Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Dieses Programm kann die Webseite nicht anzeigen (https://www.trojaner-board.de/123832-programm-webseite-anzeigen.html)

Modo 10.09.2012 11:49
Dieses Programm kann die Webseite nicht anzeigen
 
Hallo liebes Trojaner Board Team,

heute ist auch bei mir das schon oft beschriebene Problem mit der oben beschriebenen Webseite aufgetaucht. Beiliegend das Logfile von Malwarebytes , leider habe ich voreilig die beiden gefundenen Infektionen gelöscht:heulen:, und von OTL, mit der Bitte um Hilfe Im abgesichtern Modus läuft der Rechner aber ohne Internetverbindung, kann aber über einen zweiten Rechner auf das Internet zugreifen.

Für eure Hilfe bedanke ich mich schon mal.

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.04.08

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
Family :: FAMILY-PC [Administrator]

Schutz: Deaktiviert

10.09.2012 09:46:53
mbam-log-2012-09-10 (09-46-53).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 202942
Laufzeit: 2 Minute(n), 36 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Family\Downloads\SoftonicDownloader_fuer_7-zip.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Family\0.21946433332270365.exe (Trojan.Agent.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

OTL logfile created on: 10.09.2012 11:47:15 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = G:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

5,98 Gb Total Physical Memory | 4,68 Gb Available Physical Memory | 78,24% Memory free
11,96 Gb Paging File | 10,88 Gb Available in Paging File | 90,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1346,17 Gb Total Space | 1224,41 Gb Free Space | 90,96% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 26,00 Gb Free Space | 52,00% Space Free | Partition Type: NTFS
Drive G: | 14,91 Gb Total Space | 13,57 Gb Free Space | 91,06% Space Free | Partition Type: FAT32

Computer Name: FAMILY-PC | User Name: Family | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.09.10 10:37:48 | 000,597,504 | ---- | M] (OldTimer Tools) -- G:\OTL.exe


========== Modules (No Company Name) ==========


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011.10.13 22:30:42 | 000,204,288 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.07.27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.20 08:30:34 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.09.28 02:47:38 | 000,025,824 | ---- | M] (Memeo) [Auto | Stopped] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2011.05.20 19:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.03.11 14:08:32 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.03.11 14:08:31 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.21 21:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Stopped] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.07.29 16:53:10 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.06.04 09:59:20 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.06.04 09:59:20 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.10.13 23:37:28 | 010,496,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.10.13 21:52:48 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.08.02 02:47:30 | 000,391,144 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.08.02 02:47:30 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.06.10 14:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.06.07 00:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.06.02 07:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.06.02 07:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011.06.02 07:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011.05.20 18:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.11 14:08:31 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.21 07:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.12.21 07:55:02 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdm.sys -- (sscemdm)
DRV:64bit: - [2010.12.21 07:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010.12.21 07:55:02 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscebus.sys -- (sscebus)
DRV:64bit: - [2010.12.21 07:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010.12.21 07:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010.12.21 07:55:02 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdfl.sys -- (sscemdfl)
DRV:64bit: - [2010.11.25 15:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{9DBFA586-DA9C-4062-96DC-DF38485BB207}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNF_enDE393
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyHj8yZ3W&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..network.proxy.type: 0


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.18 11:46:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 08:30:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.18 11:46:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.20 08:30:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012.06.16 14:37:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Family\AppData\Roaming\mozilla\Extensions
[2012.08.11 13:18:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Family\AppData\Roaming\mozilla\Firefox\Profiles\kk83a8w9.default\extensions
[2012.07.19 18:28:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Family\AppData\Roaming\mozilla\Firefox\Profiles\kk83a8w9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.08 12:32:50 | 000,002,203 | ---- | M] () -- C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\kk83a8w9.default\searchplugins\MyStart Search.xml
[2012.06.16 14:36:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.20 08:30:35 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.08.11 12:46:41 | 000,001,400 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.11 12:46:41 | 000,001,679 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.11 12:46:41 | 000,000,947 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.11 12:46:41 | 000,006,818 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.10 17:15:17 | 000,001,280 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.11 12:46:41 | 000,000,903 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [uiqsgwhpuackziu] C:\ProgramData\uiqsgwhp.exe (Razer)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Family\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Family\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.5.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30924113-C70C-4A09-92FC-A1E12B183665}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c0f10771-d95e-11e1-8397-8c89a59b9d1d}\Shell - "" = AutoRun
O33 - MountPoints2\{c0f10771-d95e-11e1-8397-8c89a59b9d1d}\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.09.10 09:46:04 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\Malwarebytes
[2012.09.10 09:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.10 09:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.10 09:45:13 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.10 09:45:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.10 09:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\rxwauxnhunlrqqh
[2012.09.10 09:11:39 | 000,154,112 | ---- | C] (Razer) -- C:\ProgramData\uiqsgwhp.exe
[2012.08.18 21:46:41 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\{4EB4D349-9E2F-41BB-9FDE-87C60EFAA4C9}
[2012.08.18 11:50:25 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\{B9023C85-319F-4CEA-8950-FACCCFE70B5A}
[2012.08.18 11:46:18 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\{7F8724CC-B4D5-4582-966A-135BDDC6692D}
[2012.08.11 12:46:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\IO

========== Files - Modified Within 30 Days ==========

[2012.09.10 10:37:48 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Family\Desktop\OTL.exe
[2012.09.10 09:58:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.10 09:57:54 | 522,432,511 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.10 09:45:14 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.10 09:31:07 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.10 09:31:07 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.10 09:11:40 | 000,076,361 | ---- | M] () -- C:\ProgramData\mfshvglcsuwylfd
[2012.09.10 09:11:28 | 000,154,112 | ---- | M] (Razer) -- C:\ProgramData\uiqsgwhp.exe
[2012.08.24 20:00:19 | 000,024,539 | ---- | M] () -- C:\Users\Family\AppData\Local\recently-used.xbel
[2012.08.23 18:16:13 | 001,505,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.23 18:16:13 | 000,656,250 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.23 18:16:13 | 000,618,132 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.23 18:16:13 | 000,131,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.23 18:16:13 | 000,107,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.21 22:15:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012.08.16 15:52:59 | 000,131,246 | ---- | M] () -- C:\Users\Family\Documents\NeuerAva.xcf
[2012.08.16 07:50:37 | 000,363,624 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.15 17:43:09 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2012.08.13 14:24:29 | 000,425,331 | ---- | M] () -- C:\Users\Family\Documents\Meine fellgalerie.xcf

========== Files Created - No Company Name ==========

[2012.09.10 09:45:14 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.10 09:11:28 | 000,076,361 | ---- | C] () -- C:\ProgramData\mfshvglcsuwylfd
[2012.08.24 20:00:19 | 000,024,539 | ---- | C] () -- C:\Users\Family\AppData\Local\recently-used.xbel
[2012.08.21 22:15:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012.08.16 15:52:59 | 000,131,246 | ---- | C] () -- C:\Users\Family\Documents\NeuerAva.xcf
[2012.08.13 14:24:29 | 000,425,331 | ---- | C] () -- C:\Users\Family\Documents\Meine fellgalerie.xcf
[2012.08.10 17:15:14 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.06.18 11:43:16 | 000,241,119 | ---- | C] () -- C:\Windows\hpwins28.dat
[2012.06.18 08:59:27 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.11.23 20:20:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011.11.23 20:20:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.11.23 20:20:21 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.10.14 02:53:18 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.10.14 02:53:02 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.08.22 18:19:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.07.08 08:37:28 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll

========== LOP Check ==========

[2012.06.20 12:54:20 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\cld3-lookup
[2012.07.29 16:55:03 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\DAEMON Tools Lite
[2012.08.10 17:15:14 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\DesktopIconForAmazon
[2012.07.19 18:29:50 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\DVDVideoSoft
[2012.07.19 18:28:54 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.20 16:48:21 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\EssentialGrammarInUse
[2012.06.18 15:03:19 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Leadertech
[2012.07.02 17:39:36 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Lexware
[2012.08.23 18:34:53 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Mp3tag
[2012.08.10 17:15:15 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\OCS
[2012.08.10 17:15:17 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Opera
[2012.07.08 11:35:56 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Samsung
[2012.08.10 17:18:46 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Spesoft Image Converter
[2012.07.28 17:56:00 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\TIPP10
[2012.08.23 17:21:14 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Usenet.nl
[2012.07.26 09:34:05 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >

OTL Extras logfile created on: 10.09.2012 11:47:15 - Run 1
OTL by OldTimer - Version 3.2.55.0 Folder = G:\
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

5,98 Gb Total Physical Memory | 4,68 Gb Available Physical Memory | 78,24% Memory free
11,96 Gb Paging File | 10,88 Gb Available in Paging File | 90,93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1346,17 Gb Total Space | 1224,41 Gb Free Space | 90,96% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 26,00 Gb Free Space | 52,00% Space Free | Partition Type: NTFS
Drive G: | 14,91 Gb Total Space | 13,57 Gb Free Space | 91,06% Space Free | Partition Type: FAT32

Computer Name: FAMILY-PC | User Name: Family | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files (x86)\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05A0BB44-4688-4211-921F-A0D14A8CE8AB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{09CF5675-1417-4FEA-8B5D-E3E89F53BE10}" = lport=10243 | protocol=6 | dir=in | app=system |
"{1D86445A-841A-45FE-8541-49A11016E1E9}" = rport=445 | protocol=6 | dir=out | app=system |
"{1EE3054E-6B05-42D9-8583-8663E24ADB63}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{22E8D74B-B39C-44CA-AAB4-9A84A310FD9C}" = lport=445 | protocol=6 | dir=in | app=system |
"{3EAA5FE2-03FC-45A6-AA10-C2F8CFF0D1A4}" = lport=138 | protocol=17 | dir=in | app=system |
"{4EB79F11-CE8B-45DD-ABA2-9D6BA0B1226A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{521B1E2A-FB2C-4462-A2F6-C7E386583405}" = rport=137 | protocol=17 | dir=out | app=system |
"{5ED9F85D-F266-46CE-904D-B53B656656CD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{65382EC9-AD9F-40A6-B09D-2481A129A995}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6FAD02F0-BC4E-4D15-ABD3-98372560ABFB}" = lport=139 | protocol=6 | dir=in | app=system |
"{75A23DCB-F997-4391-9E7C-394A3F47857F}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{7E215EDA-AC12-4AB6-AB6C-775CAE66DF51}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C1ED6D4-8E80-48A5-9EE2-0D4816133637}" = rport=10243 | protocol=6 | dir=out | app=system |
"{95082602-8580-429C-8C62-D51BABBB3281}" = rport=139 | protocol=6 | dir=out | app=system |
"{9F09EBCA-82E9-40CB-AC68-4FD587AB90D5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{AF5427AC-F8B7-4134-946A-4749DA8EA1D6}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{B613BCCF-00AD-4313-B6CA-5F7630D9B3D9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B9CC9BBC-B530-4955-AF76-57749E58C9B8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C134B4C8-E39C-441B-9623-CB4FEA5D4451}" = rport=138 | protocol=17 | dir=out | app=system |
"{DE041A4B-7A97-4BA3-85F2-5B4C1C228346}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{E090C514-0FDC-4EAA-8402-A683AA1859E3}" = lport=137 | protocol=17 | dir=in | app=system |
"{E220618C-E7C9-4AB4-9555-0CD49B2A6986}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{F48BBCC7-16E9-4B3B-9CC0-ECFB90B6E15C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{032D90D3-8678-4395-BB2F-900B9CB301AF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{06944EC1-1BC3-45A4-98BA-48DAB6B9819A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0B75EFDA-53F7-44DB-8E41-D63C92F8838E}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{11A5C3CC-1FA5-46F6-ACED-CD5C955EB2B4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{152042FF-9A10-4DD6-81DE-CCBA89E51DE1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{19214321-57D7-4837-964D-3CA07A56FD91}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1CF126D0-F3EA-4073-8E73-F83C088A39CB}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{1D16F058-0312-4404-8B2F-9C46508C3047}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{2D5B252F-77BB-4FB5-AC82-1315447A15F2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{303A40A6-9D18-49AF-B0E8-0E666483855F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{350FE17B-8A2E-4EEE-82CE-29053EE1D10E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3674343A-0EEE-4419-8D91-89BF86ED3591}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{3725C937-C352-48DA-A6D1-8382529C2CD9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{39BD76DB-B073-4DD3-9704-F46C51EC51E8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{3C3B0281-0469-4D23-81A1-FC40142FD335}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{3C6AF1B5-B17D-498F-A82E-8BA593732BF0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{3C740C7B-7EAF-4F70-846D-48EC03F927C8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{439EE0AA-75A2-4E18-B2FF-4D351B40BF95}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{4AE1B108-5F46-4EB8-9E01-2CF6801F6DBA}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{4B0708B4-BF13-48A0-92B6-52846D34CE2C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{57238740-16B2-46A2-8824-E2020008CE90}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
"{5AE1DAAE-CACD-4C3E-874E-F56E1AE7E8BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6BC13C1B-06EE-4C9E-8D66-D5ADFB66FF8B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7224F215-AD1E-4862-9B72-C1B598E5EFB9}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{7E15BA72-6F59-4DE9-A6A7-417B81451CE6}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{942FCE20-9FB4-49D5-8012-BB3EA3FD9EF3}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{9828511A-3A51-476B-AC2C-EA50F6C112B0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AB4E65A9-9412-45D3-94E2-8DA0DCF897FF}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AB79ACD5-F1AF-42FD-B0F3-C9876748A30E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{ABF7AF7A-1BA0-4BDF-9026-A7A50D3BCA3D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AEA427B0-39F0-432E-866D-6C99886F78CF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{BE70EB09-2972-4D14-9E15-483EE4BB6355}" = protocol=6 | dir=out | app=system |
"{CB5F6BFD-F0F3-461D-A85D-5957A78D3BE4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{CCA743F8-CE9A-452C-9243-EC8B73208AEA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{CEDADB59-EA50-4D57-994A-DF2B3D8776C4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D124D0B5-CC85-4711-8F06-9F4E4D8947F4}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{D3A901B5-0AA4-4578-B211-6BA7460301FD}" = dir=in | app=e:\setup\hpznui40.exe |
"{DA36937B-37D6-4DF1-9F37-89D8BF3A6D44}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{DB23848F-21DA-4B01-86FB-9E87D78FAEFE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{DC07050F-E9F9-4725-802F-57A34D8ADD5E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DF777CC7-21A3-46B3-B080-E257C64FFB66}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EC451069-8350-41F0-8DA2-144E5C805114}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F07F71C8-0E37-431E-8990-447FEFA20089}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F3510C72-1846-43BF-85E1-C0FF8FD30BCD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F3BF9107-6036-4019-968E-F1A06B7E9FD4}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{FC06D23C-F79C-4F6B-8123-FAF3EE033BBF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"TCP Query User{FD84B86A-1776-476B-B457-9E8EC4D86C6B}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{39CDA524-E263-4821-906D-29A2D1AC0777}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07ECB2CD-DC4D-9170-0832-6D0241F282E9}" = AMD AVIVO64 Codecs
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{3BFAF653-4B91-2C87-82FE-DAF4C0F7BF18}" = AMD Drag and Drop Transcoding
"{455196BE-3B39-D0C3-0DB4-7F572F9DAC9A}" = ccc-utility64
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4EC57D6F-D4B2-DA64-DA3D-AA974526BA29}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6A25E342-A5DE-9A33-5118-5E22D8A8C774}" = AMD Catalyst Install Manager
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9D046B26-7978-47CD-91E6-AC3C1DFBC3D0}" = Microsoft Security Client
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"DesktopIconAmazon" = Desktop Icon für Amazon
"GIMP-2_is1" = GIMP 2.8.0
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Shop for HP Supplies" = Shop for HP Supplies

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0269C1CD-92C4-B8B4-6A13-4287CB880CDF}" = CCC Help Finnish
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{05FFC359-64F3-A1C7-16A6-4BECC05D0519}" = CCC Help Norwegian
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20E7F0EE-DE26-3287-FFB2-11F33ECE35F3}" = CCC Help Italian
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EF1CACD-24D7-DD2C-627B-AEFD3B951C6E}" = CCC Help English
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{2FB06C2A-0D2F-1962-532A-AEC79851E241}" = CCC Help Dutch
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{498765E0-6D72-309A-6019-3F2DDAD6808A}" = CCC Help French
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{55118EA0-31F5-A638-4238-50D632B73D64}" = Catalyst Control Center Localization All
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{56D13BAF-37D4-EC49-AF10-19F3E91B40E1}" = CCC Help Spanish
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{7069F9BA-0CC9-08AA-1825-1CB65D90BC24}" = CCC Help Danish
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{84476376-B090-A920-6C99-3C01F106406F}" = Catalyst Control Center InstallProxy
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{97490A5C-49CB-468C-1639-9FB58BAA44CD}" = CCC Help Swedish
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.4) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C51AF995-1F7C-465F-A80B-EBBFE7969531}" = CCC Help Japanese
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E3E3281A-1D64-D7B4-9574-70E58CA258D5}" = Catalyst Control Center
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F3C6C49E-1450-7F9B-1457-B167B8FEB842}" = CCC Help German
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA3FDB06-3368-4579-B2F2-5AE8AD6E7871}" = TAXMAN 2012
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"DAEMON Tools Lite" = DAEMON Tools Lite
"Die Sims Daten 8.0" = Die Sims
"Die Sims8.0" = Die Sims
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"Free Audio CD to MP3 Converter_is1" = Free Audio CD to MP3 Converter version 1.3.12.1228
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.26.706
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}" = CyberLink WaveEditor
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.52
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"TIPP10_is1" = TIPP10 Version 2.1.0
"Usenet.nl_is1" = Usenet.nl
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 09.09.2012 10:58:37 | Computer Name = Family-PC | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
args)

Error - 09.09.2012 10:59:19 | Computer Name = Family-PC | Source = WinMgmt | ID = 10
Description =

Error - 10.09.2012 01:54:48 | Computer Name = Family-PC | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
args)

Error - 10.09.2012 01:56:21 | Computer Name = Family-PC | Source = WinMgmt | ID = 10
Description =

Error - 10.09.2012 03:17:00 | Computer Name = Family-PC | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
args)

Error - 10.09.2012 03:17:40 | Computer Name = Family-PC | Source = WinMgmt | ID = 10
Description =

Error - 10.09.2012 03:23:58 | Computer Name = Family-PC | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
args)

Error - 10.09.2012 03:24:33 | Computer Name = Family-PC | Source = WinMgmt | ID = 10
Description =

Error - 10.09.2012 03:42:33 | Computer Name = Family-PC | Source = WinMgmt | ID = 10
Description =

Error - 10.09.2012 03:54:50 | Computer Name = Family-PC | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)

bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)

--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)

bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
args)

Error - 10.09.2012 03:55:34 | Computer Name = Family-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 10.09.2012 03:58:22 | Computer Name = Family-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 10.09.2012 03:58:22 | Computer Name = Family-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 10.09.2012 03:58:22 | Computer Name = Family-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 10.09.2012 03:58:22 | Computer Name = Family-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 10.09.2012 03:58:22 | Computer Name = Family-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 10.09.2012 03:58:39 | Computer Name = Family-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 10.09.2012 04:00:05 | Computer Name = Family-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host"
abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 10.09.2012 05:46:41 | Computer Name = Family-PC | Source = DCOM | ID = 10005
Description =

Error - 10.09.2012 05:46:41 | Computer Name = Family-PC | Source = DCOM | ID = 10005
Description =

Error - 10.09.2012 05:46:40 | Computer Name = Family-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.


< End of report >

cosinus 11.09.2012 12:14
Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?



Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten

Modo 12.09.2012 07:25
Hallo Cosinus,

vielen Dank für deine Antwort.

Ja, der Rechner läuft im abgesichteren Modus mit Netzwerktreibern, ich habe Internetzugriff.:applaus:

Für deine weitere Hilfestellung bedanke ich mich schon mal

Gruß Modo

cosinus 12.09.2012 13:34
Wenn dieser Modus funktioniert, kannst du erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!



ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset




Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log

Modo 12.09.2012 17:15
Hallo Cosinus,

danke für deine schnelle Antwort. Bin nach dem Fahrplan vorgegangen und habe die Log-Files im hierher kopiert, bin mit den Code-Tags nicht klar gekommen, hab nicht kapiert was ich machen sollte. Zusätzlich sind die Log-Dateien im Anhang ( auch die bereits gesendeten Log-Dateien).

Eset hat keine Threads gefunden und mir auch nicht die Möglichkeit angeboten ein Protokoll anzuzeigen.

Gruß Modo


Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.12.03

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Family :: FAMILY-PC [Administrator]

Schutz: Deaktiviert

12.09.2012 14:42:15
mbam-log-2012-09-12 (14-42-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 395596
Laufzeit: 40 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|uiqsgwhpuackziu (Trojan.Phex.THAGen9) -> Daten: C:\ProgramData\uiqsgwhp.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\uiqsgwhp.exe (Trojan.Phex.THAGen9) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.12.03

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Family :: FAMILY-PC [Administrator]

Schutz: Deaktiviert

12.09.2012 14:42:15
mbam-log-2012-09-12 (16-45-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 395596
Laufzeit: 40 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|uiqsgwhpuackziu (Trojan.Phex.THAGen9) -> Daten: C:\ProgramData\uiqsgwhp.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\uiqsgwhp.exe (Trojan.Phex.THAGen9) -> Keine Aktion durchgeführt.

(Ende)
2012/09/10 09:55:13 +0200 FAMILY-PC Family MESSAGE Starting protection
2012/09/10 09:55:17 +0200 FAMILY-PC Family MESSAGE Protection started successfully
2012/09/10 09:55:20 +0200 FAMILY-PC Family MESSAGE Starting IP protection
2012/09/10 09:55:20 +0200 FAMILY-PC Family MESSAGE IP Protection started successfully

cosinus 12.09.2012 20:20
Zitat:
bin mit den Code-Tags nicht klar gekommen, hab nicht kapiert was ich machen sollte.
Es ist doch nun wirklich haarklein erklärt :(
Einfach die Logs hier einfügen, dann markieren und den Button in der Formatierleiste klicken (mit # beschriftet) oder eben die CODE-Tags selber reinschreiben - ich hab extra die Erklärung für die BB-Tags verlinkt! Also bitte richtig lesen
Und Logs im Anhang finde ich sehr sehr suboptimal

Modo 13.09.2012 11:28
Hallo Cosinus,

entschuldige bitte die Umstände:heulen:, bin halt doch nur anwender.
Ich hoffe das es so jetzt richtig ist. Wie schon vorher mitgeteilt hat mir eset-online keine Logdatei angezeigt die ich hier anhängen könnte.

Gruß Modo

Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.04.08

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
Family :: FAMILY-PC [Administrator]

Schutz: Deaktiviert

10.09.2012 09:52:49
mbam-log-2012-09-10 (09-52-49).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 203140
Laufzeit: 14 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.04.04.08

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus)
Internet Explorer 9.0.8112.16421
Family :: FAMILY-PC [Administrator]

Schutz: Deaktiviert

10.09.2012 10:00:12
mbam-log-2012-09-10 (10-00-12).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 392415
Laufzeit: 1 Stunde(n), 36 Minute(n), 35 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.12.03

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Family :: FAMILY-PC [Administrator]

Schutz: Deaktiviert

12.09.2012 14:42:15
mbam-log-2012-09-12 (14-42-15).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 395596
Laufzeit: 40 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|uiqsgwhpuackziu (Trojan.Phex.THAGen9) -> Daten: C:\ProgramData\uiqsgwhp.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\uiqsgwhp.exe (Trojan.Phex.THAGen9) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
Code:
Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.12.03

Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 9.0.8112.16421
Family :: FAMILY-PC [Administrator]

Schutz: Deaktiviert

12.09.2012 14:42:15
mbam-log-2012-09-12 (16-45-10).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 395596
Laufzeit: 40 Minute(n), 29 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|uiqsgwhpuackziu (Trojan.Phex.THAGen9) -> Daten: C:\ProgramData\uiqsgwhp.exe -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\uiqsgwhp.exe (Trojan.Phex.THAGen9) -> Keine Aktion durchgeführt.

(Ende)
Code:
2012/09/10 09:55:13 +0200        FAMILY-PC        Family        MESSAGE        Starting protection
2012/09/10 09:55:17 +0200        FAMILY-PC        Family        MESSAGE        Protection started successfully
2012/09/10 09:55:20 +0200        FAMILY-PC        Family        MESSAGE        Starting IP protection
2012/09/10 09:55:20 +0200        FAMILY-PC        Family        MESSAGE        IP Protection started successfully

cosinus 13.09.2012 20:16
Geht doch ;)
Nur weil man Anwender ist muss man nicht immer diese Ausrede haben. Es sind doch nur ein paar Zeilen zum Lesen und wenn man Hilfe erwartet, dann darf der Helfer auch ein wenig Gegenleistung in Form seines Logfileformats haben sollen ;)

adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Rx].txt. (x=fortlaufende Nummer)

Modo 14.09.2012 13:51
Hallo Cosinus,

werde mir das Vorgehen merken, allerdings hoffe ich das ich in Zunkunft damit kein Problem mehr haben werden.

Anbei die gewünschte Textdatei, :dankeschoen:

Gruß Modo

Code:
# AdwCleaner v2.001 - Datei am 09/14/2012 um 14:44:00 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Family - FAMILY-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Family\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\kk83a8w9.default\searchplugins\MyStart Search.xml
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Family\AppData\LocalLow\PriceGong

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2625848
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASMANCS
Schlüssel Gefunden : HKLM\Software\Web Assistant
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Web Assistant
Schlüssel Gefunden : HKU\S-1-5-21-981068331-3160160095-2827742430-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default
Datei : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\kk83a8w9.default\prefs.js

Gefunden : user_pref("CT2625848.129181467798530017.isToggled_item0_11", "true");
Gefunden : user_pref("CT2625848.FirstTime", "true");
Gefunden : user_pref("CT2625848.FirstTimeFF3", "true");
Gefunden : user_pref("CT2625848.UserID", "UN25626998129678973");
Gefunden : user_pref("CT2625848.fixUrls", true);
Gefunden : user_pref("CT2625848.settingsINI", true);
Gefunden : user_pref("extensions.incredibar_i.aflt", "orgnl");
Gefunden : user_pref("extensions.incredibar_i.dfltLng", "");
Gefunden : user_pref("extensions.incredibar_i.did", "10665");
Gefunden : user_pref("extensions.incredibar_i.excTlbr", false);
Gefunden : user_pref("extensions.incredibar_i.id", "56b79f850000000000008c89a59b9d1d");
Gefunden : user_pref("extensions.incredibar_i.installerproductid", "26");
Gefunden : user_pref("extensions.incredibar_i.instlDay", "15529");
Gefunden : user_pref("extensions.incredibar_i.instlRef", "");
Gefunden : user_pref("extensions.incredibar_i.ms_url_id", "");
Gefunden : user_pref("extensions.incredibar_i.newTab", false);
Gefunden : user_pref("extensions.incredibar_i.ppd", "");
Gefunden : user_pref("extensions.incredibar_i.prdct", "incredibar");
Gefunden : user_pref("extensions.incredibar_i.productid", "26");
Gefunden : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Gefunden : user_pref("extensions.incredibar_i.smplGrp", "none");
Gefunden : user_pref("extensions.incredibar_i.tlbrId", "base");
Gefunden : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyHj8yZ3W&loc=IB[...]
Gefunden : user_pref("extensions.incredibar_i.upn2", "6OyHj8yZ3W");
Gefunden : user_pref("extensions.incredibar_i.upn2n", "92261719396639672");
Gefunden : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Gefunden : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1412:33:00");
Gefunden : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");

*************************

AdwCleaner[R1].txt - [4771 octets] - [14/09/2012 14:44:00]

########## EOF - C:\AdwCleaner[R1].txt - [4831 octets] ##########

cosinus 14.09.2012 19:46
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x=fortlaufende Nummer)

Modo 15.09.2012 08:25
Hallo Cosinus,

anbei die gewünschte Log-Datei

Code:
# AdwCleaner v2.001 - Datei am 09/15/2012 um 09:19:37 erstellt
# Aktualisiert am 09/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Family - FAMILY-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Family\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\kk83a8w9.default\searchplugins\MyStart Search.xml
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Family\AppData\LocalLow\PriceGong

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2625848
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASMANCS
Schlüssel Gelöscht : HKLM\Software\Web Assistant
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v14.0.1 (de)

Profilname : default
Datei : C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\kk83a8w9.default\prefs.js

C:\Users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\kk83a8w9.default\user.js ... Gelöscht !

Gelöscht : user_pref("CT2625848.129181467798530017.isToggled_item0_11", "true");
Gelöscht : user_pref("CT2625848.FirstTime", "true");
Gelöscht : user_pref("CT2625848.FirstTimeFF3", "true");
Gelöscht : user_pref("CT2625848.UserID", "UN25626998129678973");
Gelöscht : user_pref("CT2625848.fixUrls", true);
Gelöscht : user_pref("CT2625848.settingsINI", true);
Gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl");
Gelöscht : user_pref("extensions.incredibar_i.dfltLng", "");
Gelöscht : user_pref("extensions.incredibar_i.did", "10665");
Gelöscht : user_pref("extensions.incredibar_i.excTlbr", false);
Gelöscht : user_pref("extensions.incredibar_i.id", "56b79f850000000000008c89a59b9d1d");
Gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26");
Gelöscht : user_pref("extensions.incredibar_i.instlDay", "15529");
Gelöscht : user_pref("extensions.incredibar_i.instlRef", "");
Gelöscht : user_pref("extensions.incredibar_i.ms_url_id", "");
Gelöscht : user_pref("extensions.incredibar_i.newTab", false);
Gelöscht : user_pref("extensions.incredibar_i.ppd", "");
Gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar");
Gelöscht : user_pref("extensions.incredibar_i.productid", "26");
Gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base");
Gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyHj8yZ3W&loc=IB[...]
Gelöscht : user_pref("extensions.incredibar_i.upn2", "6OyHj8yZ3W");
Gelöscht : user_pref("extensions.incredibar_i.upn2n", "92261719396639672");
Gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1412:33:00");
Gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");

*************************

AdwCleaner[R1].txt - [4890 octets] - [14/09/2012 14:44:00]
AdwCleaner[S1].txt - [5333 octets] - [15/09/2012 09:19:37]

########## EOF - C:\AdwCleaner[S1].txt - [5393 octets] ##########

cosinus 15.09.2012 14:03
Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!)

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Modo 15.09.2012 19:12
Der normale Modus läuft wieder uneingeschränkt. :taenzer:

Im Startmenue vermisse ich nichts.

Unter "alle Programme" habe ich einen Ordner "Memeo" gefunden mit der Datei " "Memeo Instant Backup" kenne ich nicht war auch vorher nicht da.

Unter Win Explorer habe ich im Verzeichnis "ProgrammData" einen Ordner "rxwauxnhunlrqqh" mit *.png, css Dateien und einer jquery,main.js Datei gefunden. Es ist auch das Logo der Bundespolizei in diesem Ordner, ich war aber nicht auf der Seite der Bundespolizei.:wtf:

Auch Win Exploer im Verzeichnis "Programme" den leeren Ordner "Uninstall Informationen".

Ansonsten ist mir nichts aufgefallen.

cosinus 16.09.2012 16:10
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

Modo 16.09.2012 16:45
Hallo Cosinus,

anbei die Log-Datei mit dem eingefügten Inhalt in die Codebox:

Modo

Code:
OTL logfile created on: 16.09.2012 17:34:09 - Run 3
OTL by OldTimer - Version 3.2.61.5    Folder = C:\Users\Family\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
5,98 Gb Total Physical Memory | 3,80 Gb Available Physical Memory | 63,47% Memory free
11,96 Gb Paging File | 8,53 Gb Available in Paging File | 71,29% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1346,17 Gb Total Space | 1223,89 Gb Free Space | 90,92% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 26,00 Gb Free Space | 52,00% Space Free | Partition Type: NTFS
Drive F: | 5,56 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 1397,26 Gb Total Space | 1395,52 Gb Free Space | 99,88% Space Free | Partition Type: NTFS
 
Computer Name: FAMILY-PC | User Name: Family | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.09.16 17:21:41 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Family\Desktop\OTL.exe
PRC - [2012.09.15 09:30:24 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.08.07 07:25:12 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.08.07 07:25:02 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.08.07 07:25:02 | 000,960,440 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe
PRC - [2012.07.28 16:51:19 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
PRC - [2012.07.27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.11.11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.07.31 14:07:18 | 000,189,808 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2011.05.20 19:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.05.20 19:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.03.11 14:08:32 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.03.11 14:08:31 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.11.05 10:28:14 | 000,083,248 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
PRC - [2010.08.04 01:39:38 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.09.15 09:30:16 | 002,244,064 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.08.21 21:26:26 | 000,115,137 | ---- | M] () -- C:\Users\Family\AppData\Local\Temp\d6ebea43-a7f6-428d-ab33-ddb1ea1983ec\CliSecureRT.dll
MOD - [2012.08.07 07:25:12 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012.07.28 16:51:19 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
MOD - [2012.07.08 13:46:02 | 000,221,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll
MOD - [2012.07.08 13:45:46 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll
MOD - [2012.07.08 13:44:51 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll
MOD - [2012.07.08 13:44:46 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll
MOD - [2012.07.08 13:44:30 | 000,194,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\CustomMarshalers\c6f50454841e46989bfbf8b70d598db0\CustomMarshalers.ni.dll
MOD - [2012.07.08 11:32:48 | 018,019,840 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll
MOD - [2012.07.08 11:32:39 | 011,522,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll
MOD - [2012.07.08 11:32:38 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll
MOD - [2012.07.08 11:32:35 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll
MOD - [2012.07.08 11:32:34 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll
MOD - [2012.07.08 11:32:32 | 003,881,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll
MOD - [2012.07.08 11:32:32 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll
MOD - [2012.07.08 11:32:31 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll
MOD - [2012.07.08 11:32:31 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll
MOD - [2012.07.08 11:32:30 | 009,092,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll
MOD - [2012.07.08 11:32:27 | 014,414,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll
MOD - [2012.06.17 19:41:10 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\0018dd52b56988a833ee41699cf49325\IAStorUtil.ni.dll
MOD - [2012.06.17 19:32:21 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.06.17 19:32:03 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.17 19:31:59 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.17 19:31:46 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.06.17 19:31:44 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.06.17 19:31:43 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.06.17 19:31:36 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.11.11 14:08:18 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
MOD - [2011.11.11 14:08:18 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
MOD - [2011.11.11 14:08:18 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
MOD - [2011.11.11 14:08:18 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
MOD - [2011.11.11 14:08:06 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
MOD - [2011.03.11 11:19:23 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.08.04 01:39:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2010.08.04 01:39:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.03.26 18:49:56 | 000,291,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV:64bit: - [2012.03.26 18:49:56 | 000,012,600 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2011.10.13 22:30:42 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.09.15 09:30:24 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.07.27 13:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.18 06:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.09.28 02:47:38 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService)
SRV - [2011.05.20 19:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.03.11 14:08:32 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.03.11 14:08:31 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.11.05 10:28:14 | 000,083,248 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe -- (Lexware_Datenbank_Plus)
SRV - [2010.03.18 22:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.21 21:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.07.29 16:53:10 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.06.04 09:59:20 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.06.04 09:59:20 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.03.20 20:44:12 | 000,098,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.18 06:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2012.01.18 06:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.10.13 23:37:28 | 010,496,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.10.13 21:52:48 | 000,326,656 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.08.02 02:47:30 | 000,391,144 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.08.02 02:47:30 | 000,129,000 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.06.10 14:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.06.07 00:07:00 | 000,231,440 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2011.06.02 07:47:22 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.06.02 07:47:22 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011.06.02 07:47:22 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011.05.20 18:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.11 14:08:31 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.21 07:55:02 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2010.12.21 07:55:02 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdm.sys -- (sscemdm)
DRV:64bit: - [2010.12.21 07:55:02 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2010.12.21 07:55:02 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscebus.sys -- (sscebus)
DRV:64bit: - [2010.12.21 07:55:02 | 000,036,328 | ---- | M] (Google Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadadb.sys -- (androidusb)
DRV:64bit: - [2010.12.21 07:55:02 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2010.12.21 07:55:02 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscemdfl.sys -- (sscemdfl)
DRV:64bit: - [2010.11.25 15:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-981068331-3160160095-2827742430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF
IE - HKU\S-1-5-21-981068331-3160160095-2827742430-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-981068331-3160160095-2827742430-1000\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - No CLSID value found
IE - HKU\S-1-5-21-981068331-3160160095-2827742430-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-981068331-3160160095-2827742430-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-981068331-3160160095-2827742430-1000\..\SearchScopes\{9DBFA586-DA9C-4062-96DC-DF38485BB207}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNF_enDE393
IE - HKU\S-1-5-21-981068331-3160160095-2827742430-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.18 11:46:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.15 09:30:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.18 11:46:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.15 09:30:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.06.16 14:37:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Family\AppData\Roaming\mozilla\Extensions
[2012.08.11 13:18:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Family\AppData\Roaming\mozilla\Firefox\Profiles\kk83a8w9.default\extensions
[2012.07.19 18:28:55 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Family\AppData\Roaming\mozilla\Firefox\Profiles\kk83a8w9.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.28 15:42:09 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Family\AppData\Roaming\mozilla\firefox\profiles\kk83a8w9.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.06.16 14:36:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.15 09:30:24 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.15 09:30:15 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.15 09:30:15 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.15 09:30:15 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.15 09:30:15 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.15 09:30:15 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.15 09:30:15 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-981068331-3160160095-2827742430-1000\..\Toolbar\WebBrowser: (no name) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-981068331-3160160095-2827742430-1000..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-981068331-3160160095-2827742430-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-981068331-3160160095-2827742430-1000..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKU\S-1-5-21-981068331-3160160095-2827742430-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-981068331-3160160095-2827742430-1000..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-981068331-3160160095-2827742430-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_268_Plugin.exe (Adobe Systems Incorporated)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Family\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Family\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{30924113-C70C-4A09-92FC-A1E12B183665}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.04.30 04:57:32 | 000,054,544 | R--- | M] (Electronic Arts) - F:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2008.10.22 01:48:37 | 000,000,045 | R--- | M] () - F:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{c0f10771-d95e-11e1-8397-8c89a59b9d1d}\Shell - "" = AutoRun
O33 - MountPoints2\{c0f10771-d95e-11e1-8397-8c89a59b9d1d}\Shell\AutoRun\command - "" = F:\Autorun.exe -- [2009.04.30 04:57:32 | 000,054,544 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: MsMpSvc - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.16 17:21:39 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\Family\Desktop\OTL.exe
[2012.09.16 11:01:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sybase
[2012.09.16 11:00:39 | 001,929,216 | ---- | C] (Amyuni Technologies
hxxp://www.amyuni.com) -- C:\Windows\SysWow64\cdintf250.dll
[2012.09.15 10:06:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.09.12 16:50:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.09.12 16:49:55 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Family\Desktop\esetsmartinstaller_enu.exe
[2012.09.10 09:46:04 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Roaming\Malwarebytes
[2012.09.10 09:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.10 09:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.10 09:45:13 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.10 09:45:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.10 09:11:40 | 000,000,000 | ---D | C] -- C:\ProgramData\rxwauxnhunlrqqh
[2012.08.18 21:46:41 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\{4EB4D349-9E2F-41BB-9FDE-87C60EFAA4C9}
[2012.08.18 11:50:25 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\{B9023C85-319F-4CEA-8950-FACCCFE70B5A}
[2012.08.18 11:46:18 | 000,000,000 | ---D | C] -- C:\Users\Family\AppData\Local\{7F8724CC-B4D5-4582-966A-135BDDC6692D}
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.16 17:21:41 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Family\Desktop\OTL.exe
[2012.09.16 12:53:59 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.16 12:53:59 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.16 11:13:20 | 001,505,270 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.16 11:13:20 | 000,656,250 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.16 11:13:20 | 000,618,132 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.16 11:13:20 | 000,131,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.16 11:13:20 | 000,107,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.16 11:02:53 | 000,000,153 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.09.16 09:29:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.16 09:29:16 | 522,432,511 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.15 09:28:02 | 000,512,399 | ---- | M] () -- C:\Users\Family\Desktop\adwcleaner.exe
[2012.09.12 16:49:56 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Family\Desktop\esetsmartinstaller_enu.exe
[2012.09.12 09:04:10 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.10 09:11:40 | 000,076,361 | ---- | M] () -- C:\ProgramData\mfshvglcsuwylfd
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.24 20:00:19 | 000,024,539 | ---- | M] () -- C:\Users\Family\AppData\Local\recently-used.xbel
[2012.08.21 22:15:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
 
========== Files Created - No Company Name ==========
 
[2012.09.16 11:02:53 | 000,000,153 | ---- | C] () -- C:\Windows\ODBC.INI
[2012.09.15 09:27:58 | 000,512,399 | ---- | C] () -- C:\Users\Family\Desktop\adwcleaner.exe
[2012.09.10 09:45:14 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.10 09:11:28 | 000,076,361 | ---- | C] () -- C:\ProgramData\mfshvglcsuwylfd
[2012.08.24 20:00:19 | 000,024,539 | ---- | C] () -- C:\Users\Family\AppData\Local\recently-used.xbel
[2012.08.21 22:15:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_ssadadb_01005.Wdf
[2012.08.10 17:15:14 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.06.18 11:43:16 | 000,241,119 | ---- | C] () -- C:\Windows\hpwins28.dat
[2012.06.18 08:59:27 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.23 18:49:34 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.05.23 18:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.05.23 18:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.05.23 18:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.05.23 18:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.01.18 06:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 06:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 06:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2011.11.23 20:20:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2011.11.23 20:20:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.11.23 20:20:21 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.10.14 02:53:18 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OpenVideo.dll
[2011.10.14 02:53:02 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.08.22 18:19:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.07.08 08:37:28 | 000,053,760 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2010.10.21 14:19:42 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll
[2010.10.21 14:18:46 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll
[2010.10.21 14:16:58 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll
[2010.10.21 14:16:34 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll
 
========== LOP Check ==========
 
[2012.06.20 12:54:20 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\cld3-lookup
[2012.07.29 16:55:03 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\DAEMON Tools Lite
[2012.08.10 17:15:14 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\DesktopIconForAmazon
[2012.07.19 18:29:50 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\DVDVideoSoft
[2012.07.19 18:28:54 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.20 16:48:21 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\EssentialGrammarInUse
[2012.06.18 15:03:19 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Leadertech
[2012.09.16 11:04:23 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Lexware
[2012.08.23 18:34:53 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Mp3tag
[2012.08.10 17:15:15 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\OCS
[2012.08.10 17:15:17 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Opera
[2012.09.15 19:13:03 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Samsung
[2012.08.10 17:18:46 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Spesoft Image Converter
[2012.07.28 17:56:00 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\TIPP10
[2012.09.15 19:12:44 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Usenet.nl
[2012.07.26 09:34:05 | 000,032,554 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012.06.20 16:54:36 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Adobe
[2012.06.16 14:26:58 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\ATI
[2012.06.20 12:54:20 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\cld3-lookup
[2012.07.29 12:24:12 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\CyberLink
[2012.07.29 16:55:03 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\DAEMON Tools Lite
[2012.08.10 17:15:14 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\DesktopIconForAmazon
[2012.07.19 18:29:50 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\DVDVideoSoft
[2012.07.19 18:28:54 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.20 16:48:21 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\EssentialGrammarInUse
[2012.07.20 13:27:02 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\HP
[2012.06.16 14:26:31 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Identities
[2012.06.16 14:26:52 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Intel Corporation
[2012.06.18 15:03:19 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Leadertech
[2012.09.16 11:04:23 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Lexware
[2011.08.22 19:09:47 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Macromedia
[2012.09.10 09:46:04 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Malwarebytes
[2010.11.21 09:16:41 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Media Center Programs
[2012.09.16 11:13:23 | 000,000,000 | --SD | M] -- C:\Users\Family\AppData\Roaming\Microsoft
[2012.06.16 14:37:08 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Mozilla
[2012.08.23 18:34:53 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Mp3tag
[2012.08.10 17:15:15 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\OCS
[2012.08.10 17:15:17 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Opera
[2012.09.15 19:13:03 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Samsung
[2012.09.16 09:36:33 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Skype
[2012.08.10 17:18:46 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Spesoft Image Converter
[2012.07.28 17:56:00 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\TIPP10
[2012.09.15 19:12:44 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\Usenet.nl
[2012.09.15 19:14:13 | 000,000,000 | ---D | M] -- C:\Users\Family\AppData\Roaming\vlc
 
< %APPDATA%\*.exe /s >
[2012.08.10 17:15:13 | 000,753,664 | ---- | M] (Microsoft) -- C:\Users\Family\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe
[2011.11.23 20:35:19 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Family\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
[2012.06.18 15:03:18 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Family\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2012.07.29 17:00:29 | 000,010,134 | R--- | M] () -- C:\Users\Family\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2012.08.10 17:15:15 | 000,106,496 | ---- | M] (OCS) -- C:\Users\Family\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
[2012.08.10 17:15:15 | 000,040,960 | ---- | M] () -- C:\Users\Family\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
[2012.08.07 07:25:14 | 000,593,848 | ---- | M] (ml) -- C:\Users\Family\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe
[2012.08.31 02:52:26 | 000,593,848 | ---- | M] (ml) -- C:\Users\Family\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTOR.SYS  >
[2011.05.20 18:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\drivers\iaStor.sys
[2011.05.20 18:53:44 | 000,557,848 | ---- | M] (Intel Corporation) MD5=2FDAEC4B02729C48C0FD1B0B4695995B -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_e6913aab23ea9a9c\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >

< End of report >

cosinus 17.09.2012 08:46
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
:OTL
FF - user.js - File not found
O3 - HKU\S-1-5-21-981068331-3160160095-2827742430-1000\..\Toolbar\WebBrowser: (no name) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c0f10771-d95e-11e1-8397-8c89a59b9d1d}\Shell - "" = AutoRun
:Files
C:\ProgramData\rxwauxnhunlrqqh
C:\Users\Family\AppData\Local\{*
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Modo 17.09.2012 16:38
Hallo Cosinus,

anbei das Log-File von dem OTL durchlauf.


Code:
All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-981068331-3160160095-2827742430-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0f10771-d95e-11e1-8397-8c89a59b9d1d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0f10771-d95e-11e1-8397-8c89a59b9d1d}\ not found.
========== FILES ==========
C:\ProgramData\rxwauxnhunlrqqh folder moved successfully.
C:\Users\Family\AppData\Local\{331E43C9-3E2A-4974-A2F1-C9250D795A29} folder moved successfully.
C:\Users\Family\AppData\Local\{4EB4D349-9E2F-41BB-9FDE-87C60EFAA4C9} folder moved successfully.
C:\Users\Family\AppData\Local\{5D5B1F2D-94D5-43CB-93BB-89BDAC831AD6} folder moved successfully.
C:\Users\Family\AppData\Local\{720AA5F0-A88E-4ED4-95E2-1B7C32BFEF7F} folder moved successfully.
C:\Users\Family\AppData\Local\{7F8724CC-B4D5-4582-966A-135BDDC6692D} folder moved successfully.
C:\Users\Family\AppData\Local\{8927EEB9-4F3D-46ED-B1D8-D23FA1B57F62} folder moved successfully.
C:\Users\Family\AppData\Local\{A5BE2EE9-0F45-4C75-A7C9-7A117C04E132} folder moved successfully.
C:\Users\Family\AppData\Local\{B9023C85-319F-4CEA-8950-FACCCFE70B5A} folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Family\Desktop\cmd.bat deleted successfully.
C:\Users\Family\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56475 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Family
->Temp folder emptied: 1823799853 bytes
->Temporary Internet Files folder emptied: 35298752 bytes
->Java cache emptied: 192607 bytes
->FireFox cache emptied: 363296209 bytes
->Flash cache emptied: 57877 bytes
 
User: Public
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16605429 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 2.136,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.61.5 log created on 09172012_173036

Files\Folders moved on Reboot...
C:\Users\Family\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\asat0000.tmp scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

cosinus 17.09.2012 20:42
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.

Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtg4nzy0ywy5/settings_2012-09-04.png

Modo 18.09.2012 06:57
anbei das gewünschte Log-File.

Code:
07:50:03.0793 4584  TDSS rootkit removing tool 2.8.8.0 Aug 24 2012 13:27:48
07:50:08.0900 4584  ============================================================
07:50:08.0900 4584  Current date / time: 2012/09/18 07:50:08.0900
07:50:08.0900 4584  SystemInfo:
07:50:08.0900 4584 
07:50:08.0900 4584  OS Version: 6.1.7601 ServicePack: 1.0
07:50:08.0900 4584  Product type: Workstation
07:50:08.0900 4584  ComputerName: FAMILY-PC
07:50:08.0901 4584  UserName: Family
07:50:08.0901 4584  Windows directory: C:\Windows
07:50:08.0901 4584  System windows directory: C:\Windows
07:50:08.0901 4584  Running under WOW64
07:50:08.0901 4584  Processor architecture: Intel x64
07:50:08.0901 4584  Number of processors: 4
07:50:08.0901 4584  Page size: 0x1000
07:50:08.0901 4584  Boot type: Normal boot
07:50:08.0901 4584  ============================================================
07:50:09.0573 4584  Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
07:50:09.0592 4584  ============================================================
07:50:09.0592 4584  \Device\Harddisk0\DR0:
07:50:09.0593 4584  MBR partitions:
07:50:09.0593 4584  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
07:50:09.0593 4584  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xA8454800
07:50:09.0593 4584  \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0xA8487000, BlocksNum 0x6400000
07:50:09.0593 4584  ============================================================
07:50:09.0609 4584  C: <-> \Device\Harddisk0\DR0\Partition2
07:50:09.0662 4584  D: <-> \Device\Harddisk0\DR0\Partition3
07:50:09.0662 4584  ============================================================
07:50:09.0662 4584  Initialize success
07:50:09.0662 4584  ============================================================
07:51:19.0769 5412  ============================================================
07:51:19.0769 5412  Scan started
07:51:19.0769 5412  Mode: Manual; SigCheck; TDLFS;
07:51:19.0769 5412  ============================================================
07:51:19.0973 5412  ================ Scan system memory ========================
07:51:19.0973 5412  System memory - ok
07:51:19.0974 5412  ================ Scan services =============================
07:51:20.0073 5412  [ A87D604AEA360176311474C87A63BB88 ] 1394ohci        C:\Windows\system32\drivers\1394ohci.sys
07:51:20.0192 5412  1394ohci - ok
07:51:20.0215 5412  [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI            C:\Windows\system32\drivers\ACPI.sys
07:51:20.0234 5412  ACPI - ok
07:51:20.0239 5412  [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi        C:\Windows\system32\drivers\acpipmi.sys
07:51:20.0321 5412  AcpiPmi - ok
07:51:20.0484 5412  [ 1474F121C3DF1232D3E7239C03691EE6 ] AdobeActiveFileMonitor9.0 C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
07:51:20.0499 5412  AdobeActiveFileMonitor9.0 - ok
07:51:20.0610 5412  [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
07:51:20.0621 5412  AdobeARMservice - ok
07:51:20.0643 5412  [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
07:51:20.0666 5412  adp94xx - ok
07:51:20.0684 5412  [ 597F78224EE9224EA1A13D6350CED962 ] adpahci        C:\Windows\system32\drivers\adpahci.sys
07:51:20.0697 5412  adpahci - ok
07:51:20.0706 5412  [ E109549C90F62FB570B9540C4B148E54 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
07:51:20.0716 5412  adpu320 - ok
07:51:20.0743 5412  [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
07:51:20.0806 5412  AeLookupSvc - ok
07:51:20.0851 5412  [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD            C:\Windows\system32\drivers\afd.sys
07:51:20.0913 5412  AFD - ok
07:51:20.0927 5412  [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440          C:\Windows\system32\drivers\agp440.sys
07:51:20.0941 5412  agp440 - ok
07:51:20.0967 5412  [ 3290D6946B5E30E70414990574883DDB ] ALG            C:\Windows\System32\alg.exe
07:51:21.0011 5412  ALG - ok
07:51:21.0034 5412  [ 5812713A477A3AD7363C7438CA2EE038 ] aliide          C:\Windows\system32\drivers\aliide.sys
07:51:21.0047 5412  aliide - ok
07:51:21.0075 5412  [ C08ADE825268D291AFE06EDA71415C7D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
07:51:21.0147 5412  AMD External Events Utility - ok
07:51:21.0167 5412  [ 1FF8B4431C353CE385C875F194924C0C ] amdide          C:\Windows\system32\drivers\amdide.sys
07:51:21.0174 5412  amdide - ok
07:51:21.0195 5412  [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
07:51:21.0221 5412  AmdK8 - ok
07:51:21.0388 5412  [ F59A32A90C4F96189CD74473F7BE572B ] amdkmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
07:51:21.0609 5412  amdkmdag - ok
07:51:21.0640 5412  [ 0327723D45A7BB7C1FE4835EB784AC61 ] amdkmdap        C:\Windows\system32\DRIVERS\atikmpag.sys
07:51:21.0658 5412  amdkmdap - ok
07:51:21.0691 5412  [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM          C:\Windows\system32\drivers\amdppm.sys
07:51:21.0721 5412  AmdPPM - ok
07:51:21.0751 5412  [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata        C:\Windows\system32\drivers\amdsata.sys
07:51:21.0751 5412  amdsata - ok
07:51:21.0761 5412  [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs          C:\Windows\system32\drivers\amdsbs.sys
07:51:21.0771 5412  amdsbs - ok
07:51:21.0781 5412  [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata        C:\Windows\system32\drivers\amdxata.sys
07:51:21.0791 5412  amdxata - ok
07:51:21.0821 5412  [ 4DE0D5D747A73797C95A97DCCE5018B5 ] androidusb      C:\Windows\system32\Drivers\ssadadb.sys
07:51:21.0861 5412  androidusb - ok
07:51:21.0901 5412  [ 89A69C3F2F319B43379399547526D952 ] AppID          C:\Windows\system32\drivers\appid.sys
07:51:22.0041 5412  AppID - ok
07:51:22.0081 5412  [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc        C:\Windows\System32\appidsvc.dll
07:51:22.0121 5412  AppIDSvc - ok
07:51:22.0151 5412  [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo        C:\Windows\System32\appinfo.dll
07:51:22.0191 5412  Appinfo - ok
07:51:22.0211 5412  [ C484F8CEB1717C540242531DB7845C4E ] arc            C:\Windows\system32\drivers\arc.sys
07:51:22.0221 5412  arc - ok
07:51:22.0221 5412  [ 019AF6924AEFE7839F61C830227FE79C ] arcsas          C:\Windows\system32\drivers\arcsas.sys
07:51:22.0231 5412  arcsas - ok
07:51:22.0241 5412  [ D6D2BB2F4F5868549DDE75F3146BC84E ] asmthub3        C:\Windows\system32\drivers\asmthub3.sys
07:51:22.0281 5412  asmthub3 - ok
07:51:22.0301 5412  [ 1E758172367DC2A3653F16586D62A3F0 ] asmtxhci        C:\Windows\system32\drivers\asmtxhci.sys
07:51:22.0341 5412  asmtxhci - ok
07:51:22.0351 5412  [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
07:51:22.0411 5412  AsyncMac - ok
07:51:22.0491 5412  [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi          C:\Windows\system32\drivers\atapi.sys
07:51:22.0511 5412  atapi - ok
07:51:22.0551 5412  [ DBB487D09F56C674430AC454FD8BCAB9 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
07:51:22.0561 5412  AtiHDAudioService - ok
07:51:22.0581 5412  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
07:51:22.0641 5412  AudioEndpointBuilder - ok
07:51:22.0651 5412  [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
07:51:22.0671 5412  AudioSrv - ok
07:51:22.0681 5412  [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV        C:\Windows\System32\AxInstSV.dll
07:51:22.0751 5412  AxInstSV - ok
07:51:22.0771 5412  [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv        C:\Windows\system32\drivers\bxvbda.sys
07:51:22.0801 5412  b06bdrv - ok
07:51:22.0831 5412  [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a        C:\Windows\system32\DRIVERS\b57nd60a.sys
07:51:22.0871 5412  b57nd60a - ok
07:51:22.0901 5412  [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC          C:\Windows\System32\bdesvc.dll
07:51:22.0941 5412  BDESVC - ok
07:51:22.0961 5412  [ 16A47CE2DECC9B099349A5F840654746 ] Beep            C:\Windows\system32\drivers\Beep.sys
07:51:23.0021 5412  Beep - ok
07:51:23.0051 5412  [ 82974D6A2FD19445CC5171FC378668A4 ] BFE            C:\Windows\System32\bfe.dll
07:51:23.0121 5412  BFE - ok
07:51:23.0161 5412  [ 1EA7969E3271CBC59E1730697DC74682 ] BITS            C:\Windows\System32\qmgr.dll
07:51:23.0211 5412  BITS - ok
07:51:23.0241 5412  [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
07:51:23.0271 5412  blbdrive - ok
07:51:23.0301 5412  [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
07:51:23.0351 5412  bowser - ok
07:51:23.0361 5412  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\BrFiltLo.sys
07:51:23.0391 5412  BrFiltLo - ok
07:51:23.0411 5412  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\BrFiltUp.sys
07:51:23.0451 5412  BrFiltUp - ok
07:51:23.0491 5412  [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser        C:\Windows\System32\browser.dll
07:51:23.0521 5412  Browser - ok
07:51:23.0531 5412  [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid        C:\Windows\System32\Drivers\Brserid.sys
07:51:23.0591 5412  Brserid - ok
07:51:23.0601 5412  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\System32\Drivers\BrSerWdm.sys
07:51:23.0621 5412  BrSerWdm - ok
07:51:23.0651 5412  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\System32\Drivers\BrUsbMdm.sys
07:51:23.0681 5412  BrUsbMdm - ok
07:51:23.0701 5412  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\System32\Drivers\BrUsbSer.sys
07:51:23.0721 5412  BrUsbSer - ok
07:51:23.0741 5412  [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
07:51:23.0761 5412  BTHMODEM - ok
07:51:23.0791 5412  [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv        C:\Windows\system32\bthserv.dll
07:51:23.0811 5412  bthserv - ok
07:51:23.0841 5412  [ B8BD2BB284668C84865658C77574381A ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
07:51:23.0901 5412  cdfs - ok
07:51:23.0921 5412  [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
07:51:23.0951 5412  cdrom - ok
07:51:23.0971 5412  [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc    C:\Windows\System32\certprop.dll
07:51:24.0031 5412  CertPropSvc - ok
07:51:24.0041 5412  [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass        C:\Windows\system32\drivers\circlass.sys
07:51:24.0071 5412  circlass - ok
07:51:24.0101 5412  [ FE1EC06F2253F691FE36217C592A0206 ] CLFS            C:\Windows\system32\CLFS.sys
07:51:24.0121 5412  CLFS - ok
07:51:24.0181 5412  [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
07:51:24.0191 5412  clr_optimization_v2.0.50727_32 - ok
07:51:24.0231 5412  [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
07:51:24.0241 5412  clr_optimization_v2.0.50727_64 - ok
07:51:24.0301 5412  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
07:51:24.0311 5412  clr_optimization_v4.0.30319_32 - ok
07:51:24.0341 5412  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
07:51:24.0351 5412  clr_optimization_v4.0.30319_64 - ok
07:51:24.0381 5412  [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt          C:\Windows\system32\drivers\CmBatt.sys
07:51:24.0401 5412  CmBatt - ok
07:51:24.0421 5412  [ E19D3F095812725D88F9001985B94EDD ] cmdide          C:\Windows\system32\drivers\cmdide.sys
07:51:24.0431 5412  cmdide - ok
07:51:24.0471 5412  [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG            C:\Windows\system32\Drivers\cng.sys
07:51:24.0501 5412  CNG - ok
07:51:24.0531 5412  [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt        C:\Windows\system32\drivers\compbatt.sys
07:51:24.0541 5412  Compbatt - ok
07:51:24.0561 5412  [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus    C:\Windows\system32\drivers\CompositeBus.sys
07:51:24.0591 5412  CompositeBus - ok
07:51:24.0591 5412  COMSysApp - ok
07:51:24.0601 5412  [ 1C827878A998C18847245FE1F34EE597 ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
07:51:24.0611 5412  crcdisk - ok
07:51:24.0681 5412  [ 4F5414602E2544A4554D95517948B705 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
07:51:24.0731 5412  CryptSvc - ok
07:51:24.0761 5412  [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch      C:\Windows\system32\rpcss.dll
07:51:24.0841 5412  DcomLaunch - ok
07:51:24.0861 5412  [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc      C:\Windows\System32\defragsvc.dll
07:51:24.0901 5412  defragsvc - ok
07:51:24.0941 5412  [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
07:51:25.0001 5412  DfsC - ok
07:51:25.0041 5412  [ 6060106CE00F32F63F1A73160E46E9D2 ] dg_ssudbus      C:\Windows\system32\DRIVERS\ssudbus.sys
07:51:25.0061 5412  dg_ssudbus - ok
07:51:25.0081 5412  [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp            C:\Windows\system32\dhcpcore.dll
07:51:25.0131 5412  Dhcp - ok
07:51:25.0141 5412  [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache        C:\Windows\system32\drivers\discache.sys
07:51:25.0201 5412  discache - ok
07:51:25.0211 5412  [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk            C:\Windows\system32\drivers\disk.sys
07:51:25.0221 5412  Disk - ok
07:51:25.0231 5412  [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
07:51:25.0271 5412  Dnscache - ok
07:51:25.0281 5412  [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc        C:\Windows\System32\dot3svc.dll
07:51:25.0351 5412  dot3svc - ok
07:51:25.0351 5412  [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS            C:\Windows\system32\dps.dll
07:51:25.0391 5412  DPS - ok
07:51:25.0421 5412  [ 9B19F34400D24DF84C858A421C205754 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
07:51:25.0451 5412  drmkaud - ok
07:51:25.0501 5412  [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01    C:\Windows\system32\DRIVERS\dtsoftbus01.sys
07:51:25.0521 5412  dtsoftbus01 - ok
07:51:25.0561 5412  [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
07:51:25.0591 5412  DXGKrnl - ok
07:51:25.0601 5412  [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost        C:\Windows\System32\eapsvc.dll
07:51:25.0651 5412  EapHost - ok
07:51:25.0711 5412  [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv          C:\Windows\system32\drivers\evbda.sys
07:51:25.0781 5412  ebdrv - ok
07:51:25.0801 5412  [ C118A82CD78818C29AB228366EBF81C3 ] EFS            C:\Windows\System32\lsass.exe
07:51:25.0851 5412  EFS - ok
07:51:25.0891 5412  [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
07:51:25.0971 5412  ehRecvr - ok
07:51:25.0991 5412  [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched        C:\Windows\ehome\ehsched.exe
07:51:26.0021 5412  ehSched - ok
07:51:26.0051 5412  [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
07:51:26.0071 5412  elxstor - ok
07:51:26.0101 5412  [ 34A3C54752046E79A126E15C51DB409B ] ErrDev          C:\Windows\system32\drivers\errdev.sys
07:51:26.0131 5412  ErrDev - ok
07:51:26.0201 5412  [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem    C:\Windows\system32\es.dll
07:51:26.0261 5412  EventSystem - ok
07:51:26.0308 5412  [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat          C:\Windows\system32\drivers\exfat.sys
07:51:26.0373 5412  exfat - ok
07:51:26.0393 5412  [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat        C:\Windows\system32\drivers\fastfat.sys
07:51:26.0448 5412  fastfat - ok
07:51:26.0478 5412  [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax            C:\Windows\system32\fxssvc.exe
07:51:26.0543 5412  Fax - ok
07:51:26.0563 5412  [ D765D19CD8EF61F650C384F62FAC00AB ] fdc            C:\Windows\system32\drivers\fdc.sys
07:51:26.0593 5412  fdc - ok
07:51:26.0613 5412  [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost        C:\Windows\system32\fdPHost.dll
07:51:26.0683 5412  fdPHost - ok
07:51:26.0688 5412  [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub        C:\Windows\system32\fdrespub.dll
07:51:26.0723 5412  FDResPub - ok
07:51:26.0743 5412  [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
07:51:26.0753 5412  FileInfo - ok
07:51:26.0758 5412  [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
07:51:26.0823 5412  Filetrace - ok
07:51:26.0843 5412  [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk        C:\Windows\system32\drivers\flpydisk.sys
07:51:26.0868 5412  flpydisk - ok
07:51:26.0888 5412  [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
07:51:26.0908 5412  FltMgr - ok
07:51:26.0948 5412  [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache      C:\Windows\system32\FntCache.dll
07:51:27.0013 5412  FontCache - ok
07:51:27.0068 5412  [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
07:51:27.0078 5412  FontCache3.0.0.0 - ok
07:51:27.0083 5412  [ D43703496149971890703B4B1B723EAC ] FsDepends      C:\Windows\system32\drivers\FsDepends.sys
07:51:27.0098 5412  FsDepends - ok
07:51:27.0128 5412  [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
07:51:27.0138 5412  Fs_Rec - ok
07:51:27.0153 5412  [ 1F7B25B858FA27015169FE95E54108ED ] fvevol          C:\Windows\system32\DRIVERS\fvevol.sys
07:51:27.0178 5412  fvevol - ok
07:51:27.0198 5412  [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
07:51:27.0208 5412  gagp30kx - ok
07:51:27.0228 5412  [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc          C:\Windows\System32\gpsvc.dll
07:51:27.0283 5412  gpsvc - ok
07:51:27.0308 5412  [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir        C:\Windows\system32\drivers\hcw85cir.sys
07:51:27.0323 5412  hcw85cir - ok
07:51:27.0353 5412  [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
07:51:27.0393 5412  HdAudAddService - ok
07:51:27.0423 5412  [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
07:51:27.0453 5412  HDAudBus - ok
07:51:27.0473 5412  [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt        C:\Windows\system32\drivers\HidBatt.sys
07:51:27.0508 5412  HidBatt - ok
07:51:27.0523 5412  [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth          C:\Windows\system32\drivers\hidbth.sys
07:51:27.0568 5412  HidBth - ok
07:51:27.0593 5412  [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr          C:\Windows\system32\drivers\hidir.sys
07:51:27.0613 5412  HidIr - ok
07:51:27.0618 5412  [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv        C:\Windows\system32\hidserv.dll
07:51:27.0663 5412  hidserv - ok
07:51:27.0673 5412  [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
07:51:27.0693 5412  HidUsb - ok
07:51:27.0703 5412  [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc          C:\Windows\system32\kmsvc.dll
07:51:27.0748 5412  hkmsvc - ok
07:51:27.0768 5412  [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
07:51:27.0828 5412  HomeGroupListener - ok
07:51:27.0853 5412  [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
07:51:27.0883 5412  HomeGroupProvider - ok
07:51:27.0953 5412  [ 0A3C6AA4A9FC38C20BA4EAC2C3351C05 ] hpqcxs08        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
07:51:27.0978 5412  hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
07:51:27.0978 5412  hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
07:51:28.0003 5412  [ F3F72A2A86C22610BCA5439FA789DD52 ] hpqddsvc        C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
07:51:28.0008 5412  hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
07:51:28.0008 5412  hpqddsvc - detected UnsignedFile.Multi.Generic (1)
07:51:28.0023 5412  [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD          C:\Windows\system32\drivers\HpSAMD.sys
07:51:28.0038 5412  HpSAMD - ok
07:51:28.0068 5412  [ D972F48D0CE396759B788693CD665926 ] HPSLPSVC        C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
07:51:28.0083 5412  HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
07:51:28.0083 5412  HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
07:51:28.0123 5412  [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
07:51:28.0183 5412  HTTP - ok
07:51:28.0198 5412  [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy        C:\Windows\system32\drivers\hwpolicy.sys
07:51:28.0208 5412  hwpolicy - ok
07:51:28.0223 5412  [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt        C:\Windows\system32\drivers\i8042prt.sys
07:51:28.0233 5412  i8042prt - ok
07:51:28.0253 5412  [ 2FDAEC4B02729C48C0FD1B0B4695995B ] iaStor          C:\Windows\system32\drivers\iaStor.sys
07:51:28.0268 5412  iaStor - ok
07:51:28.0338 5412  [ D41861E56E7552C13674D7F147A02464 ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
07:51:28.0354 5412  IAStorDataMgrSvc - ok
07:51:28.0370 5412  [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV        C:\Windows\system32\drivers\iaStorV.sys
07:51:28.0395 5412  iaStorV - ok
07:51:28.0445 5412  [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
07:51:28.0465 5412  idsvc - ok
07:51:28.0585 5412  [ A87261EF1546325B559374F5689CF5BC ] igfx            C:\Windows\system32\DRIVERS\igdkmd64.sys
07:51:28.0725 5412  igfx - ok
07:51:28.0745 5412  [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
07:51:28.0755 5412  iirsp - ok
07:51:28.0785 5412  [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT          C:\Windows\System32\ikeext.dll
07:51:28.0825 5412  IKEEXT - ok
07:51:28.0915 5412  [ CB7DADEF3D83FE2C12655A0BDCBA99F2 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
07:51:28.0965 5412  IntcAzAudAddService - ok
07:51:28.0975 5412  [ F00F20E70C6EC3AA366910083A0518AA ] intelide        C:\Windows\system32\drivers\intelide.sys
07:51:28.0985 5412  intelide - ok
07:51:29.0005 5412  [ ADA036632C664CAA754079041CF1F8C1 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
07:51:29.0025 5412  intelppm - ok
07:51:29.0045 5412  [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
07:51:29.0095 5412  IPBusEnum - ok
07:51:29.0125 5412  [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
07:51:29.0155 5412  IpFilterDriver - ok
07:51:29.0195 5412  [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
07:51:29.0245 5412  iphlpsvc - ok
07:51:29.0275 5412  [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV        C:\Windows\system32\drivers\IPMIDrv.sys
07:51:29.0295 5412  IPMIDRV - ok
07:51:29.0325 5412  [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT          C:\Windows\system32\drivers\ipnat.sys
07:51:29.0365 5412  IPNAT - ok
07:51:29.0395 5412  [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM          C:\Windows\system32\drivers\irenum.sys
07:51:29.0415 5412  IRENUM - ok
07:51:29.0435 5412  [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp          C:\Windows\system32\drivers\isapnp.sys
07:51:29.0445 5412  isapnp - ok
07:51:29.0455 5412  [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt        C:\Windows\system32\drivers\msiscsi.sys
07:51:29.0465 5412  iScsiPrt - ok
07:51:29.0475 5412  [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
07:51:29.0485 5412  kbdclass - ok
07:51:29.0495 5412  [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
07:51:29.0505 5412  kbdhid - ok
07:51:29.0525 5412  [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso          C:\Windows\system32\lsass.exe
07:51:29.0525 5412  KeyIso - ok
07:51:29.0555 5412  [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
07:51:29.0565 5412  KSecDD - ok
07:51:29.0585 5412  [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg        C:\Windows\system32\Drivers\ksecpkg.sys
07:51:29.0595 5412  KSecPkg - ok
07:51:29.0605 5412  [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
07:51:29.0645 5412  ksthunk - ok
07:51:29.0675 5412  [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm          C:\Windows\system32\msdtckrm.dll
07:51:29.0725 5412  KtmRm - ok
07:51:29.0745 5412  [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer    C:\Windows\system32\srvsvc.dll
07:51:29.0785 5412  LanmanServer - ok
07:51:29.0815 5412  [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
07:51:29.0845 5412  LanmanWorkstation - ok
07:51:29.0885 5412  Lexware_Datenbank_Plus - ok
07:51:29.0905 5412  [ 1538831CF8AD2979A04C423779465827 ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
07:51:29.0965 5412  lltdio - ok
07:51:29.0995 5412  [ C1185803384AB3FEED115F79F109427F ] lltdsvc        C:\Windows\System32\lltdsvc.dll
07:51:30.0035 5412  lltdsvc - ok
07:51:30.0055 5412  [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts        C:\Windows\System32\lmhsvc.dll
07:51:30.0095 5412  lmhosts - ok
07:51:30.0135 5412  [ 1584DEEAE5AA0E3FB045F3D0EAC585EA ] LMS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
07:51:30.0155 5412  LMS - ok
07:51:30.0175 5412  [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
07:51:30.0195 5412  LSI_FC - ok
07:51:30.0215 5412  [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
07:51:30.0235 5412  LSI_SAS - ok
07:51:30.0245 5412  [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2        C:\Windows\system32\drivers\lsi_sas2.sys
07:51:30.0255 5412  LSI_SAS2 - ok
07:51:30.0265 5412  [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
07:51:30.0275 5412  LSI_SCSI - ok
07:51:30.0305 5412  [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv          C:\Windows\system32\drivers\luafv.sys
07:51:30.0345 5412  luafv - ok
07:51:30.0385 5412  [ 0C85B2B6FB74B36A251792D45E0EF860 ] LVRS64          C:\Windows\system32\DRIVERS\lvrs64.sys
07:51:30.0405 5412  LVRS64 - ok
07:51:30.0495 5412  [ FF3A488924B0032B1A9CA6948C1FA9E8 ] LVUVC64        C:\Windows\system32\DRIVERS\lvuvc64.sys
07:51:30.0555 5412  LVUVC64 - ok
07:51:30.0575 5412  [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector  C:\Windows\system32\drivers\mbam.sys
07:51:30.0585 5412  MBAMProtector - ok
07:51:30.0625 5412  [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler  C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
07:51:30.0645 5412  MBAMScheduler - ok
07:51:30.0655 5412  [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
07:51:30.0675 5412  MBAMService - ok
07:51:30.0705 5412  [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
07:51:30.0725 5412  Mcx2Svc - ok
07:51:30.0755 5412  [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas        C:\Windows\system32\drivers\megasas.sys
07:51:30.0765 5412  megasas - ok
07:51:30.0795 5412  [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR          C:\Windows\system32\drivers\MegaSR.sys
07:51:30.0805 5412  MegaSR - ok
07:51:30.0835 5412  [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64          C:\Windows\system32\drivers\HECIx64.sys
07:51:30.0845 5412  MEIx64 - ok
07:51:30.0885 5412  [ 8A43D23ACE2E8C95A2D87B6E9599DEDA ] MemeoBackgroundService C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
07:51:30.0895 5412  MemeoBackgroundService - ok
07:51:30.0895 5412  [ E40E80D0304A73E8D269F7141D77250B ] MMCSS          C:\Windows\system32\mmcss.dll
07:51:30.0955 5412  MMCSS - ok
07:51:30.0975 5412  [ 800BA92F7010378B09F9ED9270F07137 ] Modem          C:\Windows\system32\drivers\modem.sys
07:51:31.0015 5412  Modem - ok
07:51:31.0035 5412  [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
07:51:31.0075 5412  monitor - ok
07:51:31.0095 5412  [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
07:51:31.0115 5412  mouclass - ok
07:51:31.0135 5412  [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
07:51:31.0175 5412  mouhid - ok
07:51:31.0205 5412  [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr        C:\Windows\system32\drivers\mountmgr.sys
07:51:31.0215 5412  mountmgr - ok
07:51:31.0255 5412  [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
07:51:31.0275 5412  MozillaMaintenance - ok
07:51:31.0305 5412  [ 94C66EDEDCDB6A126880472F9A704D8E ] MpFilter        C:\Windows\system32\DRIVERS\MpFilter.sys
07:51:31.0325 5412  MpFilter - ok
07:51:31.0335 5412  [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio            C:\Windows\system32\drivers\mpio.sys
07:51:31.0355 5412  mpio - ok
07:51:31.0375 5412  [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
07:51:31.0425 5412  mpsdrv - ok
07:51:31.0475 5412  [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc          C:\Windows\system32\mpssvc.dll
07:51:31.0545 5412  MpsSvc - ok
07:51:31.0555 5412  [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
07:51:31.0595 5412  MRxDAV - ok
07:51:31.0625 5412  [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
07:51:31.0665 5412  mrxsmb - ok
07:51:31.0675 5412  [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
07:51:31.0715 5412  mrxsmb10 - ok
07:51:31.0735 5412  [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
07:51:31.0775 5412  mrxsmb20 - ok
07:51:31.0805 5412  [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci          C:\Windows\system32\drivers\msahci.sys
07:51:31.0815 5412  msahci - ok
07:51:31.0835 5412  [ DB801A638D011B9633829EB6F663C900 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
07:51:31.0855 5412  msdsm - ok
07:51:31.0875 5412  [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC          C:\Windows\System32\msdtc.exe
07:51:31.0895 5412  MSDTC - ok
07:51:31.0915 5412  [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs            C:\Windows\system32\drivers\Msfs.sys
07:51:31.0975 5412  Msfs - ok
07:51:31.0985 5412  [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf      C:\Windows\System32\drivers\mshidkmdf.sys
07:51:32.0025 5412  mshidkmdf - ok
07:51:32.0035 5412  [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
07:51:32.0045 5412  msisadrv - ok
07:51:32.0075 5412  [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
07:51:32.0125 5412  MSiSCSI - ok
07:51:32.0125 5412  msiserver - ok
07:51:32.0155 5412  [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
07:51:32.0195 5412  MSKSSRV - ok
07:51:32.0265 5412  [ 59FAAF2C83C8169EA20F9E335E418907 ] MsMpSvc        c:\Program Files\Microsoft Security Client\MsMpEng.exe
07:51:32.0275 5412  MsMpSvc - ok
07:51:32.0295 5412  [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
07:51:32.0345 5412  MSPCLOCK - ok
07:51:32.0345 5412  [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
07:51:32.0375 5412  MSPQM - ok
07:51:32.0395 5412  [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
07:51:32.0405 5412  MsRPC - ok
07:51:32.0435 5412  [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios        C:\Windows\system32\drivers\mssmbios.sys
07:51:32.0445 5412  mssmbios - ok
07:51:32.0445 5412  [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
07:51:32.0485 5412  MSTEE - ok
07:51:32.0505 5412  [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig        C:\Windows\system32\drivers\MTConfig.sys
07:51:32.0545 5412  MTConfig - ok
07:51:32.0555 5412  [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup            C:\Windows\system32\Drivers\mup.sys
07:51:32.0565 5412  Mup - ok
07:51:32.0595 5412  [ 582AC6D9873E31DFA28A4547270862DD ] napagent        C:\Windows\system32\qagentRT.dll
07:51:32.0655 5412  napagent - ok
07:51:32.0675 5412  [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
07:51:32.0705 5412  NativeWifiP - ok
07:51:32.0755 5412  [ 760E38053BF56E501D562B70AD796B88 ] NDIS            C:\Windows\system32\drivers\ndis.sys
07:51:32.0785 5412  NDIS - ok
07:51:32.0805 5412  [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap        C:\Windows\system32\DRIVERS\ndiscap.sys
07:51:32.0825 5412  NdisCap - ok
07:51:32.0855 5412  [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
07:51:32.0885 5412  NdisTapi - ok
07:51:32.0905 5412  [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
07:51:32.0935 5412  Ndisuio - ok
07:51:32.0935 5412  [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
07:51:32.0965 5412  NdisWan - ok
07:51:32.0985 5412  [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
07:51:33.0025 5412  NDProxy - ok
07:51:33.0065 5412  [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
07:51:33.0075 5412  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
07:51:33.0075 5412  Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
07:51:33.0095 5412  [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
07:51:33.0145 5412  NetBIOS - ok
07:51:33.0165 5412  [ 09594D1089C523423B32A4229263F068 ] NetBT          C:\Windows\system32\DRIVERS\netbt.sys
07:51:33.0215 5412  NetBT - ok
07:51:33.0215 5412  [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon        C:\Windows\system32\lsass.exe
07:51:33.0225 5412  Netlogon - ok
07:51:33.0255 5412  [ 847D3AE376C0817161A14A82C8922A9E ] Netman          C:\Windows\System32\netman.dll
07:51:33.0325 5412  Netman - ok
07:51:33.0335 5412  [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm        C:\Windows\System32\netprofm.dll
07:51:33.0385 5412  netprofm - ok
07:51:33.0395 5412  [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
07:51:33.0405 5412  NetTcpPortSharing - ok
07:51:33.0425 5412  [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
07:51:33.0425 5412  nfrd960 - ok
07:51:33.0465 5412  [ 91B4E0273D2F6C24EF845F2B41311289 ] NisDrv          C:\Windows\system32\DRIVERS\NisDrvWFP.sys
07:51:33.0485 5412  NisDrv - ok
07:51:33.0505 5412  [ 10A43829A9E606AF3EEF25A1C1665923 ] NisSrv          c:\Program Files\Microsoft Security Client\NisSrv.exe
07:51:33.0525 5412  NisSrv - ok
07:51:33.0555 5412  [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc          C:\Windows\System32\nlasvc.dll
07:51:33.0595 5412  NlaSvc - ok
07:51:33.0605 5412  [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
07:51:33.0625 5412  Npfs - ok
07:51:33.0645 5412  [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi            C:\Windows\system32\nsisvc.dll
07:51:33.0685 5412  nsi - ok
07:51:33.0695 5412  [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
07:51:33.0745 5412  nsiproxy - ok
07:51:33.0795 5412  [ A2F74975097F52A00745F9637451FDD8 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
07:51:33.0845 5412  Ntfs - ok
07:51:33.0855 5412  [ 9899284589F75FA8724FF3D16AED75C1 ] Null            C:\Windows\system32\drivers\Null.sys
07:51:33.0885 5412  Null - ok
07:51:33.0905 5412  [ 0A92CB65770442ED0DC44834632F66AD ] nvraid          C:\Windows\system32\drivers\nvraid.sys
07:51:33.0921 5412  nvraid - ok
07:51:33.0936 5412  [ DAB0E87525C10052BF65F06152F37E4A ] nvstor          C:\Windows\system32\drivers\nvstor.sys
07:51:33.0952 5412  nvstor - ok
07:51:33.0952 5412  [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
07:51:33.0968 5412  nv_agp - ok
07:51:33.0978 5412  [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394        C:\Windows\system32\drivers\ohci1394.sys
07:51:33.0998 5412  ohci1394 - ok
07:51:34.0038 5412  [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
07:51:34.0058 5412  ose - ok
07:51:34.0168 5412  [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc        C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
07:51:34.0218 5412  osppsvc - ok
07:51:34.0238 5412  [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc        C:\Windows\system32\pnrpsvc.dll
07:51:34.0258 5412  p2pimsvc - ok
07:51:34.0288 5412  [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc          C:\Windows\system32\p2psvc.dll
07:51:34.0328 5412  p2psvc - ok
07:51:34.0338 5412  [ 0086431C29C35BE1DBC43F52CC273887 ] Parport        C:\Windows\system32\drivers\parport.sys
07:51:34.0368 5412  Parport - ok
07:51:34.0398 5412  [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr        C:\Windows\system32\drivers\partmgr.sys
07:51:34.0408 5412  partmgr - ok
07:51:34.0418 5412  [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc          C:\Windows\System32\pcasvc.dll
07:51:34.0468 5412  PcaSvc - ok
07:51:34.0488 5412  [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci            C:\Windows\system32\drivers\pci.sys
07:51:34.0498 5412  pci - ok
07:51:34.0508 5412  [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide          C:\Windows\system32\drivers\pciide.sys
07:51:34.0518 5412  pciide - ok
07:51:34.0538 5412  [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
07:51:34.0548 5412  pcmcia - ok
07:51:34.0558 5412  [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw            C:\Windows\system32\drivers\pcw.sys
07:51:34.0568 5412  pcw - ok
07:51:34.0588 5412  [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
07:51:34.0618 5412  PEAUTH - ok
07:51:34.0678 5412  [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
07:51:34.0708 5412  PerfHost - ok
07:51:34.0748 5412  [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla            C:\Windows\system32\pla.dll
07:51:34.0828 5412  pla - ok
07:51:34.0858 5412  [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
07:51:34.0878 5412  PlugPlay - ok
07:51:34.0898 5412  [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
07:51:34.0928 5412  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
07:51:34.0928 5412  Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
07:51:34.0938 5412  [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg    C:\Windows\system32\pnrpauto.dll
07:51:34.0978 5412  PNRPAutoReg - ok
07:51:35.0008 5412  [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc        C:\Windows\system32\pnrpsvc.dll
07:51:35.0018 5412  PNRPsvc - ok
07:51:35.0058 5412  [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
07:51:35.0118 5412  PolicyAgent - ok
07:51:35.0148 5412  [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power          C:\Windows\system32\umpo.dll
07:51:35.0188 5412  Power - ok
07:51:35.0218 5412  [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
07:51:35.0258 5412  PptpMiniport - ok
07:51:35.0268 5412  [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor      C:\Windows\system32\drivers\processr.sys
07:51:35.0288 5412  Processor - ok
07:51:35.0318 5412  [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc        C:\Windows\system32\profsvc.dll
07:51:35.0358 5412  ProfSvc - ok
07:51:35.0368 5412  [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
07:51:35.0388 5412  ProtectedStorage - ok
07:51:35.0398 5412  [ 0557CF5A2556BD58E26384169D72438D ] Psched          C:\Windows\system32\DRIVERS\pacer.sys
07:51:35.0448 5412  Psched - ok
07:51:35.0488 5412  [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
07:51:35.0498 5412  PxHlpa64 - ok
07:51:35.0558 5412  [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300          C:\Windows\system32\drivers\ql2300.sys
07:51:35.0608 5412  ql2300 - ok
07:51:35.0618 5412  [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
07:51:35.0618 5412  ql40xx - ok
07:51:35.0648 5412  [ 906191634E99AEA92C4816150BDA3732 ] QWAVE          C:\Windows\system32\qwave.dll
07:51:35.0658 5412  QWAVE - ok
07:51:35.0668 5412  [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
07:51:35.0708 5412  QWAVEdrv - ok
07:51:35.0738 5412  [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
07:51:35.0778 5412  RasAcd - ok
07:51:35.0818 5412  [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn    C:\Windows\system32\DRIVERS\AgileVpn.sys
07:51:35.0868 5412  RasAgileVpn - ok
07:51:35.0888 5412  [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto        C:\Windows\System32\rasauto.dll
07:51:35.0938 5412  RasAuto - ok
07:51:35.0948 5412  [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
07:51:35.0998 5412  Rasl2tp - ok
07:51:36.0018 5412  [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan          C:\Windows\System32\rasmans.dll
07:51:36.0058 5412  RasMan - ok
07:51:36.0068 5412  [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
07:51:36.0108 5412  RasPppoe - ok
07:51:36.0128 5412  [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
07:51:36.0158 5412  RasSstp - ok
07:51:36.0168 5412  [ 77F665941019A1594D887A74F301FA2F ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
07:51:36.0208 5412  rdbss - ok
07:51:36.0238 5412  [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus          C:\Windows\system32\drivers\rdpbus.sys
07:51:36.0268 5412  rdpbus - ok
07:51:36.0298 5412  [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
07:51:36.0328 5412  RDPCDD - ok
07:51:36.0338 5412  [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
07:51:36.0388 5412  RDPENCDD - ok
07:51:36.0408 5412  [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP        C:\Windows\system32\drivers\rdprefmp.sys
07:51:36.0448 5412  RDPREFMP - ok
07:51:36.0468 5412  [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
07:51:36.0498 5412  RDPWD - ok
07:51:36.0518 5412  [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost        C:\Windows\system32\drivers\rdyboost.sys
07:51:36.0538 5412  rdyboost - ok
07:51:36.0548 5412  [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess    C:\Windows\System32\mprdim.dll
07:51:36.0598 5412  RemoteAccess - ok
07:51:36.0618 5412  [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
07:51:36.0668 5412  RemoteRegistry - ok
07:51:36.0678 5412  [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper    C:\Windows\System32\RpcEpMap.dll
07:51:36.0718 5412  RpcEptMapper - ok
07:51:36.0738 5412  [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator      C:\Windows\system32\locator.exe
07:51:36.0768 5412  RpcLocator - ok
07:51:36.0788 5412  [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs          C:\Windows\system32\rpcss.dll
07:51:36.0808 5412  RpcSs - ok
07:51:36.0818 5412  [ DDC86E4F8E7456261E637E3552E804FF ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
07:51:36.0848 5412  rspndr - ok
07:51:36.0888 5412  [ EE082E06A82FF630351D1E0EBBD3D8D0 ] RTL8167        C:\Windows\system32\DRIVERS\Rt64win7.sys
07:51:36.0898 5412  RTL8167 - ok
07:51:36.0938 5412  [ B3F36B4B3F192EA87DDC119F3A0B3E45 ] RTL8192su      C:\Windows\system32\DRIVERS\RTL8192su.sys
07:51:36.0948 5412  RTL8192su - ok
07:51:36.0968 5412  [ C118A82CD78818C29AB228366EBF81C3 ] SamSs          C:\Windows\system32\lsass.exe
07:51:36.0978 5412  SamSs - ok
07:51:36.0988 5412  [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
07:51:36.0998 5412  sbp2port - ok
07:51:37.0008 5412  [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr        C:\Windows\System32\SCardSvr.dll
07:51:37.0028 5412  SCardSvr - ok
07:51:37.0048 5412  [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter        C:\Windows\system32\DRIVERS\scfilter.sys
07:51:37.0088 5412  scfilter - ok
07:51:37.0108 5412  [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule        C:\Windows\system32\schedsvc.dll
07:51:37.0168 5412  Schedule - ok
07:51:37.0188 5412  [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc    C:\Windows\System32\certprop.dll
07:51:37.0228 5412  SCPolicySvc - ok
07:51:37.0238 5412  [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
07:51:37.0298 5412  SDRSVC - ok
07:51:37.0318 5412  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
07:51:37.0378 5412  secdrv - ok
07:51:37.0388 5412  [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon        C:\Windows\system32\seclogon.dll
07:51:37.0428 5412  seclogon - ok
07:51:37.0448 5412  [ C32AB8FA018EF34C0F113BD501436D21 ] SENS            C:\Windows\System32\sens.dll
07:51:37.0498 5412  SENS - ok
07:51:37.0518 5412  [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc        C:\Windows\system32\sensrsvc.dll
07:51:37.0568 5412  SensrSvc - ok
07:51:37.0598 5412  [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum        C:\Windows\system32\drivers\serenum.sys
07:51:37.0628 5412  Serenum - ok
07:51:37.0658 5412  [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial          C:\Windows\system32\drivers\serial.sys
07:51:37.0698 5412  Serial - ok
07:51:37.0748 5412  [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse        C:\Windows\system32\drivers\sermouse.sys
07:51:37.0778 5412  sermouse - ok
07:51:37.0808 5412  [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv      C:\Windows\system32\sessenv.dll
07:51:37.0858 5412  SessionEnv - ok
07:51:37.0878 5412  [ A554811BCD09279536440C964AE35BBF ] sffdisk        C:\Windows\system32\drivers\sffdisk.sys
07:51:37.0888 5412  sffdisk - ok
07:51:37.0898 5412  [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
07:51:37.0908 5412  sffp_mmc - ok
07:51:37.0908 5412  [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd        C:\Windows\system32\drivers\sffp_sd.sys
07:51:37.0928 5412  sffp_sd - ok
07:51:37.0958 5412  [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
07:51:37.0988 5412  sfloppy - ok
07:51:38.0028 5412  [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess    C:\Windows\System32\ipnathlp.dll
07:51:38.0068 5412  SharedAccess - ok
07:51:38.0078 5412  [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
07:51:38.0118 5412  ShellHWDetection - ok
07:51:38.0138 5412  [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2        C:\Windows\system32\drivers\SiSRaid2.sys
07:51:38.0148 5412  SiSRaid2 - ok
07:51:38.0148 5412  [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
07:51:38.0158 5412  SiSRaid4 - ok
07:51:38.0188 5412  [ DDAA5F4A6B958FC313EBD02DD925752F ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
07:51:38.0208 5412  SkypeUpdate - ok
07:51:38.0238 5412  [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
07:51:38.0288 5412  Smb - ok
07:51:38.0318 5412  [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
07:51:38.0348 5412  SNMPTRAP - ok
07:51:38.0368 5412  [ B9E31E5CACDFE584F34F730A677803F9 ] spldr          C:\Windows\system32\drivers\spldr.sys
07:51:38.0378 5412  spldr - ok
07:51:38.0408 5412  [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler        C:\Windows\System32\spoolsv.exe
07:51:38.0468 5412  Spooler - ok
07:51:38.0538 5412  [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc          C:\Windows\system32\sppsvc.exe
07:51:38.0628 5412  sppsvc - ok
07:51:38.0648 5412  [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify    C:\Windows\system32\sppuinotify.dll
07:51:38.0698 5412  sppuinotify - ok
07:51:38.0738 5412  [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv            C:\Windows\system32\DRIVERS\srv.sys
07:51:38.0778 5412  srv - ok
07:51:38.0788 5412  [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
07:51:38.0828 5412  srv2 - ok
07:51:38.0848 5412  [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
07:51:38.0888 5412  srvnet - ok
07:51:38.0918 5412  [ 8F8324ED1DE63FFC7B1A02CD2D963C72 ] ssadbus        C:\Windows\system32\DRIVERS\ssadbus.sys
07:51:38.0958 5412  ssadbus - ok
07:51:38.0968 5412  [ 58221EFCB74167B73667F0024C661CE0 ] ssadmdfl        C:\Windows\system32\DRIVERS\ssadmdfl.sys
07:51:39.0008 5412  ssadmdfl - ok
07:51:39.0028 5412  [ 4DA7C71BFAC5AD71255B7E4CAB980163 ] ssadmdm        C:\Windows\system32\DRIVERS\ssadmdm.sys
07:51:39.0058 5412  ssadmdm - ok
07:51:39.0088 5412  [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus        C:\Windows\system32\DRIVERS\sscdbus.sys
07:51:39.0098 5412  sscdbus - ok
07:51:39.0118 5412  [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl        C:\Windows\system32\DRIVERS\sscdmdfl.sys
07:51:39.0128 5412  sscdmdfl - ok
07:51:39.0148 5412  [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm        C:\Windows\system32\DRIVERS\sscdmdm.sys
07:51:39.0158 5412  sscdmdm - ok
07:51:39.0188 5412  [ F74634F46692C8315E7F37F698AF3225 ] sscebus        C:\Windows\system32\DRIVERS\sscebus.sys
07:51:39.0198 5412  sscebus - ok
07:51:39.0218 5412  [ 82732B391EFD69B0548044BE9CB37BFC ] sscemdfl        C:\Windows\system32\DRIVERS\sscemdfl.sys
07:51:39.0228 5412  sscemdfl - ok
07:51:39.0248 5412  [ 43D56ACE4469D90F9790E8352D87D9B5 ] sscemdm        C:\Windows\system32\DRIVERS\sscemdm.sys
07:51:39.0268 5412  sscemdm - ok
07:51:39.0298 5412  [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
07:51:39.0348 5412  SSDPSRV - ok
07:51:39.0358 5412  [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc        C:\Windows\system32\sstpsvc.dll
07:51:39.0388 5412  SstpSvc - ok
07:51:39.0398 5412  [ 855335BF5792E56164F98C012E3D92DD ] ssudmdm        C:\Windows\system32\DRIVERS\ssudmdm.sys
07:51:39.0408 5412  ssudmdm - ok
07:51:39.0438 5412  [ F3817967ED533D08327DC73BC4D5542A ] stexstor        C:\Windows\system32\drivers\stexstor.sys
07:51:39.0448 5412  stexstor - ok
07:51:39.0468 5412  [ DECACB6921DED1A38642642685D77DAC ] StillCam        C:\Windows\system32\DRIVERS\serscan.sys
07:51:39.0498 5412  StillCam - ok
07:51:39.0538 5412  [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc          C:\Windows\System32\wiaservc.dll
07:51:39.0578 5412  stisvc - ok
07:51:39.0628 5412  [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum          C:\Windows\system32\drivers\swenum.sys
07:51:39.0638 5412  swenum - ok
07:51:39.0658 5412  [ E08E46FDD841B7184194011CA1955A0B ] swprv          C:\Windows\System32\swprv.dll
07:51:39.0718 5412  swprv - ok
07:51:39.0758 5412  [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain        C:\Windows\system32\sysmain.dll
07:51:39.0828 5412  SysMain - ok
07:51:39.0838 5412  [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
07:51:39.0868 5412  TabletInputService - ok
07:51:40.0028 5412  [ C4C20CFA4F42E9B7454E895C5C47BCD3 ] TabletServicePen C:\Program Files\Tablet\Pen\Pen_Tablet.exe
07:51:40.0098 5412  TabletServicePen - ok
07:51:40.0108 5412  [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv        C:\Windows\System32\tapisrv.dll
07:51:40.0138 5412  TapiSrv - ok
07:51:40.0148 5412  [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS            C:\Windows\System32\tbssvc.dll
07:51:40.0178 5412  TBS - ok
07:51:40.0218 5412  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
07:51:40.0268 5412  Tcpip - ok
07:51:40.0308 5412  [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6          C:\Windows\system32\DRIVERS\tcpip.sys
07:51:40.0338 5412  TCPIP6 - ok
07:51:40.0368 5412  [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
07:51:40.0408 5412  tcpipreg - ok
07:51:40.0428 5412  [ 3371D21011695B16333A3934340C4E7C ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
07:51:40.0458 5412  TDPIPE - ok
07:51:40.0478 5412  [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
07:51:40.0488 5412  TDTCP - ok
07:51:40.0508 5412  [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
07:51:40.0558 5412  tdx - ok
07:51:40.0588 5412  [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD          C:\Windows\system32\drivers\termdd.sys
07:51:40.0598 5412  TermDD - ok
07:51:40.0618 5412  [ 2E648163254233755035B46DD7B89123 ] TermService    C:\Windows\System32\termsrv.dll
07:51:40.0688 5412  TermService - ok
07:51:40.0698 5412  [ F0344071948D1A1FA732231785A0664C ] Themes          C:\Windows\system32\themeservice.dll
07:51:40.0718 5412  Themes - ok
07:51:40.0738 5412  [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER    C:\Windows\system32\mmcss.dll
07:51:40.0768 5412  THREADORDER - ok
07:51:40.0798 5412  [ 7625DCF246E488E523DC1F64C38ABDA2 ] TouchServicePen C:\Program Files\Tablet\Pen\Pen_TouchService.exe
07:51:40.0828 5412  TouchServicePen - ok
07:51:40.0838 5412  [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks          C:\Windows\System32\trkwks.dll
07:51:40.0888 5412  TrkWks - ok
07:51:40.0918 5412  [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
07:51:40.0978 5412  TrustedInstaller - ok
07:51:40.0998 5412  [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
07:51:41.0038 5412  tssecsrv - ok
07:51:41.0058 5412  [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt        C:\Windows\system32\drivers\tsusbflt.sys
07:51:41.0108 5412  TsUsbFlt - ok
07:51:41.0138 5412  [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD        C:\Windows\system32\drivers\TsUsbGD.sys
07:51:41.0148 5412  TsUsbGD - ok
07:51:41.0168 5412  [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
07:51:41.0208 5412  tunnel - ok
07:51:41.0228 5412  [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
07:51:41.0238 5412  uagp35 - ok
07:51:41.0248 5412  [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
07:51:41.0288 5412  udfs - ok
07:51:41.0308 5412  [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect      C:\Windows\system32\UI0Detect.exe
07:51:41.0328 5412  UI0Detect - ok
07:51:41.0358 5412  [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
07:51:41.0378 5412  uliagpkx - ok
07:51:41.0398 5412  [ DC54A574663A895C8763AF0FA1FF7561 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
07:51:41.0428 5412  umbus - ok
07:51:41.0458 5412  [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass          C:\Windows\system32\drivers\umpass.sys
07:51:41.0478 5412  UmPass - ok
07:51:41.0538 5412  [ 67A95B9D129ED5399E7965CD09CF30E7 ] UMVPFSrv        C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
07:51:41.0558 5412  UMVPFSrv - ok
07:51:41.0658 5412  [ FC43877B4625F6EB773C98233EB625C5 ] UNS            C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
07:51:41.0698 5412  UNS - ok
07:51:41.0718 5412  [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost        C:\Windows\System32\upnphost.dll
07:51:41.0748 5412  upnphost - ok
07:51:41.0778 5412  [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio        C:\Windows\system32\drivers\usbaudio.sys
07:51:41.0818 5412  usbaudio - ok
07:51:41.0838 5412  [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
07:51:41.0888 5412  usbccgp - ok
07:51:41.0908 5412  [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
07:51:41.0948 5412  usbcir - ok
07:51:41.0968 5412  [ C025055FE7B87701EB042095DF1A2D7B ] usbehci        C:\Windows\system32\drivers\usbehci.sys
07:51:41.0998 5412  usbehci - ok
07:51:42.0028 5412  [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
07:51:42.0048 5412  usbhub - ok
07:51:42.0058 5412  [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci        C:\Windows\system32\drivers\usbohci.sys
07:51:42.0068 5412  usbohci - ok
07:51:42.0078 5412  [ 73188F58FB384E75C4063D29413CEE3D ] usbprint        C:\Windows\system32\drivers\usbprint.sys
07:51:42.0098 5412  usbprint - ok
07:51:42.0108 5412  [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
07:51:42.0138 5412  USBSTOR - ok
07:51:42.0148 5412  [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci        C:\Windows\system32\drivers\usbuhci.sys
07:51:42.0168 5412  usbuhci - ok
07:51:42.0208 5412  [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo        C:\Windows\system32\Drivers\usbvideo.sys
07:51:42.0228 5412  usbvideo - ok
07:51:42.0238 5412  [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms          C:\Windows\System32\uxsms.dll
07:51:42.0268 5412  UxSms - ok
07:51:42.0278 5412  [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc        C:\Windows\system32\lsass.exe
07:51:42.0288 5412  VaultSvc - ok
07:51:42.0308 5412  [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot        C:\Windows\system32\drivers\vdrvroot.sys
07:51:42.0318 5412  vdrvroot - ok
07:51:42.0338 5412  [ 8D6B481601D01A456E75C3210F1830BE ] vds            C:\Windows\System32\vds.exe
07:51:42.0368 5412  vds - ok
07:51:42.0388 5412  [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
07:51:42.0398 5412  vga - ok
07:51:42.0408 5412  [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave        C:\Windows\System32\drivers\vga.sys
07:51:42.0448 5412  VgaSave - ok
07:51:42.0468 5412  [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp          C:\Windows\system32\drivers\vhdmp.sys
07:51:42.0468 5412  vhdmp - ok
07:51:42.0498 5412  [ E5689D93FFE4E5D66C0178761240DD54 ] viaide          C:\Windows\system32\drivers\viaide.sys
07:51:42.0508 5412  viaide - ok
07:51:42.0528 5412  [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr          C:\Windows\system32\drivers\volmgr.sys
07:51:42.0548 5412  volmgr - ok
07:51:42.0568 5412  [ A255814907C89BE58B79EF2F189B843B ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
07:51:42.0588 5412  volmgrx - ok
07:51:42.0598 5412  [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap        C:\Windows\system32\drivers\volsnap.sys
07:51:42.0608 5412  volsnap - ok
07:51:42.0618 5412  [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
07:51:42.0628 5412  vsmraid - ok
07:51:42.0658 5412  [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS            C:\Windows\system32\vssvc.exe
07:51:42.0718 5412  VSS - ok
07:51:42.0728 5412  [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus        C:\Windows\system32\DRIVERS\vwifibus.sys
07:51:42.0758 5412  vwifibus - ok
07:51:42.0788 5412  [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt        C:\Windows\system32\DRIVERS\vwififlt.sys
07:51:42.0828 5412  vwififlt - ok
07:51:42.0848 5412  [ 1C9D80CC3849B3788048078C26486E1A ] W32Time        C:\Windows\system32\w32time.dll
07:51:42.0898 5412  W32Time - ok
07:51:42.0928 5412  [ E04D43C7D1641E95D35CAE6086C7E350 ] wacommousefilter C:\Windows\system32\DRIVERS\wacommousefilter.sys
07:51:42.0948 5412  wacommousefilter - ok
07:51:42.0968 5412  [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
07:51:42.0998 5412  WacomPen - ok
07:51:43.0028 5412  [ EC1CEB237E365330C1FCFC4876AA0AC0 ] wacomvhid      C:\Windows\system32\DRIVERS\wacomvhid.sys
07:51:43.0058 5412  wacomvhid - ok
07:51:43.0078 5412  [ 356AFD78A6ED4457169241AC3965230C ] WANARP          C:\Windows\system32\DRIVERS\wanarp.sys
07:51:43.0128 5412  WANARP - ok
07:51:43.0138 5412  [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
07:51:43.0158 5412  Wanarpv6 - ok
07:51:43.0188 5412  [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine        C:\Windows\system32\wbengine.exe
07:51:43.0248 5412  wbengine - ok
07:51:43.0258 5412  [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc        C:\Windows\System32\wbiosrvc.dll
07:51:43.0288 5412  WbioSrvc - ok
07:51:43.0288 5412  [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc        C:\Windows\System32\wcncsvc.dll
07:51:43.0318 5412  wcncsvc - ok
07:51:43.0338 5412  [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
07:51:43.0388 5412  WcsPlugInService - ok
07:51:43.0398 5412  [ 72889E16FF12BA0F235467D6091B17DC ] Wd              C:\Windows\system32\drivers\wd.sys
07:51:43.0408 5412  Wd - ok
07:51:43.0428 5412  [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
07:51:43.0458 5412  Wdf01000 - ok
07:51:43.0458 5412  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost  C:\Windows\system32\wdi.dll
07:51:43.0548 5412  WdiServiceHost - ok
07:51:43.0548 5412  [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost  C:\Windows\system32\wdi.dll
07:51:43.0568 5412  WdiSystemHost - ok
07:51:43.0588 5412  [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient      C:\Windows\System32\webclnt.dll
07:51:43.0628 5412  WebClient - ok
07:51:43.0658 5412  [ C749025A679C5103E575E3B48E092C43 ] Wecsvc          C:\Windows\system32\wecsvc.dll
07:51:43.0718 5412  Wecsvc - ok
07:51:43.0728 5412  [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
07:51:43.0768 5412  wercplsupport - ok
07:51:43.0788 5412  [ 6D137963730144698CBD10F202E9F251 ] WerSvc          C:\Windows\System32\WerSvc.dll
07:51:43.0828 5412  WerSvc - ok
07:51:43.0868 5412  [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf          C:\Windows\system32\DRIVERS\wfplwf.sys
07:51:43.0888 5412  WfpLwf - ok
07:51:43.0898 5412  [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount        C:\Windows\system32\drivers\wimmount.sys
07:51:43.0908 5412  WIMMount - ok
07:51:43.0928 5412  WinDefend - ok
07:51:43.0928 5412  WinHttpAutoProxySvc - ok
07:51:43.0968 5412  [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
07:51:44.0018 5412  Winmgmt - ok
07:51:44.0058 5412  [ BCB1310604AA415C4508708975B3931E ] WinRM          C:\Windows\system32\WsmSvc.dll
07:51:44.0118 5412  WinRM - ok
07:51:44.0158 5412  [ FE88B288356E7B47B74B13372ADD906D ] WinUsb          C:\Windows\system32\DRIVERS\WinUsb.sys
07:51:44.0168 5412  WinUsb - ok
07:51:44.0198 5412  [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc        C:\Windows\System32\wlansvc.dll
07:51:44.0228 5412  Wlansvc - ok
07:51:44.0258 5412  [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc        C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
07:51:44.0268 5412  wlcrasvc - ok
07:51:44.0338 5412  [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
07:51:44.0408 5412  wlidsvc - ok
07:51:44.0418 5412  [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi        C:\Windows\system32\drivers\wmiacpi.sys
07:51:44.0448 5412  WmiAcpi - ok
07:51:44.0458 5412  [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
07:51:44.0478 5412  wmiApSrv - ok
07:51:44.0518 5412  WMPNetworkSvc - ok
07:51:44.0528 5412  [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc          C:\Windows\System32\wpcsvc.dll
07:51:44.0548 5412  WPCSvc - ok
07:51:44.0568 5412  [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
07:51:44.0588 5412  WPDBusEnum - ok
07:51:44.0598 5412  [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
07:51:44.0658 5412  ws2ifsl - ok
07:51:44.0668 5412  [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc          C:\Windows\System32\wscsvc.dll
07:51:44.0678 5412  wscsvc - ok
07:51:44.0698 5412  [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice  C:\Windows\system32\DRIVERS\WSDPrint.sys
07:51:44.0728 5412  WSDPrintDevice - ok
07:51:44.0738 5412  WSearch - ok
07:51:44.0778 5412  [ 82E8F5AA03DF7DBDB8A33F700D5D8CDA ] wsvd            C:\Windows\system32\DRIVERS\wsvd.sys
07:51:44.0788 5412  wsvd - ok
07:51:44.0848 5412  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
07:51:44.0938 5412  wuauserv - ok
07:51:44.0948 5412  [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
07:51:44.0998 5412  WudfPf - ok
07:51:45.0038 5412  [ CF8D590BE3373029D57AF80914190682 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
07:51:45.0088 5412  WUDFRd - ok
07:51:45.0108 5412  [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
07:51:45.0128 5412  wudfsvc - ok
07:51:45.0148 5412  [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc        C:\Windows\System32\wwansvc.dll
07:51:45.0168 5412  WwanSvc - ok
07:51:45.0188 5412  ================ Scan global ===============================
07:51:45.0208 5412  [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
07:51:45.0238 5412  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
07:51:45.0248 5412  [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
07:51:45.0268 5412  [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
07:51:45.0288 5412  [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
07:51:45.0298 5412  [Global] - ok
07:51:45.0298 5412  ================ Scan MBR ==================================
07:51:45.0308 5412  [ 753CA1D394F3C0855134963D7361060F ] \Device\Harddisk0\DR0
07:51:47.0048 5412  \Device\Harddisk0\DR0 - ok
07:51:47.0048 5412  ================ Scan VBR ==================================
07:51:47.0048 5412  [ 619A03A875D85497D559FA3E19E9DE27 ] \Device\Harddisk0\DR0\Partition1
07:51:47.0048 5412  \Device\Harddisk0\DR0\Partition1 - ok
07:51:47.0088 5412  [ B68F870CBB386C27C245D596A7B85D07 ] \Device\Harddisk0\DR0\Partition2
07:51:47.0088 5412  \Device\Harddisk0\DR0\Partition2 - ok
07:51:47.0118 5412  [ 1EF04439AE4D06A5FB203D439E62816E ] \Device\Harddisk0\DR0\Partition3
07:51:47.0128 5412  \Device\Harddisk0\DR0\Partition3 - ok
07:51:47.0128 5412  ============================================================
07:51:47.0128 5412  Scan finished
07:51:47.0128 5412  ============================================================
07:51:47.0138 4124  Detected object count: 5
07:51:47.0138 4124  Actual detected object count: 5
07:53:06.0657 4124  hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
07:53:06.0657 4124  hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:53:06.0657 4124  hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
07:53:06.0657 4124  hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:53:06.0659 4124  HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
07:53:06.0659 4124  HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:53:06.0660 4124  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
07:53:06.0660 4124  Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
07:53:06.0662 4124  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
07:53:06.0662 4124  Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 19.09.2012 11:17
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Modo 19.09.2012 16:47
Combofix habe ich ausgeführt. Im Anschluß kamen die Fehlermeldungen die nach einem Neustart verschwunden sind.

Code:
ComboFix 12-09-18.07 - Family 19.09.2012  17:25:57.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.6126.4387 [GMT 2:00]
ausgeführt von:: c:\users\Family\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Family\AppData\Local\Temp\d6ebea43-a7f6-428d-ab33-ddb1ea1983ec\CliSecureRT.dll
c:\windows\iun6002.exe
c:\windows\SysWow64\muzapp.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-08-19 bis 2012-09-19  ))))))))))))))))))))))))))))))
.
.
2012-09-17 19:28 . 2012-09-17 19:28        --------        d-----w-        c:\program files (x86)\Ambient Design
2012-09-17 19:28 . 2012-09-17 19:29        --------        d-----w-        c:\users\Family\AppData\Roaming\Ambient Design
2012-09-17 18:50 . 2010-03-19 01:00        55856        ------w-        c:\windows\system32\drivers\PxHlpa64.sys
2012-09-17 18:50 . 2009-10-20 01:00        10224        ------w-        c:\windows\system32\drivers\cdralw2k.sys
2012-09-17 18:50 . 2009-10-20 01:00        10224        ------w-        c:\windows\system32\drivers\cdr4_xp.sys
2012-09-17 18:48 . 2012-09-17 18:48        --------        d-----w-        c:\program files (x86)\Common Files\PX Storage Engine
2012-09-17 18:48 . 2012-09-17 18:48        --------        d-----w-        c:\program files (x86)\Common Files\Sonic Shared
2012-09-17 17:41 . 2012-09-17 17:41        --------        d-----w-        c:\users\Family\AppData\Roaming\wacomid-desktop-launcher.DCFD4B89A63EE70BC162777F06D4B93B6397AEC7.1
2012-09-17 17:40 . 2012-09-17 17:40        --------        d-----w-        c:\users\Family\AppData\Roaming\Wacom
2012-09-17 17:40 . 2012-09-17 17:41        --------        d-----w-        c:\programdata\Wacom
2012-09-17 17:40 . 2012-09-17 17:40        --------        d-----w-        c:\program files (x86)\Bamboo Dock
2012-09-17 17:39 . 2012-09-17 17:39        --------        d-----w-        c:\users\Family\AppData\Roaming\WTablet
2012-09-17 17:39 . 2011-09-08 15:48        1326456        ----a-w-        c:\windows\system32\Pen_Touch_Tablet.dll
2012-09-17 17:39 . 2011-09-08 15:48        1107832        ----a-w-        c:\windows\SysWow64\Pen_Touch_Tablet.dll
2012-09-17 17:38 . 2012-09-17 17:38        --------        d-----w-        c:\program files (x86)\TabletPlugins
2012-09-17 17:38 . 2011-09-08 15:49        12848        ----a-w-        c:\windows\system32\drivers\wacommousefilter.sys
2012-09-17 17:38 . 2011-09-08 15:49        16168        ----a-w-        c:\windows\system32\drivers\wacomvhid.sys
2012-09-17 17:38 . 2011-09-08 15:48        1152888        ----a-w-        c:\windows\SysWow64\WacomMT.dll
2012-09-17 17:38 . 2011-09-08 15:48        1665400        ----a-w-        c:\windows\system32\Pen_Tablet.dll
2012-09-17 17:38 . 2011-09-08 15:48        1401208        ----a-w-        c:\windows\system32\Wintab32.dll
2012-09-17 17:38 . 2011-09-08 15:48        1392504        ----a-w-        c:\windows\system32\WacomMT.dll
2012-09-17 17:38 . 2011-09-08 15:48        1156472        ----a-w-        c:\windows\SysWow64\Wintab32.dll
2012-09-17 17:38 . 2011-09-08 15:48        1369464        ----a-w-        c:\windows\SysWow64\Pen_Tablet.dll
2012-09-17 17:38 . 2012-09-17 17:57        --------        d-----w-        c:\program files\Tablet
2012-09-17 15:43 . 2012-08-23 08:26        9310152        ----a-w-        c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-17 15:30 . 2012-09-17 15:30        --------        d-----w-        C:\_OTL
2012-09-16 09:01 . 2012-09-16 09:01        --------        d-----w-        c:\program files (x86)\Sybase
2012-09-16 09:00 . 2006-06-26 13:58        1929216        ----a-w-        c:\windows\SysWow64\cdintf250.dll
2012-09-15 08:06 . 2012-09-15 08:06        --------        d-----w-        c:\program files (x86)\Common Files\Java
2012-09-15 08:06 . 2012-09-15 08:06        95208        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-15 07:30 . 2012-09-15 07:30        73696        ----a-w-        c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-09-14 12:44 . 2012-08-22 18:12        950128        ----a-w-        c:\windows\system32\drivers\ndis.sys
2012-09-14 12:44 . 2012-08-22 18:12        1913200        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-09-14 12:44 . 2012-08-22 18:12        376688        ----a-w-        c:\windows\system32\drivers\netio.sys
2012-09-14 12:44 . 2012-08-22 18:12        288624        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-14 12:44 . 2012-08-02 17:58        574464        ----a-w-        c:\windows\system32\d3d10level9.dll
2012-09-14 12:44 . 2012-08-02 16:57        490496        ----a-w-        c:\windows\SysWow64\d3d10level9.dll
2012-09-14 12:44 . 2012-07-04 20:26        41472        ----a-w-        c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 14:50 . 2012-09-12 14:50        --------        d-----w-        c:\program files (x86)\ESET
2012-09-10 07:46 . 2012-09-10 07:46        --------        d-----w-        c:\users\Family\AppData\Roaming\Malwarebytes
2012-09-10 07:45 . 2012-09-10 07:45        --------        d-----w-        c:\programdata\Malwarebytes
2012-09-10 07:45 . 2012-09-12 07:04        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-10 07:45 . 2012-09-07 15:04        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-15 08:06 . 2012-06-18 13:23        821736        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2012-09-15 08:06 . 2011-11-23 18:34        746984        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-09-14 16:02 . 2011-03-14 14:08        64462936        ----a-w-        c:\windows\system32\MRT.exe
2012-07-29 14:53 . 2012-07-29 14:53        283200        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2012-07-28 14:51 . 2012-06-21 07:04        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-28 14:51 . 2011-08-22 17:09        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-18 18:15 . 2012-08-15 15:45        3148800        ----a-w-        c:\windows\system32\win32k.sys
2012-07-04 22:16 . 2012-08-15 15:45        73216        ----a-w-        c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-15 15:45        59392        ----a-w-        c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-15 15:45        136704        ----a-w-        c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-15 15:45        41984        ----a-w-        c:\windows\SysWow64\browcli.dll
2012-06-29 04:55 . 2012-08-15 20:29        17809920        ----a-w-        c:\windows\system32\mshtml.dll
2012-06-29 04:09 . 2012-08-15 20:29        10925568        ----a-w-        c:\windows\system32\ieframe.dll
2012-06-29 03:56 . 2012-08-15 20:29        2312704        ----a-w-        c:\windows\system32\jscript9.dll
2012-06-29 03:49 . 2012-08-15 20:29        1346048        ----a-w-        c:\windows\system32\urlmon.dll
2012-06-29 03:49 . 2012-08-15 20:29        1392128        ----a-w-        c:\windows\system32\wininet.dll
2012-06-29 03:48 . 2012-08-15 20:29        1494528        ----a-w-        c:\windows\system32\inetcpl.cpl
2012-06-29 03:47 . 2012-08-15 20:29        237056        ----a-w-        c:\windows\system32\url.dll
2012-06-29 03:45 . 2012-08-15 20:29        85504        ----a-w-        c:\windows\system32\jsproxy.dll
2012-06-29 03:44 . 2012-08-15 20:29        816640        ----a-w-        c:\windows\system32\jscript.dll
2012-06-29 03:43 . 2012-08-15 20:29        173056        ----a-w-        c:\windows\system32\ieUnatt.exe
2012-06-29 03:42 . 2012-08-15 20:29        2144768        ----a-w-        c:\windows\system32\iertutil.dll
2012-06-29 03:40 . 2012-08-15 20:29        96768        ----a-w-        c:\windows\system32\mshtmled.dll
2012-06-29 03:39 . 2012-08-15 20:29        2382848        ----a-w-        c:\windows\system32\mshtml.tlb
2012-06-29 03:35 . 2012-08-15 20:29        248320        ----a-w-        c:\windows\system32\ieui.dll
2012-06-29 00:16 . 2012-08-15 20:29        1800704        ----a-w-        c:\windows\SysWow64\jscript9.dll
2012-06-29 00:09 . 2012-08-15 20:29        1129472        ----a-w-        c:\windows\SysWow64\wininet.dll
2012-06-29 00:08 . 2012-08-15 20:29        1427968        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2012-06-29 00:04 . 2012-08-15 20:29        142848        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2012-06-29 00:00 . 2012-08-15 20:29        2382848        ----a-w-        c:\windows\SysWow64\mshtml.tlb
2012-06-22 14:32 . 2012-07-19 16:28        405144        ----a-w-        c:\windows\SysWow64\Newtonsoft.Json.Net20.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-07 21432]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-08-07 960440]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-14 343168]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2010-08-03 107816]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"LexwareInfoService"="c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-07 3524536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"BambooCore"="c:\program files (x86)\Bamboo Dock\BambooCore.exe" [2011-09-27 646232]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2010-12-21 36328]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-06-04 99384]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-15 114144]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-06-02 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-06-02 177640]
R3 sscebus;SAMSUNG USB Composite Device V2 driver (WDM);c:\windows\system32\DRIVERS\sscebus.sys [2010-12-21 127488]
R3 sscemdfl;SAMSUNG Mobile Modem V2 Filter;c:\windows\system32\DRIVERS\sscemdfl.sys [2010-12-21 18944]
R3 sscemdm;SAMSUNG Mobile Modem V2 Drivers;c:\windows\system32\DRIVERS\sscemdm.sys [2010-12-21 161280]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-06-04 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2010-09-23 129008]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-07-29 283200]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-10-13 204288]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 Lexware_Datenbank_Plus;Lexware Datenbank Plus;c:\program files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [2010-11-05 83248]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-09-28 25824]
S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]
S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-03-11 2656280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2011-10-13 10496000]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2011-10-13 326656]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\drivers\asmthub3.sys [2011-08-02 129000]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2011-08-02 391144]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-06-06 231440]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUVC64;Logitech QuickCam Pro 9000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2011-03-11 56344]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 WSDPrintDevice;WSD-Druckunterstützung durch UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-08-16 12673128]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-28 497648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Free YouTube to MP3 Converter - c:\users\Family\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Family\AppData\Roaming\Mozilla\Firefox\Profiles\kk83a8w9.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: network.proxy.type - 0
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - (no file)
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
AddRemove-Die Sims Daten 8.0 - c:\windows\iun6002.exe
AddRemove-Die Sims8.0 - c:\windows\iun6002.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_268_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_268.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-09-19  17:34:42 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-09-19 15:34
.
Vor Suchlauf: 8 Verzeichnis(se), 1.312.529.666.048 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 1.314.241.343.488 Bytes frei
.
- - End Of File - - 1D84C50DF00F91DC1D77729CC5F74898

cosinus 19.09.2012 21:06
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

Modo 20.09.2012 19:32
Hallo Cosinus,

den Gmer-Scan konnte ich durchführen, und auch den Osam Scan. siehe unten

Der Scan mit aswMBR hat mir immer wieder folgende Fehlermeldung gebracht:avas!rootkt funktioniert nicht mehr. Danach konnte ich nur das Programm schließen. Ein Log-File konnte ich nicht erstellen


Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-09-20 19:30:18
Windows 6.1.7601 Service Pack 1
Running: rnjde6ps.exe


---- Registry - GMER 1.0.15 ----

Reg  HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Family\AppData\Local\Logitech\xae Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe  1

---- EOF - GMER 1.0.15 ----
Osam-Log

Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 19:35:55 on 20.09.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 15.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"wsvd" (wsvd) - "CyberLink" - C:\Windows\System32\DRIVERS\wsvd.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{5E2121EE-0300-11D4-8D3B-444553540000} "Catalyst Context Menu extension" - ? -  (File not found | COM-object registry key not found)
{D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL
{506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll
{0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? -  (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 10.7.2" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "{8AD9C840-044E-11D1-B3E9-00805F499D93}" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4  (HTTP value)
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
{B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

[LSA Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )-----
"Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"HP Digital Imaging Monitor.lnk" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe  (Shortcut exists | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"DAEMON Tools Lite" - "DT Soft Ltd" - "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"KiesPDLR" - ? - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
"KiesPreload" - "Samsung" - C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
"Skype" - "Skype Technologies S.A." - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"BambooCore" - ? - C:\Program Files (x86)\Bamboo Dock\BambooCore.exe
"CLMLServer" - "CyberLink" - "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"HP Software Update" - "Hewlett-Packard" - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
"IAStorIcon" - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"KiesTrayAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
"LexwareInfoService" - "Haufe-Lexware GmbH & Co. KG" - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"LWS" - "Logitech Inc." - C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
"StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243" (NisSrv) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\NisSrv.exe
"Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
"Adobe Active File Monitor V9" (AdobeActiveFileMonitor9.0) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
"Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
"Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
"Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
"Lexware Datenbank Plus" (Lexware_Datenbank_Plus) - "iAnywhere Solutions, Inc." - C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
"MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
"MemeoBackgroundService" (MemeoBackgroundService) - "Memeo" - C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Antimalware Service" (MsMpSvc) - "Microsoft Corporation" - c:\Program Files\Microsoft Security Client\MsMpEng.exe
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Office  Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe
"TabletServicePen" (TabletServicePen) - "Wacom Technology, Corp." - C:\Program Files\Tablet\Pen\Pen_Tablet.exe
"Wacom Consumer Touch Service" (TouchServicePen) - "Wacom Technology, Corp." - C:\Program Files\Tablet\Pen\Pen_TouchService.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
"WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

cosinus 21.09.2012 11:44
Bitte meine Postings komplett zu Ende lesen. Esgab ganz unten einen Hinweis zu aswMBR

Modo 21.09.2012 14:16
anbei das Log des komplett mit aswMBR durchgeführten Scans.

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-21 15:11:56
-----------------------------
15:11:56.603    OS Version: Windows x64 6.1.7601 Service Pack 1
15:11:56.603    Number of processors: 4 586 0x2A07
15:11:56.603    ComputerName: FAMILY-PC  UserName: Family
15:11:59.002    Initialize success
15:12:04.071    AVAST engine defs: 12092000
15:12:23.113    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:12:23.113    Disk 0 Vendor: ST1500DL CC4A Size: 1430799MB BusType: 3
15:12:23.143    Disk 0 MBR read successfully
15:12:23.143    Disk 0 MBR scan
15:12:23.143    Disk 0 unknown MBR code
15:12:23.153    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
15:12:23.163    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      1378473 MB offset 206848
15:12:23.213    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        51200 MB offset 2823319552
15:12:23.233    Disk 0 Partition 4 00    12  Compaq diag NTFS        1024 MB offset 2928177152
15:12:23.283    Disk 0 scanning C:\Windows\system32\drivers
15:12:32.221    Service scanning
15:12:47.892    Modules scanning
15:12:47.892    Disk 0 trace - called modules:
15:12:47.912    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
15:12:47.922    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80087f2060]
15:12:47.922    3 CLASSPNP.SYS[fffff88001d4c43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8005f39050]
15:12:47.932    Scan finished successfully
15:13:12.095    Disk 0 MBR has been saved successfully to "C:\Users\Family\Desktop\MBR.dat"
15:13:12.105    The log file has been saved successfully to "C:\Users\Family\Desktop\aswMBR.txt"

cosinus 21.09.2012 20:15
Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht.

Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar.
Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast

Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR.

Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm!

Anschließend Windows neu starten und ein neues Log mit aswMBR machen.

Modo 22.09.2012 11:27
FIXMBR ist ohne Probleme durchgelaufen.
anbei das Log-File

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-09-22 12:21:46
-----------------------------
12:21:46.941    OS Version: Windows x64 6.1.7601 Service Pack 1
12:21:46.941    Number of processors: 4 586 0x2A07
12:21:46.941    ComputerName: FAMILY-PC  UserName: Family
12:21:52.367    Initialize success
12:21:56.757    AVAST engine defs: 12092100
12:22:00.449    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:22:00.449    Disk 0 Vendor: ST1500DL CC4A Size: 1430799MB BusType: 3
12:22:00.489    Disk 0 MBR read successfully
12:22:00.489    Disk 0 MBR scan
12:22:00.489    Disk 0 Windows 7 default MBR code
12:22:00.509    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
12:22:00.529    Disk 0 Partition 2 00    07    HPFS/NTFS NTFS      1378473 MB offset 206848
12:22:00.569    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS        51200 MB offset 2823319552
12:22:00.589    Disk 0 Partition 4 00    12  Compaq diag NTFS        1024 MB offset 2928177152
12:22:00.649    Disk 0 scanning C:\Windows\system32\drivers
12:22:11.889    Service scanning
12:22:29.023    Modules scanning
12:22:29.023    Disk 0 trace - called modules:
12:22:29.043    ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:22:29.043    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80087f3060]
12:22:29.053    3 CLASSPNP.SYS[fffff88001cfa43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80060f9050]
12:22:29.053    Scan finished successfully
12:23:02.924    Disk 0 MBR has been saved successfully to "C:\Users\Family\Desktop\MBR.dat"
12:23:02.934    The log file has been saved successfully to "C:\Users\Family\Desktop\aswMBR.txt"
12:24:33.315    Disk 0 MBR has been saved successfully to "C:\Users\Family\Desktop\MBR.dat"
12:24:33.325    The log file has been saved successfully to "C:\Users\Family\Desktop\aswMBR.txt"
12:25:15.149    Disk 0 MBR has been saved successfully to "C:\Users\Family\Downloads\MBR.dat"
12:25:15.159    The log file has been saved successfully to "C:\Users\Family\Downloads\aswMBR.txt"

cosinus 22.09.2012 18:02
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

Modo 24.09.2012 18:55
Hallo Cosinus,

anbei die beiden Log-Files:

Code:
Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.24.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Family :: FAMILY-PC [Administrator]

Schutz: Aktiviert

24.09.2012 10:35:34
mbam-log-2012-09-24 (10-35-34).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|G:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 417821
Laufzeit: 54 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Code:
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 09/24/2012 at 05:48 PM

Application Version : 5.5.1016

Core Rules Database Version : 9277
Trace Rules Database Version: 7089

Scan type      : Complete Scan
Total Scan Time : 01:20:26

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator

Memory items scanned      : 856
Memory threats detected  : 0
Registry items scanned    : 67396
Registry threats detected : 0
File items scanned        : 204162
File threats detected    : 189

Adware.Tracking Cookie
        C:\Users\Family\AppData\Roaming\Microsoft\Windows\Cookies\C738B1MM.txt [ /atdmt.com ]
        C:\Users\Family\AppData\Roaming\Microsoft\Windows\Cookies\TB2N8TLE.txt [ /track.adform.net ]
        C:\Users\Family\AppData\Roaming\Microsoft\Windows\Cookies\4MTU7L6H.txt [ /serving-sys.com ]
        C:\Users\Family\AppData\Roaming\Microsoft\Windows\Cookies\1S50VCGH.txt [ /bs.serving-sys.com ]
        C:\Users\Family\AppData\Roaming\Microsoft\Windows\Cookies\UO97VDY2.txt [ /adform.net ]
        C:\Users\Family\AppData\Roaming\Microsoft\Windows\Cookies\E5BVOE7T.txt [ /mp3find.sd.softonic.de ]
        C:\Users\Family\AppData\Roaming\Microsoft\Windows\Cookies\3CO9S1JO.txt [ /adfarm1.adition.com ]
        C:\Users\Family\AppData\Roaming\Microsoft\Windows\Cookies\OD85PA9N.txt [ /doubleclick.net ]
        C:\Users\Family\AppData\Roaming\Microsoft\Windows\Cookies\AHRA67SI.txt [ /eaeacom.112.2o7.net ]
        C:\Users\Family\AppData\Roaming\Microsoft\Windows\Cookies\7BKS4N7M.txt [ /ad2.adfarm1.adition.com ]
        C:\Users\Family\AppData\Roaming\Microsoft\Windows\Cookies\R1T39U70.txt [ /c.atdmt.com ]
        C:\Users\Family\AppData\Roaming\Microsoft\Windows\Cookies\HATR6U4I.txt [ /imrworldwide.com ]
        C:\USERS\FAMILY\AppData\Roaming\Microsoft\Windows\Cookies\OUFSZNUK.txt [ Cookie:family@clkads.com/adServe ]
        C:\USERS\FAMILY\AppData\Roaming\Microsoft\Windows\Cookies\Low\X993HP95.txt [ Cookie:family@atdmt.com/ ]
        C:\USERS\FAMILY\AppData\Roaming\Microsoft\Windows\Cookies\Low\XRZJ57EO.txt [ Cookie:family@revsci.net/ ]
        C:\USERS\FAMILY\AppData\Roaming\Microsoft\Windows\Cookies\Low\C3DZ5JG1.txt [ Cookie:family@adfarm1.adition.com/ ]
        C:\USERS\FAMILY\AppData\Roaming\Microsoft\Windows\Cookies\Low\05CEOLRR.txt [ Cookie:family@doubleclick.net/ ]
        C:\USERS\FAMILY\AppData\Roaming\Microsoft\Windows\Cookies\Low\UEOSJ7GQ.txt [ Cookie:family@invitemedia.com/ ]
        C:\USERS\FAMILY\AppData\Roaming\Microsoft\Windows\Cookies\Low\0E29Y70L.txt [ Cookie:family@apmebf.com/ ]
        C:\USERS\FAMILY\AppData\Roaming\Microsoft\Windows\Cookies\Low\Y1TN51EF.txt [ Cookie:family@yieldmanager.net/ ]
        C:\USERS\FAMILY\Cookies\C738B1MM.txt [ Cookie:family@atdmt.com/ ]
        C:\USERS\FAMILY\Cookies\TB2N8TLE.txt [ Cookie:family@track.adform.net/ ]
        C:\USERS\FAMILY\Cookies\UO97VDY2.txt [ Cookie:family@adform.net/ ]
        C:\USERS\FAMILY\Cookies\OUFSZNUK.txt [ Cookie:family@clkads.com/adServe ]
        C:\USERS\FAMILY\Cookies\3CO9S1JO.txt [ Cookie:family@adfarm1.adition.com/ ]
        C:\USERS\FAMILY\Cookies\OD85PA9N.txt [ Cookie:family@doubleclick.net/ ]
        C:\USERS\FAMILY\Cookies\7BKS4N7M.txt [ Cookie:family@ad2.adfarm1.adition.com/ ]
        C:\USERS\FAMILY\Cookies\R1T39U70.txt [ Cookie:family@c.atdmt.com/ ]
        .revsci.net [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .atdmt.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .xiti.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        ad.dyntracker.de [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        track.effiliation.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        ad.dyntracker.de [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .apmebf.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .im.banner.t-online.de [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .tradedoubler.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        ad3.adfarm1.adition.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .media6degrees.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .mediaplex.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .smartadserver.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .zanox-affiliate.de [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        ad.dyntracker.de [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        ad2.adfarm1.adition.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .adtech.de [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        server.adform.net [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        server.adform.net [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .adform.net [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .doubleclick.net [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .interclick.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .microsoftwlsearchcrm.112.2o7.net [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .interclick.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .interclick.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .zanox.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .serving-sys.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .tribalfusion.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .invitemedia.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .revsci.net [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        adx.chip.de [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        statse.webtrendslive.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        deutsches-youporn.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        deutsches-youporn.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        lustpornos.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        lustpornos.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .specificclick.net [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        www.zanox-affiliate.de [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        traffic.brokerbabe.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        traffic.brokerbabe.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        traffic.brokerbabe.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        www.hdpornmobile.xxx [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        www.hdpornmobile.xxx [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .hdpornmobile.xxx [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .hdpornmobile.xxx [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .hdpornmobile.xxx [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        sexlegenden.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        sexlegenden.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        sexlegenden.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        www.bittasex.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        www.bittasex.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .webmasterplan.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        ad.yieldmanager.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .adfarm1.adition.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        viewad.exchangecash.de [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        media.neodau.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        media.neodau.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        media.neodau.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        ad.zanox.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        www.etracker.de [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .pornme.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .pornme.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .pornme.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        www.pornme.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        www.youporn-deutsch.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        www.youporn-deutsch.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .youporn-deutsch.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .youporn-deutsch.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .youporn-deutsch.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        .ero-advertising.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        www.youporn-deutsch.com [ C:\USERS\FAMILY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KK83A8W9.DEFAULT\COOKIES.SQLITE ]
        naiadsystems.com [ C:\USERS\FAMILY\JENS\SICHERUNG\MODERSITZKI\C-DATEIN\DOKUMENTE UND EINSTELLUNGEN\MODERSITZKI\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XXZAFXRP ]
        tribalfusion.com [ C:\USERS\FAMILY\JENS\SICHERUNG\MODERSITZKI\C-DATEIN\DOKUMENTE UND EINSTELLUNGEN\MODERSITZKI\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XXZAFXRP ]
        www.digital-media-repository.com [ C:\USERS\FAMILY\JENS\SICHERUNG\MODERSITZKI\C-DATEIN\DOKUMENTE UND EINSTELLUNGEN\MODERSITZKI\ANWENDUNGSDATEN\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XXZAFXRP ]
        C:\USERS\FAMILY\JENS\SICHERUNG\MODERSITZKI\C-DATEIN\DOKUMENTE UND EINSTELLUNGEN\MODERSITZKI\COOKIES\MODERSITZKI@FORTUNECITY[1].TXT [ /FORTUNECITY ]
        C:\USERS\FAMILY\JENS\SICHERUNG\MODERSITZKI\C-DATEIN\DOKUMENTE UND EINSTELLUNGEN\MODERSITZKI\COOKIES\MODERSITZKI@WWW.GOOGLEADSERVICES[2].TXT [ /WWW.GOOGLEADSERVICES ]
        C:\USERS\FAMILY\JENS\SICHERUNG\MODERSITZKI\C-DATEIN\DOKUMENTE UND EINSTELLUNGEN\MODERSITZKI\COOKIES\MODERSITZKI@POSTCLICKTRACKING[2].TXT [ /POSTCLICKTRACKING ]

Trojan.Agent/Gen-MSFake
        C:\USERS\FAMILY\APPDATA\ROAMING\DESKTOPICONFORAMAZON\ICONFORAMAZON.EXE

Trojan.Agent/Gen-Sirefef
        C:\USERS\FAMILY\JENS\SICHERUNG\MODERSITZKI\LOKALE EINSTELLUNGEN\TEMPORARY INTERNET FILES\CONTENT.IE5\8KK0MPBK\STAMPSETUP[1].EXE
        C:\USERS\FAMILY\JENS\SICHERUNG\MODERSITZKI\C-DATEIN\DOKUMENTE UND EINSTELLUNGEN\MODERSITZKI\LOKALE EINSTELLUNGEN\TEMPORARY INTERNET FILES\CONTENT.IE5\8KK0MPBK\STAMPSETUP[1].EXE

cosinus 25.09.2012 08:05
Sieht ok aus, da wurden nur Cookies gefunden und drei Fehlalarme gemeldet.
Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )


Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

Modo 25.09.2012 19:06
Hallo Cosinus,

ich möchte mich nochmal für die Hilfe bedanken :applaus:, das System läuft wieder einwandfrei.
Die Frage die ich Dir noch stellen wollte hast Du schon beantwortet, wie ich mich sicherer im Internet bewegen kann. Werd mal nach einem gangbaren Weg schauen. Zuerst mal den Cookie Culler installieren, und bei FF die Cookies immer löschen lassen.

Vielen Dank

Gruß Modo

cosinus 26.09.2012 09:50
Dann wären wir durch! :abklatsch:

Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Mit Hilfe von OTL kannst du auch viele Tools entfernen:

Starte bitte OTL und klicke auf Bereinigung.
Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen.


Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken.


Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate

Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.

Windows Vista/7: Anleitung Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks => Adobe Flash Player Distribution | Adobe

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.

Modo 29.09.2012 13:12
Hallo Cosinus,

habe die benötigten Programme gemäß deiner Anleitung gelöscht. Die erforderlichen Updates durchgeführt.
Der Rechner hat keinerlei beeinträchtigungen und alles läuft bestens.

An dieser Stelle bedanke ich mich gerne noch mal bei Dir für geduldige Hilfe.

Gruß Modo


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:43 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131