31:44.0927 4376  spldr - ok
23:31:44.0987 4376  [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler        C:\Windows\System32\spoolsv.exe
23:31:45.0047 4376  Spooler - ok
23:31:45.0117 4376  [ A80CD850D69D996C832BEA37E3A6AA1E ] sptd            C:\Windows\System32\Drivers\sptd.sys
23:31:45.0227 4376  sptd - ok
23:31:45.0287 4376  [ 41987F9FC0E61ADF54F581E15029AD91 ] srv            C:\Windows\system32\DRIVERS\srv.sys
23:31:45.0347 4376  srv - ok
23:31:45.0397 4376  [ FF33AFF99564B1AA534F58868CBE41EF ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:31:45.0457 4376  srv2 - ok
23:31:45.0497 4376  [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:31:45.0537 4376  srvnet - ok
23:31:45.0587 4376  [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
23:31:45.0637 4376  SSDPSRV - ok
23:31:45.0667 4376  [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv          C:\Windows\system32\DRIVERS\ssmdrv.sys
23:31:45.0687 4376  ssmdrv - ok
23:31:45.0727 4376  [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc        C:\Windows\system32\sstpsvc.dll
23:31:45.0757 4376  SstpSvc - ok
23:31:45.0807 4376  [ EF70B3D22B4BFFDA6EA851ECB063EFAA ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
23:31:45.0857 4376  StillCam - ok
23:31:45.0947 4376  [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc          C:\Windows\System32\wiaservc.dll
23:31:46.0067 4376  stisvc - ok
23:31:46.0107 4376  [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
23:31:46.0127 4376  swenum - ok
23:31:46.0187 4376  [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv          C:\Windows\System32\swprv.dll
23:31:46.0287 4376  swprv - ok
23:31:46.0327 4376  [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx        C:\Windows\system32\drivers\symc8xx.sys
23:31:46.0347 4376  Symc8xx - ok
23:31:46.0397 4376  [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
23:31:46.0427 4376  Sym_hi - ok
23:31:46.0457 4376  [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
23:31:46.0477 4376  Sym_u3 - ok
23:31:46.0547 4376  [ 4C6DE67EBB6C487F7690A373FCFDE279 ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
23:31:46.0567 4376  SynTP - ok
23:31:46.0637 4376  [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain        C:\Windows\system32\sysmain.dll
23:31:46.0717 4376  SysMain - ok
23:31:46.0777 4376  [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:31:46.0817 4376  TabletInputService - ok
23:31:46.0867 4376  [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv        C:\Windows\System32\tapisrv.dll
23:31:46.0957 4376  TapiSrv - ok
23:31:46.0987 4376  [ CB05822CD9CC6C688168E113C603DBE7 ] TBS            C:\Windows\System32\tbssvc.dll
23:31:47.0047 4376  TBS - ok
23:31:47.0117 4376  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
23:31:47.0297 4376  Tcpip - ok
23:31:47.0357 4376  [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
23:31:47.0487 4376  Tcpip6 - ok
23:31:47.0547 4376  [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:31:47.0597 4376  tcpipreg - ok
23:31:47.0627 4376  [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:31:47.0677 4376  TDPIPE - ok
23:31:47.0707 4376  [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
23:31:47.0757 4376  TDTCP - ok
23:31:47.0797 4376  [ 76B06EB8A01FC8624D699E7045303E54 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
23:31:47.0847 4376  tdx - ok
23:31:47.0867 4376  [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23:31:47.0897 4376  TermDD - ok
23:31:47.0947 4376  [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService    C:\Windows\System32\termsrv.dll
23:31:48.0037 4376  TermService - ok
23:31:48.0087 4376  [ C7230FBEE14437716701C15BE02C27B8 ] Themes          C:\Windows\system32\shsvcs.dll
23:31:48.0117 4376  Themes - ok
23:31:48.0157 4376  [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER    C:\Windows\system32\mmcss.dll
23:31:48.0207 4376  THREADORDER - ok
23:31:48.0247 4376  [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks          C:\Windows\System32\trkwks.dll
23:31:48.0317 4376  TrkWks - ok
23:31:48.0377 4376  [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:31:48.0417 4376  TrustedInstaller - ok
23:31:48.0447 4376  [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:31:48.0507 4376  tssecsrv - ok
23:31:48.0547 4376  [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp          C:\Windows\system32\DRIVERS\tunmp.sys
23:31:48.0607 4376  tunmp - ok
23:31:48.0627 4376  [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:31:48.0667 4376  tunnel - ok
23:31:48.0697 4376  [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35          C:\Windows\system32\drivers\uagp35.sys
23:31:48.0717 4376  uagp35 - ok
23:31:48.0767 4376  [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:31:48.0807 4376  udfs - ok
23:31:48.0867 4376  [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
23:31:48.0917 4376  UI0Detect - ok
23:31:48.0977 4376  [ 02F1F0D0BAE4FE2C3CA14C2ED447B13A ] UimBus          C:\Windows\system32\DRIVERS\UimBus.sys
23:31:48.0987 4376  UimBus - ok
23:31:49.0027 4376  [ 73CC9C7BDDB33377B6E957BE12DCCC0F ] Uim_IM          C:\Windows\system32\Drivers\Uim_IM.sys
23:31:49.0047 4376  Uim_IM - ok
23:31:49.0087 4376  [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:31:49.0117 4376  uliagpkx - ok
23:31:49.0157 4376  [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci        C:\Windows\system32\drivers\uliahci.sys
23:31:49.0187 4376  uliahci - ok
23:31:49.0217 4376  [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata          C:\Windows\system32\drivers\ulsata.sys
23:31:49.0237 4376  UlSata - ok
23:31:49.0267 4376  [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2        C:\Windows\system32\drivers\ulsata2.sys
23:31:49.0297 4376  ulsata2 - ok
23:31:49.0337 4376  [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
23:31:49.0387 4376  umbus - ok
23:31:49.0457 4376  [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost        C:\Windows\System32\upnphost.dll
23:31:49.0527 4376  upnphost - ok
23:31:49.0587 4376  [ 5C2BDC152BBAB34F36473DEAF7713F22 ] USBAAPL        C:\Windows\system32\Drivers\usbaapl.sys
23:31:49.0617 4376  USBAAPL - ok
23:31:49.0657 4376  [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
23:31:49.0717 4376  usbccgp - ok
23:31:49.0737 4376  [ E9476E6C486E76BC4898074768FB7131 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:31:49.0827 4376  usbcir - ok
23:31:49.0887 4376  [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
23:31:49.0937 4376  usbehci - ok
23:31:49.0967 4376  [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:31:50.0017 4376  usbhub - ok
23:31:50.0037 4376  [ 38DBC7DD6CC5A72011F187425384388B ] usbohci        C:\Windows\system32\drivers\usbohci.sys
23:31:50.0117 4376  usbohci - ok
23:31:50.0167 4376  [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint        C:\Windows\system32\DRIVERS\usbprint.sys
23:31:50.0227 4376  usbprint - ok
23:31:50.0267 4376  [ A508C9BD8724980512136B039BBA65E9 ] usbscan        C:\Windows\system32\DRIVERS\usbscan.sys
23:31:50.0317 4376  usbscan - ok
23:31:50.0357 4376  [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:31:50.0407 4376  USBSTOR - ok
23:31:50.0437 4376  [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
23:31:50.0487 4376  usbuhci - ok
23:31:50.0537 4376  [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
23:31:50.0607 4376  usbvideo - ok
23:31:50.0677 4376  [ 35C9095FA7076466AFBFC5B9EC4B779E ] usb_rndisx      C:\Windows\system32\DRIVERS\usb8023x.sys
23:31:50.0717 4376  usb_rndisx - ok
23:31:50.0767 4376  [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms          C:\Windows\System32\uxsms.dll
23:31:50.0817 4376  UxSms - ok
23:31:50.0857 4376  [ CD88D1B7776DC17A119049742EC07EB4 ] vds            C:\Windows\System32\vds.exe
23:31:50.0947 4376  vds - ok
23:31:50.0997 4376  [ 87B06E1F30B749A114F74622D013F8D4 ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
23:31:51.0057 4376  vga - ok
23:31:51.0077 4376  [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave        C:\Windows\System32\drivers\vga.sys
23:31:51.0147 4376  VgaSave - ok
23:31:51.0167 4376  [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp          C:\Windows\system32\drivers\viaagp.sys
23:31:51.0197 4376  viaagp - ok
23:31:51.0217 4376  [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7          C:\Windows\system32\drivers\viac7.sys
23:31:51.0267 4376  ViaC7 - ok
23:31:51.0297 4376  [ AADF5587A4063F52C2C3FED7887426FC ] viaide          C:\Windows\system32\drivers\viaide.sys
23:31:51.0317 4376  viaide - ok
23:31:51.0337 4376  [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:31:51.0367 4376  volmgr - ok
23:31:51.0397 4376  [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
23:31:51.0437 4376  volmgrx - ok
23:31:51.0487 4376  [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
23:31:51.0517 4376  volsnap - ok
23:31:51.0557 4376  [ 587253E09325E6BF226B299774B728A9 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
23:31:51.0587 4376  vsmraid - ok
23:31:51.0657 4376  [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS            C:\Windows\system32\vssvc.exe
23:31:51.0827 4376  VSS - ok
23:31:51.0877 4376  [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time        C:\Windows\system32\w32time.dll
23:31:51.0937 4376  W32Time - ok
23:31:51.0967 4376  [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
23:31:52.0047 4376  WacomPen - ok
23:31:52.0057 4376  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
23:31:52.0107 4376  Wanarp - ok
23:31:52.0117 4376  [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:31:52.0157 4376  Wanarpv6 - ok
23:31:52.0187 4376  [ A3CD60FD826381B49F03832590E069AF ] wcncsvc        C:\Windows\System32\wcncsvc.dll
23:31:52.0227 4376  wcncsvc - ok
23:31:52.0277 4376  [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:31:52.0317 4376  WcsPlugInService - ok
23:31:52.0337 4376  [ 78FE9542363F297B18C027B2D7E7C07F ] Wd              C:\Windows\system32\drivers\wd.sys
23:31:52.0367 4376  Wd - ok
23:31:52.0397 4376  [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:31:52.0507 4376  Wdf01000 - ok
23:31:52.0547 4376  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:31:52.0607 4376  WdiServiceHost - ok
23:31:52.0617 4376  [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost  C:\Windows\system32\wdi.dll
23:31:52.0667 4376  WdiSystemHost - ok
23:31:52.0737 4376  [ 04C37D8107320312FBAE09926103D5E2 ] WebClient      C:\Windows\System32\webclnt.dll
23:31:52.0777 4376  WebClient - ok
23:31:52.0827 4376  [ 905214925A88311FCE52F66153DE7610 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:31:52.0877 4376  Wecsvc - ok
23:31:52.0907 4376  [ 670FF720071ED741206D69BD995EA453 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
23:31:52.0967 4376  wercplsupport - ok
23:31:53.0007 4376  [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc          C:\Windows\System32\WerSvc.dll
23:31:53.0047 4376  WerSvc - ok
23:31:53.0067 4376  WinHttpAutoProxySvc - ok
23:31:53.0147 4376  [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
23:31:53.0187 4376  Winmgmt - ok
23:31:53.0247 4376  [ 01874D4689C212460FBABF0ECD7CB7F7 ] WinRM          C:\Windows\system32\WsmSvc.dll
23:31:53.0417 4376  WinRM - ok
23:31:53.0477 4376  [ F0FE933E27F1E2A83FF322A0693A4724 ] WisLMSvc        C:\Program Files\Launch Manager\WisLMSvc.exe
23:31:53.0497 4376  WisLMSvc ( UnsignedFile.Multi.Generic ) - warning
23:31:53.0497 4376  WisLMSvc - detected UnsignedFile.Multi.Generic (1)
23:31:53.0547 4376  [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc        C:\Windows\System32\wlansvc.dll
23:31:53.0667 4376  Wlansvc - ok
23:31:53.0787 4376  [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:31:53.0957 4376  wlidsvc - ok
23:31:53.0997 4376  [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
23:31:54.0067 4376  WmiAcpi - ok
23:31:54.0137 4376  [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:31:54.0177 4376  wmiApSrv - ok
23:31:54.0267 4376  [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc  C:\Program Files\Windows Media Player\wmpnetwk.exe
23:31:54.0427 4376  WMPNetworkSvc - ok
23:31:54.0487 4376  [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:31:54.0547 4376  WPCSvc - ok
23:31:54.0607 4376  [ 396D406292B0CD26E3504FFE82784702 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:31:54.0657 4376  WPDBusEnum - ok
23:31:54.0697 4376  [ 0CEC23084B51B8288099EB710224E955 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
23:31:54.0757 4376  WpdUsb - ok
23:31:54.0797 4376  [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
23:31:54.0857 4376  ws2ifsl - ok
23:31:54.0907 4376  [ 4422AC5ED8D4C2F0DB63E71D4C069DD7 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
23:31:54.0947 4376  WSDPrintDevice - ok
23:31:54.0947 4376  WSearch - ok
23:31:54.0997 4376  [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:31:55.0057 4376  WUDFRd - ok
23:31:55.0087 4376  [ 575A4190D989F64732119E4114045A4F ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
23:31:55.0157 4376  wudfsvc - ok
23:31:55.0197 4376  [ AB2D77BF7222B007717ABB61B15F9AE2 ] X10Hid          C:\Windows\system32\Drivers\x10hid.sys
23:31:55.0217 4376  X10Hid - ok
23:31:55.0277 4376  [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets        C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
23:31:55.0277 4376  x10nets ( UnsignedFile.Multi.Generic ) - warning
23:31:55.0277 4376  x10nets - detected UnsignedFile.Multi.Generic (1)
23:31:55.0337 4376  [ 6BBF7A3BAB8FFDCCF82057FA2AAE2B7B ] XUIF            C:\Windows\system32\Drivers\x10ufx2.sys
23:31:55.0357 4376  XUIF - ok
23:31:55.0407 4376  ================ Scan global ===============================
23:31:55.0437 4376  [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
23:31:55.0487 4376  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
23:31:55.0557 4376  [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
23:31:55.0627 4376  [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
23:31:55.0627 4376  [Global] - ok
23:31:55.0637 4376  ================ Scan MBR ==================================
23:31:55.0647 4376  [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
23:31:56.0497 4376  \Device\Harddisk0\DR0 - ok
23:31:56.0497 4376  ================ Scan VBR ==================================
23:31:56.0497 4376  [ E05128336B477B324B7645A3F02D7A9C ] \Device\Harddisk0\DR0\Partition1
23:31:56.0507 4376  \Device\Harddisk0\DR0\Partition1 - ok
23:31:56.0537 4376  [ 749C2DF9A6A7D4102A87C17984F0AE5E ] \Device\Harddisk0\DR0\Partition2
23:31:56.0547 4376  \Device\Harddisk0\DR0\Partition2 - ok
23:31:56.0547 4376  ============================================================
23:31:56.0547 4376  Scan finished
23:31:56.0547 4376  ============================================================
23:31:56.0567 5128  Detected object count: 8
23:31:56.0567 5128  Actual detected object count: 8
23:32:23.0197 5128  Hotkey ( UnsignedFile.Multi.Generic ) - skipped by user
23:32:23.0197 5128  Hotkey ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:32:23.0197 5128  IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user
23:32:23.0197 5128  IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:32:23.0197 5128  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:32:23.0207 5128  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:32:23.0207 5128  omniserv ( UnsignedFile.Multi.Generic ) - skipped by user
23:32:23.0207 5128  omniserv ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:32:23.0207 5128  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:32:23.0207 5128  PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:32:23.0217 5128  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
23:32:23.0217 5128  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:32:23.0217 5128  WisLMSvc ( UnsignedFile.Multi.Generic ) - skipped by user
23:32:23.0217 5128  WisLMSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:32:23.0217 5128  x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
23:32:23.0217 5128  x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
Vielen Dank und dir einen schönen Urlaub.

Gruß
Exedcuter

cosinus 30.08.2012 12:46
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

exedcuter 31.08.2012 21:26
Hallo Cosinus,

ich hoffe du hattest einen schönen Urlaub, anbei das Log des Combofix:

Combofix Logfile:
Code:
ComboFix 12-08-30.05 - Patti 31.08.2012  21:34:28.1.2 - x86
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.3070.1986 [GMT 2:00]
ausgeführt von:: c:\users\Patti\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Patti\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\windows\system32\
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-07-28 bis 2012-08-31  ))))))))))))))))))))))))))))))
.
.
2012-08-31 20:11 . 2012-08-31 20:11        --------        d-----w-        c:\users\Ines\AppData\Local\temp
2012-08-31 20:11 . 2012-08-31 20:11        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-08-20 20:21 . 2012-08-20 20:21        --------        d-----w-        C:\_OTL
2012-08-18 15:00 . 2012-08-18 15:00        --------        d-----w-        c:\users\Ines\AppData\Local\Macromedia
2012-08-18 14:52 . 2012-08-18 14:52        --------        d-----w-        c:\users\Ines\AppData\Roaming\HPAppData
2012-08-13 09:09 . 2012-08-13 09:09        --------        d-----w-        c:\program files\ESET
2012-08-09 07:33 . 2012-08-09 07:33        --------        d-----w-        c:\users\Patti\AppData\Roaming\Malwarebytes
2012-08-09 07:32 . 2012-08-09 07:32        --------        d-----w-        c:\programdata\Malwarebytes
2012-08-09 07:32 . 2012-08-09 07:32        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware
2012-08-09 07:32 . 2012-07-03 11:46        22344        ----a-w-        c:\windows\system32\drivers\mbam.sys
2012-08-03 18:39 . 2012-06-29 08:44        6891424        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED2AC7B4-CFA6-422B-A72C-19337A11ECDC}\mpengine.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-17 20:12 . 2012-07-30 17:10        426184        ----a-w-        c:\windows\system32\FlashPlayerApp.exe
2012-08-17 20:12 . 2011-09-01 20:17        70344        ----a-w-        c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-05 20:24 . 2009-10-22 21:01        279552        ----a-w-        c:\windows\system32\services.exe
2012-07-29 18:58 . 2012-07-29 18:58        57344        ----a-r-        c:\users\Patti\AppData\Roaming\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2012-07-29 18:55 . 2008-07-23 09:19        106496        ----a-w-        c:\windows\system32\ATL71.DLL
2012-06-13 13:40 . 2012-07-11 21:27        2047488        ----a-w-        c:\windows\system32\win32k.sys
2012-06-05 16:47 . 2012-07-11 20:10        1401856        ----a-w-        c:\windows\system32\msxml6.dll
2012-06-05 16:47 . 2012-07-11 20:10        1248768        ----a-w-        c:\windows\system32\msxml3.dll
2012-06-04 15:26 . 2012-07-11 20:10        440704        ----a-w-        c:\windows\system32\drivers\ksecdd.sys
2012-06-02 22:19 . 2012-06-23 06:56        53784        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-23 06:56        45080        ----a-w-        c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-23 06:56        35864        ----a-w-        c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-23 06:56        577048        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-23 06:56        1933848        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-23 06:56        2422272        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-23 06:56        88576        ----a-w-        c:\windows\system32\wudriver.dll
2012-07-23 21:28 . 2011-03-25 23:04        136672        ----a-w-        c:\program files\mozilla firefox\components\browsercomps.dll
2011-08-24 17:36 . 2011-08-24 17:36        119808        ----a-w-        c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-12-20 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-12-20 8501792]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-12-20 81920]
"SynTPStart"="c:\program files\Synaptics\SynTP\SynTPStart.exe" [2007-08-31 102400]
"OmniPass"="c:\program files\Softex\OmniPass\scureapp.exe" [2007-11-02 2564096]
"LaunchAp"="c:\program files\Launch Manager\LaunchAp.exe" [2007-09-01 32768]
"HotkeyApp"="c:\program files\Launch Manager\HotkeyApp.exe" [2007-09-06 188416]
"LMgrOSD"="c:\program files\Launch Manager\OSD.exe" [2006-12-26 180224]
"Wbutton"="c:\program files\Launch Manager\Wbutton.exe" [2007-09-07 86016]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-17 4718592]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-10-11 258512]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2010-05-25 619008]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Photo Loader resident.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Photo Loader resident.lnk
backup=c:\windows\pss\Photo Loader resident.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Pro Agent]
2009-08-05 10:17        224712        ----a-w-        c:\program files\DAEMON Tools Pro\DTProAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]
2007-10-03 13:44        178712        ----a-w-        c:\program files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2008-02-28 16:07        1828136        ----a-w-        c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesPDLR]
2012-06-08 11:02        21432        ----a-w-        c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2012-06-08 11:02        3521464        ----a-w-        c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
2008-02-18 15:29        2221352        ----a-w-        c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 10:17        421888        ----a-w-        c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2007-02-09 18:51        71216        ----a-w-        c:\program files\HomeCinema\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-07-01 16:37        37888        ----a-w-        c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23        1008184        ----a-w-        c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs        REG_MULTI_SZ          BthServ
HPZ12        REG_MULTI_SZ          Pml Driver HPZ12 Net Driver HPZ12
LocalServiceAndNoImpersonation        REG_MULTI_SZ          FontCache
HPService        REG_MULTI_SZ          HPSLPSVC
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-30 20:12]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Patti\AppData\Roaming\Mozilla\Firefox\Profiles\s066d2hq.default\
FF - prefs.js: browser.search.selectedEngine -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-CtrlVol - c:\program files\Launch Manager\CtrlVol.exe
HKLM-Run-toolbar_eula_launcher - c:\program files\GoogleEULA\EULALauncher.exe
MSConfigStartUp-KiesHelper - c:\program files\Samsung\Kies\KiesHelper.exe
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\BFE]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MpsSvc]
"ImagePath"="."
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Softex\OmniPass\OmniServ.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\IoctlSvc.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\progra~1\COMMON~1\X10\Common\x10nets.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\program files\Softex\OmniPass\opvapp.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-31  22:21:38 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-08-31 20:20
.
Vor Suchlauf: 12 Verzeichnis(se), 15.681.978.368 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 16.546.480.128 Bytes frei
.
- - End Of File - - A96A601AB64B93D8880243E54D322923
--- --- ---


Viele Grüße
exedcuter

cosinus 01.09.2012 10:28
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

exedcuter 02.09.2012 21:23
Hallo Cosinus,

habe jetzt alles wie gewünscht durchlaufen lassen:

Anbei das Log vom gmer habe ich aus Versehen nur in den Zwischenspeicher und dann irgendwie verloren, deshalb jetzt nur die Logs vom Osam und aswMBR.

Osam:

OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:43:45 on 02.09.2012

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Mozilla Corporation Firefox 15.0

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL

[Common]
-----( %SystemRoot%\Tasks )-----
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"DivXControlPanelApplet.cpl" - "DivX, Inc." - C:\Windows\system32\DivXControlPanelApplet.cpl
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"Startup.cpl" - ? - C:\Windows\system32\Startup.cpl  (File found, but it contains no detailed information)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"dgderdrv" (dgderdrv) - "Devguru Co., Ltd" - C:\Windows\System32\drivers\dgderdrv.sys
"hotcore3" (hotcore3) - "Paragon Software Group" - C:\Windows\System32\drivers\hotcore3.sys
"Hotkey" (Hotkey) - ? - C:\Windows\system32\drivers\Hotkey.sys  (File found, but it contains no detailed information)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"pwloapow" (pwloapow) - ? - C:\Users\Patti\AppData\Local\Temp\pwloapow.sys  (Hidden registry entry, rootkit activity | File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{32505114-5902-49B2-880A-1F7738E5A384} "Data Page Plugable Protocal mso-offdap11 Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
{3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )-----
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -  (File not found | COM-object registry key not found)
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -  (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -  (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -  (File not found | COM-object registry key not found)
{99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -  (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONFILTER.DLL
{00020d75-0000-0000-c000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{CCFE56EE-C7DE-44EE-A160-4553A5A912C9} "OmniPass Shell Extension" - ? -  (File not found | COM-object registry key not found)
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -  (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{D0CE97A0-415B-42E9-B251-34393AF2D5F6} "Softex OmniPass Encrypted File" - "Softex Inc." - C:\Program Files\Softex\OmniPass\opfolderext.dll
{D5B1944E-DB4E-482E-B3F1-DB05827F0978} "Softex OmniPass Encrypted Folder" - "Softex Inc." - C:\Program Files\Softex\OmniPass\opfolderext.dll
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -  (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )-----
{855F3B16-6D32-4fe6-8A56-BBB695989046} "{855F3B16-6D32-4fe6-8A56-BBB695989046}" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\system32\Macromed\Flash\Flash10c.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
{898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Click to Call" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\7.1.361.0\BingExt.dll
{593DDEC6-7468-4cdd-90E1-42DADAA222E9} "DivX HiQ" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{326E768D-4182-46FD-9C16-1449A49795F4} "DivX Plus Web Player HTML5 <video>" - "DivX, LLC" - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Browser Helper" - "Skype Technologies S.A." - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Patti\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"KiesPDLR" - ? - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
"HotkeyApp" - "Wistron" - "C:\Program Files\Launch Manager\HotkeyApp.exe"
"LaunchAp" - ? - "C:\Program Files\Launch Manager\LaunchAp.exe"
"LMgrOSD" - "Wistron Corp." - "C:\Program Files\Launch Manager\OSD.exe"
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"Nikon Message Center 2" - "Nikon Corporation" - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s
"OmniPass" - ? - C:\Program Files\Softex\OmniPass\scureapp.exe
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"Wbutton" - "Wistron" - "C:\Program Files\Launch Manager\Wbutton.exe"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"PCL hpz3l4v2" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l4v2.dll
"PCL hpz3l5mu" - "Hewlett-Packard Company" - C:\Windows\system32\hpz3l5mu.dll
"PDFCreator" - ? - C:\Windows\system32\pdfcmnnt.dll  (File found, but it contains no detailed information)
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"BBUpdate" (BBUpdate) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe
"BFE" (BFE) - ? - .  (File not found)
"BingBar Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Desktop Manager 5.9.1005.12335" (GoogleDesktopManager-051210-111108) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
"Intel(R) Matrix Storage Event Monitor" (IAANTMON) - "Intel Corporation" - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
"MpsSvc" (MpsSvc) - ? - .  (File not found)
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"Softex OmniPass Service" (omniserv) - "Softex Inc." - C:\Program Files\Softex\OmniPass\OmniServ.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
"WisLMSvc" (WisLMSvc) - "Wistron Corp." - C:\Program Files\Launch Manager\WisLMSvc.exe
"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
[/code]

Und nun das Log vom aswMBR:

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-02 21:45:49
-----------------------------
21:45:49.954    OS Version: Windows 6.0.6002 Service Pack 2
21:45:49.954    Number of processors: 2 586 0xF0D
21:45:49.954    ComputerName: PATTI-PC  UserName: Patti
21:45:51.701    Initialize success
21:52:00.944    AVAST engine defs: 12090201
21:53:09.849    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
21:53:09.849    Disk 0 Vendor: WDC_WD32 11.0 Size: 305245MB BusType: 3
21:53:10.707    Disk 0 MBR read successfully
21:53:10.707    Disk 0 MBR scan
21:53:10.723    Disk 0 Windows VISTA default MBR code
21:53:10.723    Disk 0 Partition - 00    0F Extended LBA            50699 MB offset 521309250
21:53:10.910    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS        83211 MB offset 63
21:53:11.097    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      171333 MB offset 170417520
21:53:11.191    Disk 0 Partition - 00    05    Extended            50697 MB offset 521309312
21:53:11.269    Disk 0 Partition 3 00    0B        FAT32 MSWIN4.1    50697 MB offset 521309313
21:53:11.612    Disk 0 scanning sectors +625142448
21:53:12.610    Disk 0 scanning C:\Windows\system32\drivers
21:54:32.498    Service scanning
21:54:59.439    Modules scanning
21:56:28.109    Disk 0 trace - called modules:
21:56:28.156    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
21:56:28.172    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86a17400]
21:56:28.172    3 CLASSPNP.SYS[8a9a18b3] -> nt!IofCallDriver -> [0x85548700]
21:56:28.187    5 acpi.sys[806a06bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x8554f028]
21:56:29.108    AVAST engine scan C:\Windows
21:56:45.925    AVAST engine scan C:\Windows\system32
22:00:25.105    AVAST engine scan C:\Windows\system32\drivers
22:00:41.812    AVAST engine scan C:\Users\Patti
22:11:05.126    AVAST engine scan C:\ProgramData
22:15:25.833    Scan finished successfully
22:16:49.886    Disk 0 MBR has been saved successfully to "C:\Users\Patti\Desktop\MBR.dat"
22:16:49.901    The log file has been saved successfully to "C:\Users\Patti\Desktop\aswMBR.txt"
Danke nochmal und viele Grüße
Exedcuter:daumenhoc

cosinus 03.09.2012 19:49
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!


Alle Zeitangaben in WEZ +1. Es ist jetzt 18:20 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27