Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows Firewall lässt sich nicht aktivieren (https://www.trojaner-board.de/140267-windows-firewall-laesst-aktivieren.html)

Boris.K 22.08.2013 18:50
Windows Firewall lässt sich nicht aktivieren
 
Hallo,

ich kann meine Windows Firewall nicht mehr aktivieren. Beim Versuch erscheint diese Fehlermeldung:

"Aufgrund eines unbekannten Problems können die Einstellungen der Windows-Firewall nicht angezeigt werden".

Folgendes habe ich bereits versucht, hat aber nicht geklappt:
hxxp://support.microsoft.com/kb/920074

Mein Betriebssystem ist Vista. Ich hatte vorher die Comodo Firewall, musste diese aber aufgrund von Kompatibilitätsproblemen mit dem Avira Update deinstallieren.

Könnt Ihr mir weiterhelfen?

Danke!

cosinus 22.08.2013 19:03
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!



Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Boris.K 22.08.2013 19:33
Hi,

hier die Logfile von Avira:

Code:


Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 19. August 2013  21:13


Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer  : Avira Free Antivirus
Seriennummer  : 0000149996-ADJIE-0000001
Plattform      : Windows (TM) Vista Home Premium
Windowsversion : (Service Pack 2)  [6.0.6002]
Boot Modus    : Normal gebootet
Benutzername  : SYSTEM
Computername  : BK-PC

Versionsinformationen:
BUILD.DAT      : 13.0.0.3885    54851 Bytes  01.08.2013 08:55:00
AVSCAN.EXE    : 13.6.0.1722  634936 Bytes  19.08.2013 18:05:24
AVSCANRC.DLL  : 13.6.0.1550    62520 Bytes  19.08.2013 18:05:24
LUKE.DLL      : 13.6.0.1550    65080 Bytes  19.08.2013 18:06:05
AVSCPLR.DLL    : 13.6.0.1712    92216 Bytes  19.08.2013 18:05:24
AVREG.DLL      : 13.6.0.1550  247864 Bytes  19.08.2013 18:05:23
avlode.dll    : 13.6.2.1704  449592 Bytes  19.08.2013 18:05:21
avlode.rdf    : 13.0.1.32      27196 Bytes  19.08.2013 18:06:51
VBASE000.VDF  : 7.11.70.0  66736640 Bytes  04.04.2013 20:30:41
VBASE001.VDF  : 7.11.74.226  2201600 Bytes  30.04.2013 08:07:47
VBASE002.VDF  : 7.11.80.60  2751488 Bytes  28.05.2013 18:40:38
VBASE003.VDF  : 7.11.85.214  2162688 Bytes  21.06.2013 01:13:33
VBASE004.VDF  : 7.11.91.176  3903488 Bytes  23.07.2013 19:15:49
VBASE005.VDF  : 7.11.91.177    2048 Bytes  23.07.2013 19:15:50
VBASE006.VDF  : 7.11.91.178    2048 Bytes  23.07.2013 19:15:50
VBASE007.VDF  : 7.11.91.179    2048 Bytes  23.07.2013 19:15:50
VBASE008.VDF  : 7.11.91.180    2048 Bytes  23.07.2013 19:15:50
VBASE009.VDF  : 7.11.91.181    2048 Bytes  23.07.2013 19:15:50
VBASE010.VDF  : 7.11.91.182    2048 Bytes  23.07.2013 19:15:50
VBASE011.VDF  : 7.11.91.183    2048 Bytes  23.07.2013 19:15:50
VBASE012.VDF  : 7.11.91.184    2048 Bytes  23.07.2013 19:15:50
VBASE013.VDF  : 7.11.92.32    156160 Bytes  24.07.2013 19:15:50
VBASE014.VDF  : 7.11.92.147  168960 Bytes  25.07.2013 19:15:50
VBASE015.VDF  : 7.11.93.93    419328 Bytes  28.07.2013 21:08:07
VBASE016.VDF  : 7.11.93.170  1403392 Bytes  29.07.2013 21:08:26
VBASE017.VDF  : 7.11.94.31    222208 Bytes  31.07.2013 02:44:29
VBASE018.VDF  : 7.11.94.141  273408 Bytes  03.08.2013 19:17:38
VBASE019.VDF  : 7.11.94.203  200192 Bytes  04.08.2013 19:17:38
VBASE020.VDF  : 7.11.95.8    1925632 Bytes  05.08.2013 19:17:40
VBASE021.VDF  : 7.11.95.81    203776 Bytes  06.08.2013 21:15:03
VBASE022.VDF  : 7.11.95.175  148480 Bytes  07.08.2013 18:11:05
VBASE023.VDF  : 7.11.95.248  1224192 Bytes  09.08.2013 18:10:58
VBASE024.VDF  : 7.11.96.43    861184 Bytes  10.08.2013 22:24:28
VBASE025.VDF  : 7.11.97.50  1084416 Bytes  19.08.2013 17:54:50
VBASE026.VDF  : 7.11.97.51      2048 Bytes  19.08.2013 17:54:50
VBASE027.VDF  : 7.11.97.52      2048 Bytes  19.08.2013 17:54:50
VBASE028.VDF  : 7.11.97.53      2048 Bytes  19.08.2013 17:54:50
VBASE029.VDF  : 7.11.97.54      2048 Bytes  19.08.2013 17:54:50
VBASE030.VDF  : 7.11.97.55      2048 Bytes  19.08.2013 17:54:50
VBASE031.VDF  : 7.11.97.78    127488 Bytes  19.08.2013 18:04:59
Engineversion  : 8.2.12.106
AEVDF.DLL      : 8.1.3.4      102774 Bytes  16.06.2013 18:57:26
AESCRIPT.DLL  : 8.1.4.142    512382 Bytes  17.08.2013 22:24:37
AESCN.DLL      : 8.1.10.4      131446 Bytes  26.03.2013 18:42:18
AESBX.DLL      : 8.2.16.22    1241464 Bytes  17.08.2013 22:24:37
AERDL.DLL      : 8.2.0.128    688504 Bytes  16.06.2013 18:57:26
AEPACK.DLL    : 8.3.2.24      749945 Bytes  20.06.2013 21:23:21
AEOFFICE.DLL  : 8.1.2.76      205181 Bytes  08.08.2013 18:11:22
AEHEUR.DLL    : 8.1.4.556    6115706 Bytes  17.08.2013 22:24:36
AEHELP.DLL    : 8.1.27.4      266617 Bytes  28.06.2013 01:13:32
AEGEN.DLL      : 8.1.7.12      442743 Bytes  08.08.2013 18:11:09
AEEXP.DLL      : 8.4.1.46      287095 Bytes  08.08.2013 18:11:26
AEEMU.DLL      : 8.1.3.2      393587 Bytes  10.07.2012 21:29:31
AECORE.DLL    : 8.1.31.6      201081 Bytes  28.06.2013 01:13:32
AEBB.DLL      : 8.1.1.4        53619 Bytes  06.11.2012 18:22:21
AVWINLL.DLL    : 13.6.0.1550    23608 Bytes  19.08.2013 18:04:54
AVPREF.DLL    : 13.6.0.1550    48184 Bytes  19.08.2013 18:05:23
AVREP.DLL      : 13.6.0.1550  175672 Bytes  19.08.2013 18:05:23
AVARKT.DLL    : 13.6.0.1626  258104 Bytes  19.08.2013 18:05:12
AVEVTLOG.DLL  : 13.6.0.1550  164920 Bytes  19.08.2013 18:05:14
SQLITE3.DLL    : 3.7.0.1      394824 Bytes  19.08.2013 18:06:22
AVSMTP.DLL    : 13.6.0.1550    59960 Bytes  19.08.2013 18:05:26
NETNT.DLL      : 13.6.0.1550    13368 Bytes  19.08.2013 18:06:09
RCIMAGE.DLL    : 13.4.0.360  4780832 Bytes  19.08.2013 18:04:55
RCTEXT.DLL    : 13.6.0.1624    67128 Bytes  19.08.2013 18:04:56

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_52126138\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: reparieren
Sekundäre Aktion......................: quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: vollständig

Beginn des Suchlaufs: Montag, 19. August 2013  21:13

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'a2service.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '151' Modul(e) wurden durchsucht
Durchsuche Prozess 'STacSV64.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'DockLogin.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '95' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLTRYSVC.EXE' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'bcmwltry.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'Ati2evxx.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'AESTSr64.exe' - '5' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'SeaPort.exe' - '70' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '145' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'quickset.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLTRAY.EXE' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehtray.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '110' Modul(e) wurden durchsucht
Durchsuche Prozess 'SSScheduler.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'DellDock.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'DataSafeOnline.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'PDVDDXSrv.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'ehmsas.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '161' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '34' Modul(e) wurden durchsucht
Durchsuche Prozess 'soffice.bin' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'conime.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'sprtsvc.exe' - '71' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '101' Modul(e) wurden durchsucht
Durchsuche Prozess 'mbam.exe' - '78' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_7_700_224.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_7_700_224.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunes.exe' - '150' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceHelper.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'distnoted.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'APSDaemon.exe' - '86' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\Users\BK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\64183e9c-4628790b'
    [0] Archivtyp: RSRC
    --> C:\Users\BK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\64183e9c-4628790b
        [1] Archivtyp: ZIP
      --> Archive.class
          [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.nsz.42
          [WARNUNG]  Infizierte Dateien in Archiven können nicht repariert werden
      --> Dtoa.class
          [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.nsz.22
          [WARNUNG]  Infizierte Dateien in Archiven können nicht repariert werden
      --> Gem.class
          [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.B.Gen
          [WARNUNG]  Infizierte Dateien in Archiven können nicht repariert werden
      --> Golopogos.class
          [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.nsz.19
          [WARNUNG]  Infizierte Dateien in Archiven können nicht repariert werden
      --> Intoma.class
          [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.nsz.32
          [WARNUNG]  Infizierte Dateien in Archiven können nicht repariert werden
      --> Keitering.class
          [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.nsz.47
          [WARNUNG]  Infizierte Dateien in Archiven können nicht repariert werden
      --> Kimsufif.class
          [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.A.4255
          [WARNUNG]  Infizierte Dateien in Archiven können nicht repariert werden
      --> Krabbe.class
          [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.nsz.39
          [WARNUNG]  Infizierte Dateien in Archiven können nicht repariert werden
      --> Naub.class
          [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.nsz.43
          [WARNUNG]  Infizierte Dateien in Archiven können nicht repariert werden
      --> Potk.class
          [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.nsz.41
          [WARNUNG]  Infizierte Dateien in Archiven können nicht repariert werden
      --> Ro.class
          [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.nsz.18
          [WARNUNG]  Infizierte Dateien in Archiven können nicht repariert werden
      --> Tanek.class
          [FUND]      Enthält Erkennungsmuster des Java-Virus JAVA/Lamar.nsz.17
          [WARNUNG]  Infizierte Dateien in Archiven können nicht repariert werden
      --> Pirna.class
          [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.A.4251
          [WARNUNG]  Infizierte Dateien in Archiven können nicht repariert werden
C:\Users\BK\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28\64183e9c-4628790b
  [FUND]      Enthält Erkennungsmuster des Exploits EXP/CVE-2012-1723.A.4251
  [HINWEIS]  Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5767fb7c.qua' verschoben!


Ende des Suchlaufs: Montag, 19. August 2013  21:15
Benötigte Zeit: 01:40 Minute(n)

Der Suchlauf wurde vollständig durchgeführt.

      0 Verzeichnisse wurden überprüft
  1854 Dateien wurden geprüft
    14 Viren bzw. unerwünschte Programme wurden gefunden
      0 Dateien wurden als verdächtig eingestuft
      0 Dateien wurden gelöscht
      0 Viren bzw. unerwünschte Programme wurden repariert
      1 Dateien wurden in die Quarantäne verschoben
      0 Dateien wurden umbenannt
      0 Dateien konnten nicht durchsucht werden
  1840 Dateien ohne Befall
      4 Archive wurden durchsucht
    13 Warnungen
      1 Hinweise
Und hier von Malwarebytes:

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.08.18.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
BK :: BK-PC [Administrator]

21.08.2013 00:22:23
mbam-log-2013-08-21 (00-22-23).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 424591
Laufzeit: 1 Stunde(n), 42 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 1
C:\Users\BK\AppData\Roaming\BabSolution\Shared\NTRedirect.dll (PUP.Optional.Babylon.A) -> Löschen bei Neustart.

Infizierte Registrierungsschlüssel: 2
HKCR\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9} (PUP.Optional.Smart) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534} (PUP.Optional.Smart) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 6
C:\Users\BK\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8} (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart.
C:\Users\BK\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Löschen bei Neustart.
C:\Users\BK\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Löschen bei Neustart.

Infizierte Dateien: 35
C:\Users\BK\AppData\Roaming\BabSolution\Shared\NTRedirect.dll (PUP.Optional.Babylon.A) -> Löschen bei Neustart.
C:\Users\BK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JHBW6UU\LyricsGet_1060-1054_v122[1].exe (PUP.Optional.LyricsAd) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\BK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JHBW6UU\MinibarChrome[1].exe (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\BK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DLS3UQL\IminentMinibarIE[1].exe (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\BK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DLS3UQL\iminent[1].msi (PUP.Optional.Iminent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\BK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PL6XBR87\IminentSetup[1].exe (PUP.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\BK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PL6XBR87\MinibarFirefox[1].exe (PUP.Optional.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\BK\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PL6XBR87\MixiSmart[1].exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\BK\AppData\Local\Temp\1_Offer_3.exe (PUP.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\BK\AppData\Local\Temp\DownloadManager.exe (PUP.Optional.Smart) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\BK\AppData\Local\Temp\setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\BK\AppData\Local\Temp\91DB7F11-BAB0-7891-9751-237AB23DF53A\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\BK\AppData\Local\Temp\91DB7F11-BAB0-7891-9751-237AB23DF53A\Latest\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\BK\AppData\Local\Temp\91DB7F11-BAB0-7891-9751-237AB23DF53A\Latest\NTRedirect.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\BK\AppData\Local\Temp\91DB7F11-BAB0-7891-9751-237AB23DF53A\Latest\Setup.exe (PUP.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\BK\AppData\Local\Temp\~nsu.tmp\Au_.exe (PUP.Optional.LyricsAd) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\BK\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bl (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.dll (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.settings (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\dm (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\uninstall.exe (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\00 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\01 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\02 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\03 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\10 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\11 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\12 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\13 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\20 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\21 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\22 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart.
C:\ProgramData\BrowserDefender\2.6.1562.220\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\traking_settings\23 (PUP.Optional.BrowserDefender.A) -> Löschen bei Neustart.

(Ende)
FRST mach ich jetzt.

HIer die FRST.txt


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-08-2013 02
Ran by BK (administrator) on 22-08-2013 20:24:28
Running from C:\Users\BK\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Dell Inc.) C:\WINDOWS\System32\WLTRAY.EXE
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
(Dropbox, Inc.) C:\Users\BK\AppData\Roaming\Dropbox\bin\Dropbox.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1657128 2008-11-25] (Synaptics, Inc.)
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\QuickSet.exe [2041112 2008-09-26] (Dell Inc.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [462848 2009-03-19] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [4119552 2008-12-21] (Dell Inc.)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKCR\...409d6c4515e9\InprocServer32: [Default-shell32]  ATTENTION! ====> ZeroAccess?
HKLM-x32\...\Run: [emsisoft anti-malware] - C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe [2928040 2013-08-18] (Emsisoft GmbH)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [250192 2009-04-24] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1762032 2009-04-09] ()
HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-23] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-19] (Avira Operations GmbH & Co. KG)
AppInit_DLLs:    [0 ] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\BK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\BK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dfitrbruvdigcsdwlpv.lnk
Startup: C:\Users\BK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\BK\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\BK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=DLCDF7&pc=MDDC&src=IE-SearchBox
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\BK\AppData\Roaming\Mozilla\Firefox\Profiles\q8fa2qmt.default
FF user.js: detected! => C:\Users\BK\AppData\Roaming\Mozilla\Firefox\Profiles\q8fa2qmt.default\user.js
FF NewTab: hxxp://www.google.com/firefox
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/firefox
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF SearchPlugin: C:\Users\BK\AppData\Roaming\Mozilla\Firefox\Profiles\q8fa2qmt.default\searchplugins\mixidj.xml
FF Extension: LyricsGet - C:\Users\BK\AppData\Roaming\Mozilla\Firefox\Profiles\q8fa2qmt.default\Extensions\128
FF Extension: Bitdefender QuickScan - C:\Users\BK\AppData\Roaming\Mozilla\Firefox\Profiles\q8fa2qmt.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] C:\Users\BK\AppData\Roaming\11016
FF Extension: Java Link Helper - C:\Users\BK\AppData\Roaming\11016

Chrome:
=======
CHR Extension: (MixiDj Chrome Toolbar) - C:\Users\BORISK~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpepfkjapeclaafmhoelccknpfedainn\1.0

==================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2938408 2013-08-18] (Emsisoft GmbH)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-19] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-19] (Avira Operations GmbH & Co. KG)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 wltrysvc; C:\Windows\System32\WLTRYSVC.EXE [32768 2008-12-21] ()

==================== Drivers (Whitelisted) ====================

S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-04-30] (Emsisoft GmbH)
S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-04-30] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-08-18] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-08-18] (Emsisoft GmbH)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [29288 2010-12-24] (Wondershare)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-08-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-19] (Avira Operations GmbH & Co. KG)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57032 2013-08-18] (Emsisoft GmbH)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57032 2013-08-18] (Emsisoft GmbH)
R3 OA008Ufd; C:\Windows\System32\DRIVERS\OA008Ufd.sys [159840 2009-03-06] (Creative Technology Ltd.)
R3 OA008Vid; C:\Windows\System32\DRIVERS\OA008Vid.sys [313696 2009-05-06] (Creative Technology Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-22 20:22 - 2013-08-22 20:22 - 01576476 _____ (Farbar) C:\Users\BK\Desktop\FRST64.exe
2013-08-22 20:14 - 2013-08-22 20:14 - 00029216 _____ C:\Users\BK\Desktop\AVSCAN-20130819-211258-6EF0211E.LOG
2013-08-22 19:12 - 2013-08-22 19:25 - 00002881 _____ C:\Users\BK\Desktop\sharedaccess.reg
2013-08-22 19:11 - 2013-08-22 19:11 - 00001098 _____ C:\Users\BK\Downloads\sharedaccess.zip
2013-08-22 19:05 - 2013-08-22 19:05 - 02828552 _____ (AVAST Software) C:\Users\BK\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-08-20 23:47 - 2013-08-20 23:55 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-08-20 23:45 - 2013-08-20 23:45 - 00000000 ____D C:\Users\BORISK~1\AppData\Local\avgchrome
2013-08-20 23:44 - 2013-08-20 23:44 - 00000000 ____D C:\ProgramData\Babylon
2013-08-20 23:43 - 2013-08-21 00:12 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-08-20 23:43 - 2013-08-20 23:43 - 00001142 _____ C:\Users\BK\Desktop\Continue Free Flac to MP3.lnk
2013-08-20 23:41 - 2013-08-20 23:41 - 00894600 _____ (CNET Download.com) C:\Users\BK\Downloads\cbsidlm-cbsi134-Free_Flac_to_MP3-ORG-75758784.exe
2013-08-19 20:23 - 2013-08-19 20:23 - 00000000 ____D C:\Users\BK\AppData\Roaming\Avira
2013-08-19 20:17 - 2013-08-19 20:17 - 00001903 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-19 20:17 - 2013-08-19 20:06 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-19 20:17 - 2013-08-19 20:06 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-19 20:17 - 2013-08-19 20:06 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-19 20:16 - 2013-08-19 20:17 - 00000000 ____D C:\ProgramData\Avira
2013-08-19 20:16 - 2013-08-19 20:16 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-18 12:08 - 2013-08-18 12:11 - 00000000 ____D C:\Windows\system32\MRT
2013-08-18 12:08 - 2013-08-18 12:08 - 02092792 _____ C:\Users\BK\Downloads\avira_free_antivirus(1).exe
2013-08-18 12:03 - 2013-07-25 05:54 - 17830400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-18 12:03 - 2013-07-25 05:37 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-18 12:03 - 2013-07-25 05:35 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-18 12:03 - 2013-07-25 05:31 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-18 12:03 - 2013-07-25 05:30 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-18 12:03 - 2013-07-25 05:29 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-18 12:03 - 2013-07-25 05:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-18 12:03 - 2013-07-25 05:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-18 12:03 - 2013-07-25 05:28 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-18 12:03 - 2013-07-25 05:28 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-18 12:03 - 2013-07-25 05:28 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-18 12:03 - 2013-07-25 05:28 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-18 12:03 - 2013-07-25 05:28 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-18 12:03 - 2013-07-25 05:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-18 12:03 - 2013-07-25 05:27 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-18 12:03 - 2013-07-25 05:26 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-18 12:03 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-18 12:03 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-18 12:03 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-18 12:03 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-18 12:03 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-18 12:03 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-08-18 12:03 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-18 12:03 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-18 12:03 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-18 12:03 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-18 12:03 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-18 12:03 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-08-18 12:03 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-08-18 12:03 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-18 12:03 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-18 12:03 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-18 11:52 - 2013-08-18 11:52 - 00000000 __SHD C:\found.000
2013-08-18 00:59 - 2013-08-18 00:59 - 00000165 _____ C:\ProgramData\dfitrbruvdigcsdwlpv.reg
2013-08-18 00:59 - 2013-08-18 00:59 - 00000070 _____ C:\ProgramData\dfitrbruvdigcsdwlpv.bat
2013-08-18 00:32 - 2013-07-17 22:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-18 00:32 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-18 00:32 - 2013-07-10 11:47 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-18 00:32 - 2013-07-10 11:42 - 01303552 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-18 00:32 - 2013-07-09 14:04 - 01585256 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-18 00:32 - 2013-07-09 14:04 - 01168088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-18 00:32 - 2013-07-08 06:51 - 04691904 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-18 00:32 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-18 00:32 - 2013-07-08 06:20 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-18 00:32 - 2013-07-08 06:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-18 00:32 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-18 00:32 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-18 00:32 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-18 00:32 - 2013-07-08 06:15 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-18 00:32 - 2013-07-08 06:15 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-18 00:32 - 2013-07-08 06:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-08-18 00:32 - 2013-07-08 06:12 - 01276416 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-18 00:32 - 2013-07-08 06:12 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-18 00:32 - 2013-07-08 06:12 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-18 00:32 - 2013-07-08 03:39 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-18 00:32 - 2013-07-08 03:39 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-18 00:32 - 2013-07-08 03:39 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-18 00:32 - 2013-07-05 06:45 - 01423808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-18 00:32 - 2013-06-15 15:27 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-18 00:32 - 2013-06-15 13:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-03 12:45 - 2013-08-03 12:45 - 00000000 ____D C:\ProgramData\Mozilla
2013-08-03 12:45 - 2013-08-03 12:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== One Month Modified Files and Folders =======

2013-08-22 20:24 - 2013-08-22 20:24 - 00000000 ____D C:\FRST
2013-08-22 20:22 - 2013-08-22 20:22 - 01576476 _____ (Farbar) C:\Users\BK\Desktop\FRST64.exe
2013-08-22 20:21 - 2006-11-02 17:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-22 20:21 - 2006-11-02 17:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-22 20:16 - 2012-10-10 22:56 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2013-08-22 20:14 - 2013-08-22 20:14 - 00029216 _____ C:\Users\BK\Desktop\AVSCAN-20130819-211258-6EF0211E.LOG
2013-08-22 19:58 - 2012-09-02 13:13 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-22 19:51 - 2012-08-09 22:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-22 19:31 - 2009-08-05 13:00 - 01700706 _____ C:\Windows\WindowsUpdate.log
2013-08-22 19:28 - 2012-04-01 22:12 - 00000000 ___RD C:\Users\BK\Dropbox
2013-08-22 19:28 - 2012-04-01 22:08 - 00000000 ____D C:\Users\BK\AppData\Roaming\Dropbox
2013-08-22 19:27 - 2012-09-02 13:13 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-22 19:26 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-22 19:25 - 2013-08-22 19:12 - 00002881 _____ C:\Users\BK\Desktop\sharedaccess.reg
2013-08-22 19:25 - 2006-11-02 17:42 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-22 19:11 - 2013-08-22 19:11 - 00001098 _____ C:\Users\BK\Downloads\sharedaccess.zip
2013-08-22 19:05 - 2013-08-22 19:05 - 02828552 _____ (AVAST Software) C:\Users\BK\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-08-22 00:59 - 2012-04-22 03:02 - 00003758 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CFAF3200-B0F5-4291-86E5-6952ABD96C3C}
2013-08-21 08:23 - 2012-08-25 02:15 - 00034466 _____ C:\Windows\PFRO.log
2013-08-21 00:26 - 2012-10-10 22:42 - 00000000 ____D C:\Users\BK\AppData\Roaming\QuickScan
2013-08-21 00:12 - 2013-08-20 23:43 - 00000000 ____D C:\Program Files (x86)\MyPC Backup
2013-08-21 00:12 - 2012-04-01 10:35 - 00000000 ___RD C:\Users\BK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-20 23:55 - 2013-08-20 23:47 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-08-20 23:54 - 2012-08-09 22:39 - 00003736 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-20 23:53 - 2012-04-01 17:30 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 23:53 - 2012-04-01 17:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-20 23:45 - 2013-08-20 23:45 - 00000000 ____D C:\Users\BORISK~1\AppData\Local\avgchrome
2013-08-20 23:45 - 2012-04-01 11:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-20 23:44 - 2013-08-20 23:44 - 00000000 ____D C:\ProgramData\Babylon
2013-08-20 23:43 - 2013-08-20 23:43 - 00001142 _____ C:\Users\BK\Desktop\Continue Free Flac to MP3.lnk
2013-08-20 23:41 - 2013-08-20 23:41 - 00894600 _____ (CNET Download.com) C:\Users\BK\Downloads\cbsidlm-cbsi134-Free_Flac_to_MP3-ORG-75758784.exe
2013-08-19 22:40 - 2008-01-21 13:10 - 01445546 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-19 22:40 - 2008-01-21 13:09 - 00628992 _____ C:\Windows\system32\perfh007.dat
2013-08-19 22:40 - 2008-01-21 13:09 - 00126704 _____ C:\Windows\system32\perfc007.dat
2013-08-19 20:23 - 2013-08-19 20:23 - 00000000 ____D C:\Users\BK\AppData\Roaming\Avira
2013-08-19 20:17 - 2013-08-19 20:17 - 00001903 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-19 20:17 - 2013-08-19 20:16 - 00000000 ____D C:\ProgramData\Avira
2013-08-19 20:16 - 2013-08-19 20:16 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-19 20:06 - 2013-08-19 20:17 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-19 20:06 - 2013-08-19 20:17 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-19 20:06 - 2013-08-19 20:17 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-18 17:01 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\rescache
2013-08-18 12:11 - 2013-08-18 12:08 - 00000000 ____D C:\Windows\system32\MRT
2013-08-18 12:08 - 2013-08-18 12:08 - 02092792 _____ C:\Users\BK\Downloads\avira_free_antivirus(1).exe
2013-08-18 12:07 - 2006-11-02 14:35 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-18 11:52 - 2013-08-18 11:52 - 00000000 __SHD C:\found.000
2013-08-18 00:59 - 2013-08-18 00:59 - 00000165 _____ C:\ProgramData\dfitrbruvdigcsdwlpv.reg
2013-08-18 00:59 - 2013-08-18 00:59 - 00000070 _____ C:\ProgramData\dfitrbruvdigcsdwlpv.bat
2013-08-18 00:50 - 2012-04-19 22:59 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-08-18 00:48 - 2012-04-19 22:59 - 00000000 ____D C:\ProgramData\Comodo
2013-08-06 23:50 - 2012-09-16 15:21 - 00006656 _____ C:\Users\BORISK~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-03 12:48 - 2012-04-03 00:08 - 00000000 ____D C:\Users\BORISK~1\AppData\Local\Adobe
2013-08-03 12:45 - 2013-08-03 12:45 - 00000000 ____D C:\ProgramData\Mozilla
2013-08-03 12:45 - 2013-08-03 12:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-03 05:05 - 2012-09-02 13:14 - 00002027 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-25 05:54 - 2013-08-18 12:03 - 17830400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-25 05:37 - 2013-08-18 12:03 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-25 05:35 - 2013-08-18 12:03 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-25 05:31 - 2013-08-18 12:03 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-25 05:30 - 2013-08-18 12:03 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-25 05:29 - 2013-08-18 12:03 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-25 05:29 - 2013-08-18 12:03 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-25 05:29 - 2013-08-18 12:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-25 05:28 - 2013-08-18 12:03 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-25 05:28 - 2013-08-18 12:03 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-25 05:28 - 2013-08-18 12:03 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-25 05:28 - 2013-08-18 12:03 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-25 05:28 - 2013-08-18 12:03 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-25 05:27 - 2013-08-18 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-25 05:27 - 2013-08-18 12:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-25 05:26 - 2013-08-18 12:03 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-25 04:40 - 2013-08-18 12:03 - 12334080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-25 04:32 - 2013-08-18 12:03 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-25 04:30 - 2013-08-18 12:03 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-25 04:26 - 2013-08-18 12:03 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-25 04:26 - 2013-08-18 12:03 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-25 04:25 - 2013-08-18 12:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-25 04:24 - 2013-08-18 12:03 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-25 04:24 - 2013-08-18 12:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-25 04:23 - 2013-08-18 12:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-25 04:23 - 2013-08-18 12:03 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-25 04:23 - 2013-08-18 12:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-25 04:23 - 2013-08-18 12:03 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-25 04:23 - 2013-08-18 12:03 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-25 04:22 - 2013-08-18 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-25 04:22 - 2013-08-18 12:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-25 04:22 - 2013-08-18 12:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-627939072-2950054468-2049668736-1000\$868f5a3cfc42a8ab921613f554dfd63b

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$868f5a3cfc42a8ab921613f554dfd63b

Files to move or delete:
====================
C:\ProgramData\0tbpw.pad
C:\ProgramData\dfitrbruvdigcsdwlpv.bat
C:\ProgramData\dfitrbruvdigcsdwlpv.reg
C:\ProgramData\H6Sq7Tt.bat
C:\ProgramData\H6Sq7Tt.pad
C:\ProgramData\H6Sq7Tt.reg

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-22 19:33

==================== End Of Log ============================
--- --- ---

--- --- ---


Und hier die Addition.txt

Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2013 02
Ran by BK at 2013-08-22 20:27:17
Running from C:\Users\BK\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

 
Adobe Flash Player 11 ActiveX (x32 Version: 11.8.800.94)
Adobe Flash Player 11 Plugin (x32 Version: 11.8.800.94)
Adobe Reader 9 - Deutsch (x32 Version: 9.0.0)
Advanced Audio FX Engine (x32 Version: 1.12.05)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
ATI Catalyst Control Center (x32 Version: 2.008.1114.2148)
Avira Free Antivirus (x32 Version: 13.0.0.3885)
Bonjour (Version: 3.0.0.10)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Core Implementation (x32 Version: 2008.1114.2149.39131)
Catalyst Control Center Graphics Full Existing (x32 Version: 2008.1114.2149.39131)
Catalyst Control Center Graphics Full New (x32 Version: 2008.1114.2149.39131)
Catalyst Control Center Graphics Light (x32 Version: 2008.1114.2149.39131)
Catalyst Control Center Graphics Previews Common (x32 Version: 2008.1114.2149.39131)
Catalyst Control Center Graphics Previews Vista (x32 Version: 2008.1114.2149.39131)
Catalyst Control Center InstallProxy (x32 Version: 2008.1114.2149.39131)
Catalyst Control Center Localization Chinese Standard (x32 Version: 2008.1114.2149.39131)
Catalyst Control Center Localization Chinese Traditional (x32 Version: 2008.1114.2149.39131)
Catalyst Control Center Localization Danish (x32 Version: 2008.1114.2149.39131)
Catalyst Control Center Localization Dutch (x32 Version: 2008.1114.2149.39131)
Catalyst Control Center Localization Finnish (x32 Version: 2008.1114.2149.39131)
Catalyst Control Center Localization French (x32 Version: 2008.1114.2149.39131)
Catalyst Control Center Localization German (x32 Version: 2008.1114.2149.39131)
Catalyst Control Center Localization Italian (x32 Version: 2008.1114.2149.39131)
Catalyst Control Center Localization Japanese (x32 Version: 2008.1114.2149.39131)
Catalyst Control Center Localization Korean (x32 Version: 2008.1114.2149.39131)
Catalyst Control Center Localization Norwegian (x32 Version: 2008.1114.2149.39131)
Catalyst Control Center Localization Portuguese (x32 Version: 2008.1114.2149.39131)
Catalyst Control Center Localization Russian (x32 Version: 2008.1114.2149.39131)
Catalyst Control Center Localization Spanish (x32 Version: 2008.1114.2149.39131)
Catalyst Control Center Localization Swedish (x32 Version: 2008.1114.2149.39131)
CCC Help Chinese Standard (x32 Version: 2008.1114.2148.39131)
CCC Help Chinese Traditional (x32 Version: 2008.1114.2148.39131)
CCC Help Danish (x32 Version: 2008.1114.2148.39131)
CCC Help Dutch (x32 Version: 2008.1114.2148.39131)
CCC Help English (x32 Version: 2008.1114.2148.39131)
CCC Help Finnish (x32 Version: 2008.1114.2148.39131)
CCC Help French (x32 Version: 2008.1114.2148.39131)
CCC Help German (x32 Version: 2008.1114.2148.39131)
CCC Help Italian (x32 Version: 2008.1114.2148.39131)
CCC Help Japanese (x32 Version: 2008.1114.2148.39131)
CCC Help Korean (x32 Version: 2008.1114.2148.39131)
CCC Help Norwegian (x32 Version: 2008.1114.2148.39131)
CCC Help Portuguese (x32 Version: 2008.1114.2148.39131)
CCC Help Russian (x32 Version: 2008.1114.2148.39131)
CCC Help Spanish (x32 Version: 2008.1114.2148.39131)
CCC Help Swedish (x32 Version: 2008.1114.2148.39131)
ccc-core-static (x32 Version: 2008.1114.2149.39131)
ccc-utility64 (Version: 2008.1114.2149.39131)
CCleaner (Version: 3.21)
Choice Guard (x32 Version: 1.2.87.0)
Cisco EAP-FAST Module (x32 Version: 2.1.6)
Cisco LEAP Module (x32 Version: 1.0.12)
Cisco PEAP Module (x32 Version: 1.0.13)
Compatibility Pack für 2007 Office System (x32 Version: 12.0.4518.1014)
Dell DataSafe Online (x32 Version: 1.1.0027)
Dell Dock (Version: 1.0.0)
Dell Edoc Viewer (Version: 1.0.0)
Dell Getting Started Guide (x32 Version: 1.00.0000)
Dell Support Center (Support Software) (x32 Version: 2.5.09100)
Dell Touchpad (Version: 12.0.1.0)
Dell Video Chat (x32 Version: 6.0 (6567))
Dell Webcam Central (x32 Version: 1.03.04)
Dropbox (HKCU Version: 2.0.22)
Duke Nukem 3D (x32 Version: 2.0.0.84)
Emsisoft Anti-Malware (x32 Version: 7.0)
Google Chrome (x32 Version: 28.0.1500.95)
Google Update Helper (x32 Version: 1.3.21.153)
Hex-Editor MX (x32 Version: 6.0)
iCloud (Version: 1.1.0.40)
Integrated Webcam Driver (1.04.01.0601)  (Version: 1.04.01.0601)
iTunes (Version: 11.0.4.4)
Java Auto Updater (x32 Version: 2.0.7.1)
Java(TM) 6 Update 13 (64-bit) (Version: 6.0.130)
Java(TM) 6 Update 31 (x32 Version: 6.0.310)
Junk Mail filter update (x32 Version: 14.0.8050.1202)
l Wireless WLAN Card Utility (Version: 5.10.38.30)
Live! Cam Avatar Creator (x32 Version: 4.6.2919.1)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
McAfee Security Scan Plus (x32 Version: 3.0.318.3)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Default Manager (x32 Version: 2.0.69.0)
Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.4518.1014)
Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office PowerPoint Viewer 2007 (German) (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.4518.1014)
Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Suite Activation Assistant (x32 Version: 2.9)
Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Search Enhancement Pack (x32 Version: 1.2.121.0)
Microsoft Silverlight (x32 Version: 2.0.31005.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (x32 Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (x32 Version: 1.0.1215.0)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.58299)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft Works (x32 Version: 9.7.0621)
Mozilla Firefox 22.0 (x86 de) (x32 Version: 22.0)
Mozilla Maintenance Service (x32 Version: 22.0)
MSVCRT (x32 Version: 14.0.1468.721)
OpenOffice.org 3.3 (x32 Version: 3.3.9567)
PowerDVD (x32 Version: 8.1)
Quickset (Version: 9.2.13)
Roxio Creator Audio (x32 Version: 3.7.0)
Roxio Creator Copy (x32 Version: 3.7.0)
Roxio Creator Data (x32 Version: 3.7.0)
Roxio Creator DE (x32 Version: 10.1)
Roxio Creator DE (x32 Version: 3.7.0)
Roxio Creator Tools (x32 Version: 3.7.0)
Roxio Express Labeler 3 (x32 Version: 3.2.1)
Roxio Update Manager (x32 Version: 6.0.0)
Skins (x32 Version: 2008.1114.2149.39131)
Skype™ 6.1 (x32 Version: 6.1.129)
Speed-Link SL-6535 USB Pad (x32 Version: 1.00.0000)
Spotify (HKCU Version: 0.8.4.124.ga3559d86)
Ultima 4 - Quest of the Avatar (x32)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
WAV To MP3 V2 (x32)
Windows Live Anmelde-Assistent (x32 Version: 5.000.817.1)
Windows Live Call (x32 Version: 14.0.8050.1202)
Windows Live Communications Platform (x32 Version: 14.0.8050.1202)
Windows Live Essentials (x32 Version: 14.0.8050.1202)
Windows Live Fotogalerie (x32 Version: 14.0.8051.1204)
Windows Live Mail (x32 Version: 14.0.8050.1202)
Windows Live Messenger (x32 Version: 14.0.8050.1202)
Windows Live Sync (x32 Version: 14.0.8050.1202)
Windows Live Toolbar (x32 Version: 14.0.8052.1208)
Windows Live Writer (x32 Version: 14.0.8050.1202)
Windows Live-Uploadtool (x32 Version: 14.0.8014.1029)
WinRAR 4.11 (64-Bit) (Version: 4.11.0)
Worlds of Ultima - The Savage Empire (x32)

==================== Restore Points  =========================

28-07-2013 23:26:49 Geplanter Prüfpunkt
04-08-2013 23:40:58 Geplanter Prüfpunkt
09-08-2013 00:51:49 Geplanter Prüfpunkt
09-08-2013 18:38:32 Geplanter Prüfpunkt
17-08-2013 22:49:10 Removed GeekBuddy.
18-08-2013 10:01:55 Windows Update
19-08-2013 22:15:45 Avira DE-Cleaner - 20.08.2013 00:15
21-08-2013 00:54:21 Geplanter Prüfpunkt
22-08-2013 01:42:09 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2006-11-02 14:34 - 2006-09-18 23:37 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1      localhost
::1            localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {2DE7684B-FA7A-4B3E-964B-21F0743BFB03} - System32\Tasks\User_Feed_Synchronization-{CFAF3200-B0F5-4291-86E5-6952ABD96C3C} => C:\Windows\system32\msfeedssync.exe [2012-04-21] (Microsoft Corporation)
Task: {2E5509C3-3C78-41E9-B4CE-C4C320C8853F} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\schtasks.exe [2008-01-21] (Microsoft Corporation)
Task: {476B90B5-F762-4BCA-90B6-FDB17957F184} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-08-20] (Adobe Systems Incorporated)
Task: {4A14917C-2003-43C9-9319-822B8376A3DD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-02] (Google Inc.)
Task: {4E946E6C-49EC-4FD9-8F58-EB5AF1752C5D} - System32\Tasks\Microsoft\Windows\PLA\System\ConvertLogEntries => C:\Windows\system32\rundll32.exe [2006-11-02] (Microsoft Corporation)
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {8AC3418B-4FAD-41CB-A94F-92A79038ECA2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-09-02] (Google Inc.)
Task: {96A924C4-BFA8-4093-BF41-357E34ACCE97} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-07-24] (Piriform Ltd)
Task: {A9683382-0125-42BE-A29E-E39819CD3AF7} - System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program\OptinNotification => C:\Windows\System32\wsqmcons.exe [2008-01-21] (Microsoft Corporation)
Task: {BD628A6A-F771-4F40-9805-ADA205B78812} - System32\Tasks\Launch BCM WLAN Tray => C:\Windows\system32\WLTRAY.EXE [2008-12-21] (Dell Inc.)
Task: {D7299801-E8FE-4538-AA44-0AF775CB8689} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => c:\program files\windows defender\MpCmdRun.exe [2008-01-21] (Microsoft Corporation)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/22/2013 07:27:33 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2013 07:14:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2013 07:07:57 PM) (Source: Application Error) (User: )
Description: Fehlerhafte Anwendung firefox.exe, Version 22.0.0.4917, Zeitstempel 0x51c06b1b, fehlerhaftes Modul xul.dll, Version 22.0.0.4917, Zeitstempel 0x51c06a5b, Ausnahmecode 0xc0000005, Fehleroffset 0x00173668,
Prozess-ID 0x10d4, Anwendungsstartzeit firefox.exe0.

Error: (08/22/2013 07:03:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/22/2013 08:14:45 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (08/22/2013 00:15:51 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2013 08:30:02 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (08/21/2013 08:25:35 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2013 00:09:38 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/21/2013 00:05:34 AM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}


System errors:
=============
Error: (08/22/2013 07:27:35 PM) (Source: Service Control Manager) (User: )
Description: IPsec-Richtlinien-AgentBFE

Error: (08/22/2013 07:27:35 PM) (Source: Service Control Manager) (User: )
Description: IKE- und AuthIP IPsec-SchlüsselerstellungsmoduleBFE

Error: (08/22/2013 07:27:35 PM) (Source: Service Control Manager) (User: )
Description: Computerbrowser%%1060

Error: (08/22/2013 07:25:29 PM) (Source: Service Control Manager) (User: )
Description: Computerbrowser%%1060

Error: (08/22/2013 07:25:28 PM) (Source: Service Control Manager) (User: )
Description: Computerbrowser%%1060

Error: (08/22/2013 07:14:49 PM) (Source: Service Control Manager) (User: )
Description: IPsec-Richtlinien-AgentBFE

Error: (08/22/2013 07:14:49 PM) (Source: Service Control Manager) (User: )
Description: IKE- und AuthIP IPsec-SchlüsselerstellungsmoduleBFE

Error: (08/22/2013 07:14:49 PM) (Source: Service Control Manager) (User: )
Description: Computerbrowser%%1060

Error: (08/22/2013 07:12:40 PM) (Source: Service Control Manager) (User: )
Description: Computerbrowser%%1060

Error: (08/22/2013 07:03:02 PM) (Source: Service Control Manager) (User: )
Description: IPsec-Richtlinien-AgentBFE


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-08-21 01:30:26.765
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\WINDOWS\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-21 01:30:26.313
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\WINDOWS\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-21 01:30:25.860
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\WINDOWS\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-21 01:30:25.408
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\WINDOWS\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-21 01:30:24.955
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\WINDOWS\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-21 01:30:24.503
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\WINDOWS\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_0fbe86f737e6a8d6\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-21 01:30:23.941
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\WINDOWS\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-21 01:30:23.489
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\WINDOWS\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-21 01:30:23.021
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\WINDOWS\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2013-08-21 01:30:22.584
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\WINDOWS\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_0fabe61737f42f96\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 60%
Total physical RAM: 4059.94 MB
Available physical RAM: 1622.31 MB
Total Pagefile: 8349.17 MB
Available Pagefile: 5558.38 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:132.24 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.53 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: DEFC2293)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=283 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Danke!

cosinus 22.08.2013 19:44
Zitat:
ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-627939072-2950054468-2049668736-1000\$868f5a3cfc42a8ab921613f554dfd63b

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$868f5a3cfc42a8ab921613f554dfd63b
Lesestoff:
Rootkit-Warnung
Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
  • Entscheide bitte ganz bewußt, ob du mit der Bereinigung fortfahren möchtest. Ein einmal derartig kompromittiertes System kann man niemals mit 100%iger Sicherheit wieder absichern. Auch wenn wir gute Chancen haben, deinen Computer zu bereinigen, kann es dennoch möglich sein, dass uns am Ende nur die Neuinstallation bleibt.

  • Wenn du mit diesem Computer beispielsweise Onlinebanking machst, dann solltest du zumindest dein Passwort von deiner Bank ändern lassen, wenn du ein ansonsten sicheres Verfahren wie beispielsweise "chip-TAN-comfort" nutzt. Hast du noch alte TAN-Bögen auf Papierbasis? Dann ist es höchste Zeit dich bei deiner Bank zu melden und notfalls das Konto temporär sperren zu lassen. Der Sperrnotruf 116 116 von www.sperr-notruf.de kann Tag und Nacht dafür benutzt werden.

  • Hast du ansonsten sensible Daten auf deinem Computer, dann solltest du auch darüber nachdenken, wie du damit umgehst, da sie sich praktisch "jeder" ansehen konnte.
Teile mir also mit, wie du dich entschieden hast.

Boris.K 22.08.2013 20:03
Hi,

ich würde gerne die Bereinigung versuchen.

cosinus 22.08.2013 20:20
Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Boris.K 22.08.2013 21:17
Hier das Logfile:
(ich konnte übrigens Avira nicht deaktivieren, auch nicht über den TAskmanager und die Registerkarte "Prozesse")

Code:
ComboFix 13-08-22.01 - BK 22.08.2013  21:51:59.1.2 - x64
Microsoft® Windows Vista™ Home Premium  6.0.6002.2.1252.49.1031.18.4060.1616 [GMT 2:00]
ausgeführt von:: c:\users\BK\Downloads\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: COMODO Firewall *Disabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: COMODO Defense+ *Disabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\0tbpw.pad
c:\programdata\H6Sq7Tt.bat
c:\programdata\H6Sq7Tt.pad
c:\users\BK\AppData\Roaming\AcroIEHelpe.txt
c:\users\BK\AppData\Roaming\Microsoft\~DFK977dc9.tmp
c:\users\BK\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\BK\AppData\Roaming\Microsoft\bass.dll
c:\users\BK\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\BK\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\BK\AppData\Roaming\Microsoft\peaadje.dll
c:\users\BK\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\BK\AppData\Roaming\Microsoft\rsaadjd.dll
c:\users\BK\AppData\Roaming\srvblck5.tmp
c:\windows\IsUn0407.exe
D:\AUTORUN.INF
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-07-22 bis 2013-08-22  ))))))))))))))))))))))))))))))
.
.
2013-08-22 18:24 . 2013-08-22 18:24        --------        d-----w-        C:\FRST
2013-08-20 21:45 . 2013-08-20 21:45        --------        d-----w-        c:\users\BK\AppData\Local\avgchrome
2013-08-20 21:44 . 2013-08-20 21:44        --------        d-----w-        c:\programdata\Babylon
2013-08-20 21:43 . 2013-08-20 22:12        --------        d-----w-        c:\program files (x86)\MyPC Backup
2013-08-19 18:23 . 2013-08-19 18:23        --------        d-----w-        c:\users\BK\AppData\Roaming\Avira
2013-08-19 18:17 . 2013-08-19 18:06        28600        ----a-w-        c:\windows\system32\drivers\avkmgr.sys
2013-08-19 18:17 . 2013-08-19 18:06        130016        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2013-08-19 18:17 . 2013-08-19 18:06        100712        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2013-08-19 18:16 . 2013-08-19 18:17        --------        d-----w-        c:\programdata\Avira
2013-08-19 18:16 . 2013-08-19 18:16        --------        d-----w-        c:\program files (x86)\Avira
2013-08-18 10:08 . 2013-08-18 10:11        --------        d-----w-        c:\windows\system32\MRT
2013-08-18 09:52 . 2013-08-18 09:52        --------        d-----w-        C:\found.000
2013-08-17 22:59 . 2013-08-17 22:59        70        ----a-w-        c:\programdata\dfitrbruvdigcsdwlpv.bat
2013-08-17 22:59 . 2013-08-17 22:59        165        ----a-w-        c:\programdata\dfitrbruvdigcsdwlpv.reg
2013-08-03 10:45 . 2013-08-03 10:45        --------        d-----w-        c:\program files (x86)\Mozilla Maintenance Service
2013-08-03 10:45 . 2013-08-03 10:45        74136        ----a-w-        c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2013-08-03 10:45 . 2013-08-03 10:45        263576        ----a-w-        c:\program files (x86)\Mozilla Firefox\browser\components\browsercomps.dll
2013-08-03 10:45 . 2013-08-03 10:45        421200        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2013-08-03 10:45 . 2013-08-03 10:45        193824        ----a-w-        c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2013-08-03 10:45 . 2013-08-03 10:45        117144        ----a-w-        c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2013-08-03 10:45 . 2013-08-03 10:45        770384        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2013-08-03 10:45 . 2013-08-03 10:45        92056        ----a-w-        c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-08-03 10:45 . 2013-08-03 10:45        26520        ----a-w-        c:\program files (x86)\Mozilla Firefox\plugin-hang-ui.exe
2013-08-03 10:45 . 2013-08-03 10:45        170232        ----a-w-        c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-20 21:53 . 2012-04-01 15:30        692104        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-08-20 21:53 . 2012-04-01 15:30        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-08-18 10:07 . 2006-11-02 12:35        78161360        ----a-w-        c:\windows\system32\mrt.exe
2013-07-08 04:16 . 2013-08-17 22:32        43008        ----a-w-        c:\windows\apppatch\acwow64.dll
2013-06-04 02:03 . 2013-07-12 20:51        2775040        ----a-w-        c:\windows\system32\win32k.sys
2013-06-01 04:19 . 2013-07-12 20:52        619008        ----a-w-        c:\windows\system32\qedit.dll
2013-06-01 04:06 . 2013-07-12 20:52        505344        ----a-w-        c:\windows\SysWow64\qedit.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\BK\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\BK\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\BK\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"emsisoft anti-malware"="c:\program files (x86)\Emsisoft Anti-Malware\a2guard.exe" [2013-08-18 2928040]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-04-09 1762032]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-29 61440]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-08-19 345144]
.
c:\users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
.
c:\users\BK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-5-28 1320288]
Dropbox.lnk - c:\users\BK\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2009-5-28 1320288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R3 a2acc;a2acc;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys;c:\program files (x86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys;c:\program files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [x]
S2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe;c:\program files (x86)\Emsisoft Anti-Malware\a2service.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-08-03 02:59        1173456        ----a-w-        c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-08-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 21:54]
.
2013-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-02 11:13]
.
2013-08-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-02 11:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\BK\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\BK\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\BK\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\BK\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-11-25 1657128]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-21 4119552]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\BK\AppData\Roaming\Mozilla\Firefox\Profiles\q8fa2qmt.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF - user.js: extensions.mixidj.tlbrSrchUrl -
FF - user.js: extensions.mixidj.id - fa79c3e200000000000000265e39a1fb
FF - user.js: extensions.mixidj.appId - {A2773ED4-83BD-488A-A186-73590706C916}
FF - user.js: extensions.mixidj.instlDay - 15937
FF - user.js: extensions.mixidj.vrsn - 1.8.18.8
FF - user.js: extensions.mixidj.vrsni - 1.8.18.8
FF - user.js: extensions.mixidj.vrsnTs - 1.8.18.823:45
FF - user.js: extensions.mixidj.prtnrId - mixidj
FF - user.js: extensions.mixidj.prdct - mixidj
FF - user.js: extensions.mixidj.aflt - babsst
FF - user.js: extensions.mixidj.smplGrp - none
FF - user.js: extensions.mixidj.tlbrId - baseyh
FF - user.js: extensions.mixidj.instlRef - sst
FF - user.js: extensions.mixidj.dfltLng - de
FF - user.js: extensions.mixidj.excTlbr - false
FF - user.js: extensions.mixidj.ffxUnstlRst - false
FF - user.js: extensions.mixidj.admin - false
FF - user.js: extensions.mixidj.autoRvrt - false
FF - user.js: extensions.mixidj.rvrt - false
FF - user.js: extensions.mixidj.newTab - false
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
c:\users\BK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\dfitrbruvdigcsdwlpv.lnk - (no file)
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
SafeBoot-WudfPf
SafeBoot-WudfRd
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
  00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\users\BK\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\Dell Support Center\bin\sprtsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-08-22  22:10:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-08-22 20:10
.
Vor Suchlauf: 20 Verzeichnis(se), 142.326.349.824 Bytes frei
Nach Suchlauf: 25 Verzeichnis(se), 148.648.710.144 Bytes frei
.
- - End Of File - - 37F4D5674ED29A40B5988C69074E981F
CDB4DE4BBD714F152979DA2DCBEF57EB

cosinus 22.08.2013 21:35
Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Boris.K 22.08.2013 22:13
Logfile von MBAR:

Code:
Malwarebytes Anti-Rootkit BETA 1.06.1.1005
www.malwarebytes.org

Database version: v2013.08.22.08

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
Boris Kannowski :: BK-PC [administrator]

22.08.2013 22:51:44
mbar-log-2013-08-22 (22-51-44).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUM | P2P
Scan options disabled: PUP
Objects scanned: 274019
Time elapsed: 15 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

(end)

cosinus 22.08.2013 22:25
TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.

Boris.K 22.08.2013 22:35
TDSSKiller Logfile:

Code:
23:31:12.0301 3136  TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
23:31:12.0516 3136  ============================================================
23:31:12.0517 3136  Current date / time: 2013/08/22 23:31:12.0516
23:31:12.0517 3136  SystemInfo:
23:31:12.0517 3136 
23:31:12.0517 3136  OS Version: 6.0.6002 ServicePack: 2.0
23:31:12.0517 3136  Product type: Workstation
23:31:12.0517 3136  ComputerName: BK-PC
23:31:12.0517 3136  UserName: BK
23:31:12.0517 3136  Windows directory: C:\Windows
23:31:12.0517 3136  System windows directory: C:\Windows
23:31:12.0517 3136  Running under WOW64
23:31:12.0517 3136  Processor architecture: Intel x64
23:31:12.0517 3136  Number of processors: 2
23:31:12.0517 3136  Page size: 0x1000
23:31:12.0517 3136  Boot type: Normal boot
23:31:12.0517 3136  ============================================================
23:31:13.0721 3136  Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:31:13.0729 3136  ============================================================
23:31:13.0729 3136  \Device\Harddisk0\DR0:
23:31:13.0730 3136  MBR partitions:
23:31:13.0730 3136  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x139C5, BlocksNum 0x1D4C000
23:31:13.0730 3136  \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1D5F9C5, BlocksNum 0x236CE8EB
23:31:13.0730 3136  ============================================================
23:31:13.0774 3136  C: <-> \Device\Harddisk0\DR0\Partition2
23:31:13.0806 3136  D: <-> \Device\Harddisk0\DR0\Partition1
23:31:13.0806 3136  ============================================================
23:31:13.0806 3136  Initialize success
23:31:13.0806 3136  ============================================================
23:32:24.0275 3220  ============================================================
23:32:24.0275 3220  Scan started
23:32:24.0275 3220  Mode: Manual; SigCheck; TDLFS;
23:32:24.0275 3220  ============================================================
23:32:24.0729 3220  ================ Scan system memory ========================
23:32:24.0729 3220  System memory - ok
23:32:24.0730 3220  ================ Scan services =============================
23:32:24.0830 3220  [ 2D6434E957F7CFA0035C20890F77BBC6 ] a2acc          C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys
23:32:24.0990 3220  a2acc - ok
23:32:25.0126 3220  [ 4B9C5EEBEE862574CF794582104F0C91 ] a2AntiMalware  C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
23:32:25.0312 3220  a2AntiMalware - ok
23:32:25.0349 3220  [ D27A8B7BB0E15DFBFC6B4E774EE17AD9 ] A2DDA          C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys
23:32:25.0365 3220  A2DDA - ok
23:32:25.0502 3220  [ 1965AAFFAB07E3FB03C77F81BEBA3547 ] ACPI            C:\Windows\system32\drivers\acpi.sys
23:32:25.0531 3220  ACPI - ok
23:32:25.0636 3220  [ 476BB014F3F68C0C15EDDD5B444DA8FF ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
23:32:25.0664 3220  AdobeFlashPlayerUpdateSvc - ok
23:32:25.0725 3220  [ F14215E37CF124104575073F782111D2 ] adp94xx        C:\Windows\system32\drivers\adp94xx.sys
23:32:25.0768 3220  adp94xx - ok
23:32:25.0821 3220  [ 7D05A75E3066861A6610F7EE04FF085C ] adpahci        C:\Windows\system32\drivers\adpahci.sys
23:32:25.0857 3220  adpahci - ok
23:32:25.0874 3220  [ 820A201FE08A0C345B3BEDBC30E1A77C ] adpu160m        C:\Windows\system32\drivers\adpu160m.sys
23:32:25.0899 3220  adpu160m - ok
23:32:25.0924 3220  [ 9B4AB6854559DC168FBB4C24FC52E794 ] adpu320        C:\Windows\system32\drivers\adpu320.sys
23:32:25.0950 3220  adpu320 - ok
23:32:25.0995 3220  [ 0F421175574BFE0BF2F4D8E910A253BB ] AeLookupSvc    C:\Windows\System32\aelupsvc.dll
23:32:26.0182 3220  AeLookupSvc - ok
23:32:26.0324 3220  [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters    C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
23:32:26.0387 3220  AESTFilters - ok
23:32:26.0465 3220  [ C4F6CE6087760AD70960C9EB130E7943 ] AFD            C:\Windows\system32\drivers\afd.sys
23:32:26.0563 3220  AFD - ok
23:32:26.0602 3220  [ F6F6793B7F17B550ECFDBD3B229173F7 ] agp440          C:\Windows\system32\drivers\agp440.sys
23:32:26.0626 3220  agp440 - ok
23:32:26.0671 3220  [ 222CB641B4B8A1D1126F8033F9FD6A00 ] aic78xx        C:\Windows\system32\drivers\djsvs.sys
23:32:26.0696 3220  aic78xx - ok
23:32:26.0726 3220  [ 5922F4F59B7868F3D74BBBBEB7B825A3 ] ALG            C:\Windows\System32\alg.exe
23:32:26.0925 3220  ALG - ok
23:32:26.0963 3220  [ 9544C2C55541C0C6BFD7B489D0E7D430 ] aliide          C:\Windows\system32\drivers\aliide.sys
23:32:26.0986 3220  aliide - ok
23:32:27.0011 3220  [ 970FA5059E61E30D25307B99903E991E ] amdide          C:\Windows\system32\drivers\amdide.sys
23:32:27.0033 3220  amdide - ok
23:32:27.0052 3220  [ CDC3632A3A5EA4DBB83E46076A3165A1 ] AmdK8          C:\Windows\system32\drivers\amdk8.sys
23:32:27.0111 3220  AmdK8 - ok
23:32:27.0176 3220  [ FE9932692FC61C2203EC9884D414F700 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
23:32:27.0193 3220  AntiVirSchedulerService - ok
23:32:27.0209 3220  [ B1F8B58F27971B7E316DD316687886EC ] AntiVirService  C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
23:32:27.0231 3220  AntiVirService - ok
23:32:27.0267 3220  [ 53DDEA96AA407C3E2BCEF68A44E31A59 ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
23:32:27.0314 3220  AntiVirWebService - ok
23:32:27.0393 3220  [ AD12F5C7251BB8D575D560894E73CBBA ] Apowersoft_AudioDevice C:\Windows\system32\drivers\Apowersoft_AudioDevice.sys
23:32:27.0414 3220  Apowersoft_AudioDevice - ok
23:32:27.0471 3220  [ 9C37B3FD5615477CB9A0CD116CF43F5C ] Appinfo        C:\Windows\System32\appinfo.dll
23:32:27.0534 3220  Appinfo - ok
23:32:27.0612 3220  [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:32:27.0636 3220  Apple Mobile Device - ok
23:32:27.0704 3220  [ BA8417D4765F3988FF921F30F630E303 ] arc            C:\Windows\system32\drivers\arc.sys
23:32:27.0728 3220  arc - ok
23:32:27.0778 3220  [ 9D41C435619733B34CC16A511E644B11 ] arcsas          C:\Windows\system32\drivers\arcsas.sys
23:32:27.0804 3220  arcsas - ok
23:32:27.0844 3220  [ 22D13FF3DAFEC2A80634752B1EAA2DE6 ] AsyncMac        C:\Windows\system32\DRIVERS\asyncmac.sys
23:32:27.0929 3220  AsyncMac - ok
23:32:27.0978 3220  [ E68D9B3A3905619732F7FE039466A623 ] atapi          C:\Windows\system32\drivers\atapi.sys
23:32:28.0002 3220  atapi - ok
23:32:28.0063 3220  [ 00DACE1D9A0DA60215022C6B1FAC1673 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe
23:32:28.0227 3220  Ati External Event Utility - ok
23:32:28.0400 3220  [ CEF278088637401F07A0064B0B900A32 ] atikmdag        C:\Windows\system32\DRIVERS\atikmdag.sys
23:32:29.0048 3220  atikmdag - ok
23:32:29.0148 3220  [ 79318C744693EC983D20E9337A2F8196 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:32:29.0229 3220  AudioEndpointBuilder - ok
23:32:29.0270 3220  [ 79318C744693EC983D20E9337A2F8196 ] AudioSrv        C:\Windows\System32\Audiosrv.dll
23:32:29.0361 3220  AudioSrv - ok
23:32:29.0408 3220  [ 09E6069EF94B345061B4BD3CEBD974C8 ] avgntflt        C:\Windows\system32\DRIVERS\avgntflt.sys
23:32:29.0433 3220  avgntflt - ok
23:32:29.0455 3220  [ 488486DAD09A5B6C6DBB8B990A8B2307 ] avipbb          C:\Windows\system32\DRIVERS\avipbb.sys
23:32:29.0478 3220  avipbb - ok
23:32:29.0494 3220  [ 490FA25161BF3E51993EB724ECF0ACEB ] avkmgr          C:\Windows\system32\DRIVERS\avkmgr.sys
23:32:29.0514 3220  avkmgr - ok
23:32:29.0557 3220  [ A7C9995BA861FCE78B2CEAAE61D39FD7 ] BCM42RLY        C:\Windows\system32\drivers\BCM42RLY.sys
23:32:29.0576 3220  BCM42RLY - ok
23:32:29.0657 3220  [ 912012B708A7D8E8CE2EE55AFB663DFF ] BCM43XX        C:\Windows\system32\DRIVERS\bcmwl664.sys
23:32:29.0776 3220  BCM43XX - ok
23:32:29.0823 3220  Beep - ok
23:32:29.0872 3220  [ FFB96C2589FFA60473EAD78B39FBDE29 ] BFE            C:\Windows\System32\bfe.dll
23:32:29.0971 3220  BFE - ok
23:32:30.0078 3220  [ 6D316F4859634071CC25C4FD4589AD2C ] BITS            C:\Windows\system32\qmgr.dll
23:32:30.0209 3220  BITS - ok
23:32:30.0249 3220  [ 79FEEB40056683F8F61398D81DDA65D2 ] blbdrive        C:\Windows\system32\drivers\blbdrive.sys
23:32:30.0326 3220  blbdrive - ok
23:32:30.0400 3220  [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:32:30.0432 3220  Bonjour Service - ok
23:32:30.0461 3220  [ 2348447A80920B2493A9B582A23E81E1 ] bowser          C:\Windows\system32\DRIVERS\bowser.sys
23:32:30.0511 3220  bowser - ok
23:32:30.0537 3220  [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo        C:\Windows\system32\drivers\brfiltlo.sys
23:32:30.0582 3220  BrFiltLo - ok
23:32:30.0601 3220  [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp        C:\Windows\system32\drivers\brfiltup.sys
23:32:30.0659 3220  BrFiltUp - ok
23:32:30.0700 3220  [ A1B39DE453433B115B4EA69EE0343816 ] Browser        C:\Windows\System32\browser.dll
23:32:30.0780 3220  Browser - ok
23:32:30.0816 3220  [ F0F0BA4D815BE446AA6A4583CA3BCA9B ] Brserid        C:\Windows\system32\drivers\brserid.sys
23:32:31.0057 3220  Brserid - ok
23:32:31.0089 3220  [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm        C:\Windows\system32\drivers\brserwdm.sys
23:32:31.0195 3220  BrSerWdm - ok
23:32:31.0209 3220  [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm        C:\Windows\system32\drivers\brusbmdm.sys
23:32:31.0289 3220  BrUsbMdm - ok
23:32:31.0311 3220  [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer        C:\Windows\system32\drivers\brusbser.sys
23:32:31.0379 3220  BrUsbSer - ok
23:32:31.0413 3220  [ E0777B34E05F8A82A21856EFC900C29F ] BTHMODEM        C:\Windows\system32\drivers\bthmodem.sys
23:32:31.0481 3220  BTHMODEM - ok
23:32:31.0514 3220  catchme - ok
23:32:31.0527 3220  [ B4D787DB8D30793A4D4DF9FEED18F136 ] cdfs            C:\Windows\system32\DRIVERS\cdfs.sys
23:32:31.0585 3220  cdfs - ok
23:32:31.0647 3220  [ C025AA69BE3D0D25C7A2E746EF6F94FC ] cdrom          C:\Windows\system32\DRIVERS\cdrom.sys
23:32:31.0691 3220  cdrom - ok
23:32:31.0734 3220  [ 5A268127633C7EE2A7FB87F39D748D56 ] CertPropSvc    C:\Windows\System32\certprop.dll
23:32:31.0787 3220  CertPropSvc - ok
23:32:31.0807 3220  [ 02EA568D498BBDD4BA55BF3FCE34D456 ] circlass        C:\Windows\system32\drivers\circlass.sys
23:32:31.0853 3220  circlass - ok
23:32:31.0910 3220  [ 3C6A8D415FF38AFEB03A6206213D9D96 ] cleanhlp        C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys
23:32:31.0927 3220  cleanhlp - ok
23:32:31.0980 3220  [ 3DCA9A18B204939CFB24BEA53E31EB48 ] CLFS            C:\Windows\system32\CLFS.sys
23:32:32.0019 3220  CLFS - ok
23:32:32.0104 3220  [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:32:32.0127 3220  clr_optimization_v2.0.50727_32 - ok
23:32:32.0182 3220  [ CE07A466201096F021CD09D631B21540 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:32:32.0204 3220  clr_optimization_v2.0.50727_64 - ok
23:32:32.0276 3220  [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:32:32.0301 3220  clr_optimization_v4.0.30319_32 - ok
23:32:32.0342 3220  [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:32:32.0363 3220  clr_optimization_v4.0.30319_64 - ok
23:32:32.0392 3220  [ B52D9A14CE4101577900A364BA86F3DF ] CmBatt          C:\Windows\system32\DRIVERS\CmBatt.sys
23:32:32.0492 3220  CmBatt - ok
23:32:32.0516 3220  [ E5D5499A1C50A54B5161296B6AFE6192 ] cmdide          C:\Windows\system32\drivers\cmdide.sys
23:32:32.0537 3220  cmdide - ok
23:32:32.0581 3220  [ 7FB8AD01DB0EABE60C8A861531A8F431 ] Compbatt        C:\Windows\system32\DRIVERS\compbatt.sys
23:32:32.0605 3220  Compbatt - ok
23:32:32.0613 3220  COMSysApp - ok
23:32:32.0624 3220  [ A8585B6412253803CE8EFCBD6D6DC15C ] crcdisk        C:\Windows\system32\drivers\crcdisk.sys
23:32:32.0647 3220  crcdisk - ok
23:32:32.0698 3220  [ 5AAC48EAF8EACF247DB44FB61B900D89 ] CryptSvc        C:\Windows\system32\cryptsvc.dll
23:32:32.0747 3220  CryptSvc - ok
23:32:32.0777 3220  [ 0D260D60FC1302E482850BB8F432D8D5 ] CtClsFlt        C:\Windows\system32\DRIVERS\CtClsFlt.sys
23:32:32.0820 3220  CtClsFlt - ok
23:32:32.0884 3220  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] DcomLaunch      C:\Windows\system32\rpcss.dll
23:32:32.0992 3220  DcomLaunch - ok
23:32:33.0023 3220  [ 8B722BA35205C71E7951CDC4CDBADE19 ] DfsC            C:\Windows\system32\Drivers\dfsc.sys
23:32:33.0062 3220  DfsC - ok
23:32:33.0186 3220  [ C647F468F7DE343DF8C143655C5557D4 ] DFSR            C:\Windows\system32\DFSR.exe
23:32:33.0406 3220  DFSR - ok
23:32:33.0467 3220  [ 3ED0321127CE70ACDAABBF77E157C2A7 ] Dhcp            C:\Windows\System32\dhcpcsvc.dll
23:32:33.0533 3220  Dhcp - ok
23:32:33.0563 3220  [ B0107E40ECDB5FA692EBF832F295D905 ] disk            C:\Windows\system32\drivers\disk.sys
23:32:33.0591 3220  disk - ok
23:32:33.0651 3220  [ 06230F1B721494A6DF8D47FD395BB1B0 ] Dnscache        C:\Windows\System32\dnsrslvr.dll
23:32:33.0705 3220  Dnscache - ok
23:32:33.0770 3220  [ 0840ABBBDF438691EE65A20040635CBE ] DockLoginService C:\Program Files\Dell\DellDock\DockLogin.exe
23:32:33.0790 3220  DockLoginService ( UnsignedFile.Multi.Generic ) - warning
23:32:33.0790 3220  DockLoginService - detected UnsignedFile.Multi.Generic (1)
23:32:33.0837 3220  [ 1A7156DD1E850E9914E5E991E3225B94 ] dot3svc        C:\Windows\System32\dot3svc.dll
23:32:33.0898 3220  dot3svc - ok
23:32:33.0945 3220  [ 1583B39790DB3EAEC7EDB0CB0140C708 ] DPS            C:\Windows\system32\dps.dll
23:32:34.0007 3220  DPS - ok
23:32:34.0069 3220  [ F1A78A98CFC2EE02144C6BEC945447E6 ] drmkaud        C:\Windows\system32\drivers\drmkaud.sys
23:32:34.0128 3220  drmkaud - ok
23:32:34.0179 3220  [ F3932288EEECD776FF1F9F653AD878F3 ] DXGKrnl        C:\Windows\System32\drivers\dxgkrnl.sys
23:32:34.0251 3220  DXGKrnl - ok
23:32:34.0292 3220  [ 17D40652EF3E55EEAE187A89DF40965A ] e1express      C:\Windows\system32\DRIVERS\e1e6032e.sys
23:32:34.0377 3220  e1express - ok
23:32:34.0410 3220  [ 264CEE7B031A9D6C827F3D0CB031F2FE ] E1G60          C:\Windows\system32\DRIVERS\E1G6032E.sys
23:32:34.0483 3220  E1G60 - ok
23:32:34.0522 3220  [ C2303883FD9BE49DC36A6400643002EA ] EapHost        C:\Windows\System32\eapsvc.dll
23:32:34.0587 3220  EapHost - ok
23:32:34.0653 3220  [ 5F94962BE5A62DB6E447FF6470C4F48A ] Ecache          C:\Windows\system32\drivers\ecache.sys
23:32:34.0684 3220  Ecache - ok
23:32:34.0749 3220  [ 14CE384D2E27B64C256BDA4DC39C312D ] ehRecvr        C:\Windows\ehome\ehRecvr.exe
23:32:34.0814 3220  ehRecvr - ok
23:32:34.0851 3220  [ B93159C1313D66FDFBBE876F5189CD52 ] ehSched        C:\Windows\ehome\ehsched.exe
23:32:34.0886 3220  ehSched - ok
23:32:34.0900 3220  [ F5EE2527D74449868E3C3227A59BCD28 ] ehstart        C:\Windows\ehome\ehstart.dll
23:32:34.0961 3220  ehstart - ok
23:32:35.0005 3220  [ C4636D6E10469404AB5308D9FD45ED07 ] elxstor        C:\Windows\system32\drivers\elxstor.sys
23:32:35.0041 3220  elxstor - ok
23:32:35.0097 3220  [ A9B18B63A4FD6BAAB83326706D857FAB ] EMDMgmt        C:\Windows\system32\emdmgmt.dll
23:32:35.0209 3220  EMDMgmt - ok
23:32:35.0235 3220  [ 991FAB6AA066E1214EFB5B496FB7959A ] ErrDev          C:\Windows\system32\drivers\errdev.sys
23:32:35.0282 3220  ErrDev - ok
23:32:35.0344 3220  [ E12F22B73F153DECE721CD45EC05B4AF ] EventSystem    C:\Windows\system32\es.dll
23:32:35.0439 3220  EventSystem - ok
23:32:35.0478 3220  [ 486844F47B6636044A42454614ED4523 ] exfat          C:\Windows\system32\drivers\exfat.sys
23:32:35.0548 3220  exfat - ok
23:32:35.0595 3220  [ 1A4BEE34277784619DDAF0422C0C6E23 ] fastfat        C:\Windows\system32\drivers\fastfat.sys
23:32:35.0660 3220  fastfat - ok
23:32:35.0679 3220  [ 81B79B6DF71FA1D2C6D688D830616E39 ] fdc            C:\Windows\system32\DRIVERS\fdc.sys
23:32:35.0737 3220  fdc - ok
23:32:35.0767 3220  [ BB9267ACACD8B7533DD936C34A0CBA5E ] fdPHost        C:\Windows\system32\fdPHost.dll
23:32:35.0836 3220  fdPHost - ok
23:32:35.0854 3220  [ 300C80931EABBE1DB7591C516EFE8D0F ] FDResPub        C:\Windows\system32\fdrespub.dll
23:32:35.0961 3220  FDResPub - ok
23:32:35.0978 3220  [ 457B7D1D533E4BD62A99AED9C7BB4C59 ] FileInfo        C:\Windows\system32\drivers\fileinfo.sys
23:32:36.0004 3220  FileInfo - ok
23:32:36.0019 3220  [ D421327FD6EFCCAF884A54C58E1B0D7F ] Filetrace      C:\Windows\system32\drivers\filetrace.sys
23:32:36.0082 3220  Filetrace - ok
23:32:36.0106 3220  [ 230923EA2B80F79B0F88D90F87B87EBD ] flpydisk        C:\Windows\system32\DRIVERS\flpydisk.sys
23:32:36.0163 3220  flpydisk - ok
23:32:36.0214 3220  [ E3041BC26D6930D61F42AEDB79C91720 ] FltMgr          C:\Windows\system32\drivers\fltmgr.sys
23:32:36.0250 3220  FltMgr - ok
23:32:36.0327 3220  [ F20A97F51C104DD0A163251325460747 ] FontCache      C:\Windows\system32\FntCache.dll
23:32:36.0453 3220  FontCache - ok
23:32:36.0532 3220  [ BC5B0BE5AF3510B0FD8C140EE42C6D3E ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:32:36.0552 3220  FontCache3.0.0.0 - ok
23:32:36.0577 3220  [ 5779B86CD8B32519FBECB136394D946A ] Fs_Rec          C:\Windows\system32\drivers\Fs_Rec.sys
23:32:36.0629 3220  Fs_Rec - ok
23:32:36.0659 3220  [ C8E416668D3DC2BE3D4FE4C79224997F ] gagp30kx        C:\Windows\system32\drivers\gagp30kx.sys
23:32:36.0683 3220  gagp30kx - ok
23:32:36.0734 3220  [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM    C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:32:36.0753 3220  GEARAspiWDM - ok
23:32:36.0820 3220  [ A0E1B575BA8F504968CD40C0FAEB2384 ] gpsvc          C:\Windows\System32\gpsvc.dll
23:32:36.0893 3220  gpsvc - ok
23:32:36.0946 3220  [ F02A533F517EB38333CB12A9E8963773 ] gupdate        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:32:36.0968 3220  gupdate - ok
23:32:36.0980 3220  [ F02A533F517EB38333CB12A9E8963773 ] gupdatem        C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:32:37.0000 3220  gupdatem - ok
23:32:37.0052 3220  [ 68E732382B32417FF61FD663259B4B09 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:32:37.0107 3220  HdAudAddService - ok
23:32:37.0167 3220  [ F942C5820205F2FB453243EDFEC82A3D ] HDAudBus        C:\Windows\system32\DRIVERS\HDAudBus.sys
23:32:37.0294 3220  HDAudBus - ok
23:32:37.0334 3220  [ B4881C84A180E75B8C25DC1D726C375F ] HidBth          C:\Windows\system32\drivers\hidbth.sys
23:32:37.0438 3220  HidBth - ok
23:32:37.0461 3220  [ 4E77A77E2C986E8F88F996BB3E1AD829 ] HidIr          C:\Windows\system32\drivers\hidir.sys
23:32:37.0566 3220  HidIr - ok
23:32:37.0617 3220  [ 59361D38A297755D46A540E450202B2A ] hidserv        C:\Windows\System32\hidserv.dll
23:32:37.0695 3220  hidserv - ok
23:32:37.0736 3220  [ 443BDD2D30BB4F00795C797E2CF99EDF ] HidUsb          C:\Windows\system32\DRIVERS\hidusb.sys
23:32:37.0792 3220  HidUsb - ok
23:32:37.0816 3220  [ B12F367EA39C0795FD57E31242CE1A5A ] hkmsvc          C:\Windows\system32\kmsvc.dll
23:32:37.0878 3220  hkmsvc - ok
23:32:37.0918 3220  [ D7109A1E6BD2DFDBCBA72A6BC626A13B ] HpCISSs        C:\Windows\system32\drivers\hpcisss.sys
23:32:37.0942 3220  HpCISSs - ok
23:32:37.0996 3220  [ 098F1E4E5C9CB5B0063A959063631610 ] HTTP            C:\Windows\system32\drivers\HTTP.sys
23:32:38.0093 3220  HTTP - ok
23:32:38.0112 3220  [ DA94C854CEA5FAC549D4E1F6E88349E8 ] i2omp          C:\Windows\system32\drivers\i2omp.sys
23:32:38.0126 3220  i2omp - ok
23:32:38.0159 3220  [ CBB597659A2713CE0C9CC20C88C7591F ] i8042prt        C:\Windows\system32\DRIVERS\i8042prt.sys
23:32:38.0213 3220  i8042prt - ok
23:32:38.0240 3220  [ 3E3BF3627D886736D0B4E90054F929F6 ] iaStorV        C:\Windows\system32\drivers\iastorv.sys
23:32:38.0259 3220  iaStorV - ok
23:32:38.0345 3220  [ 749F5F8CEDCA70F2A512945325FC489D ] idsvc          C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:32:38.0394 3220  idsvc - ok
23:32:38.0433 3220  [ 8C3951AD2FE886EF76C7B5027C3125D3 ] iirsp          C:\Windows\system32\drivers\iirsp.sys
23:32:38.0449 3220  iirsp - ok
23:32:38.0521 3220  [ 0C9EA6E654E7B0471741E343A6C671AF ] IKEEXT          C:\Windows\System32\ikeext.dll
23:32:38.0603 3220  IKEEXT - ok
23:32:38.0646 3220  [ DF797A12176F11B2D301C5B234BB200E ] intelide        C:\Windows\system32\drivers\intelide.sys
23:32:38.0669 3220  intelide - ok
23:32:38.0685 3220  [ BFD84AF32FA1BAD6231C4585CB469630 ] intelppm        C:\Windows\system32\DRIVERS\intelppm.sys
23:32:38.0760 3220  intelppm - ok
23:32:38.0780 3220  [ 5624BC1BC5EEB49C0AB76A8114F05EA3 ] IPBusEnum      C:\Windows\system32\ipbusenum.dll
23:32:38.0851 3220  IPBusEnum - ok
23:32:38.0912 3220  [ D8AABC341311E4780D6FCE8C73C0AD81 ] IpFilterDriver  C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:32:38.0974 3220  IpFilterDriver - ok
23:32:39.0024 3220  [ BF0DBFA9792C5C14FA00F61C75116C1B ] iphlpsvc        C:\Windows\System32\iphlpsvc.dll
23:32:39.0087 3220  iphlpsvc - ok
23:32:39.0094 3220  IpInIp - ok
23:32:39.0120 3220  [ 9C2EE2E6E5A7203BFAE15C299475EC67 ] IPMIDRV        C:\Windows\system32\drivers\ipmidrv.sys
23:32:39.0188 3220  IPMIDRV - ok
23:32:39.0212 3220  [ B7E6212F581EA5F6AB0C3A6CEEEB89BE ] IPNAT          C:\Windows\system32\DRIVERS\ipnat.sys
23:32:39.0298 3220  IPNAT - ok
23:32:39.0355 3220  [ 0FF335D687C85097725A53458160E81E ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
23:32:39.0408 3220  iPod Service - ok
23:32:39.0447 3220  [ 8C42CA155343A2F11D29FECA67FAA88D ] IRENUM          C:\Windows\system32\drivers\irenum.sys
23:32:39.0523 3220  IRENUM - ok
23:32:39.0563 3220  [ 0672BFCEDC6FC468A2B0500D81437F4F ] isapnp          C:\Windows\system32\drivers\isapnp.sys
23:32:39.0587 3220  isapnp - ok
23:32:39.0644 3220  [ E4FDF99599F27EC25D2CF6D754243520 ] iScsiPrt        C:\Windows\system32\DRIVERS\msiscsi.sys
23:32:39.0673 3220  iScsiPrt - ok
23:32:39.0705 3220  [ 63C766CDC609FF8206CB447A65ABBA4A ] iteatapi        C:\Windows\system32\drivers\iteatapi.sys
23:32:39.0726 3220  iteatapi - ok
23:32:39.0766 3220  [ 1281FE73B17664631D12F643CBEA3F59 ] iteraid        C:\Windows\system32\drivers\iteraid.sys
23:32:39.0788 3220  iteraid - ok
23:32:39.0826 3220  [ EB5C7891B9E6E4A1A4428F2160B12B53 ] k57nd60a        C:\Windows\system32\DRIVERS\k57nd60a.sys
23:32:39.0871 3220  k57nd60a - ok
23:32:39.0887 3220  [ 423696F3BA6472DD17699209B933BC26 ] kbdclass        C:\Windows\system32\DRIVERS\kbdclass.sys
23:32:39.0913 3220  kbdclass - ok
23:32:39.0943 3220  [ BF8783A5066CFECF45095459E8010FA7 ] kbdhid          C:\Windows\system32\DRIVERS\kbdhid.sys
23:32:40.0014 3220  kbdhid - ok
23:32:40.0058 3220  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] KeyIso          C:\Windows\system32\lsass.exe
23:32:40.0124 3220  KeyIso - ok
23:32:40.0152 3220  [ 88956AD9FA510848AD176777A6C6C1F5 ] KSecDD          C:\Windows\system32\Drivers\ksecdd.sys
23:32:40.0207 3220  KSecDD - ok
23:32:40.0229 3220  [ 1D419CF43DB29396ECD7113D129D94EB ] ksthunk        C:\Windows\system32\drivers\ksthunk.sys
23:32:40.0306 3220  ksthunk - ok
23:32:40.0345 3220  [ 1FAF6926F3416D3DA05C5B265491BDAE ] KtmRm          C:\Windows\system32\msdtckrm.dll
23:32:40.0485 3220  KtmRm - ok
23:32:40.0546 3220  [ 50C7A3CB427E9BB5ED0708A669956AB5 ] LanmanServer    C:\Windows\System32\srvsvc.dll
23:32:40.0602 3220  LanmanServer - ok
23:32:40.0650 3220  [ CAF86FC1388BE1E470F1A7B43E348ADB ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:32:40.0707 3220  LanmanWorkstation - ok
23:32:40.0730 3220  [ 96ECE2659B6654C10A0C310AE3A6D02C ] lltdio          C:\Windows\system32\DRIVERS\lltdio.sys
23:32:40.0808 3220  lltdio - ok
23:32:40.0855 3220  [ 961CCBD0B1CCB5675D64976FAE37D092 ] lltdsvc        C:\Windows\System32\lltdsvc.dll
23:32:40.0937 3220  lltdsvc - ok
23:32:40.0964 3220  [ A47F8080CACC23C91FE823AD19AA5612 ] lmhosts        C:\Windows\System32\lmhsvc.dll
23:32:41.0036 3220  lmhosts - ok
23:32:41.0086 3220  [ ACBE1AF32D3123E330A07BFBC5EC4A9B ] LSI_FC          C:\Windows\system32\drivers\lsi_fc.sys
23:32:41.0116 3220  LSI_FC - ok
23:32:41.0138 3220  [ 799FFB2FC4729FA46D2157C0065B3525 ] LSI_SAS        C:\Windows\system32\drivers\lsi_sas.sys
23:32:41.0163 3220  LSI_SAS - ok
23:32:41.0201 3220  [ F445FF1DAAD8A226366BFAF42551226B ] LSI_SCSI        C:\Windows\system32\drivers\lsi_scsi.sys
23:32:41.0227 3220  LSI_SCSI - ok
23:32:41.0259 3220  [ 52F87B9CC8932C2A7375C3B2A9BE5E3E ] luafv          C:\Windows\system32\drivers\luafv.sys
23:32:41.0338 3220  luafv - ok
23:32:41.0364 3220  mbamswissarmy - ok
23:32:41.0430 3220  [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe
23:32:41.0456 3220  McComponentHostService - ok
23:32:41.0506 3220  [ 76A58DF02BD4EA29F189B82D0BEF17F8 ] Mcx2Svc        C:\Windows\system32\Mcx2Svc.dll
23:32:41.0531 3220  Mcx2Svc - ok
23:32:41.0568 3220  [ 5C5CD6AACED32FB26C3FB34B3DCF972F ] megasas        C:\Windows\system32\drivers\megasas.sys
23:32:41.0591 3220  megasas - ok
23:32:41.0642 3220  [ 859BC2436B076C77C159ED694ACFE8F8 ] MegaSR          C:\Windows\system32\drivers\megasr.sys
23:32:41.0680 3220  MegaSR - ok
23:32:41.0699 3220  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] MMCSS          C:\Windows\system32\mmcss.dll
23:32:41.0778 3220  MMCSS - ok
23:32:41.0799 3220  [ 59848D5CC74606F0EE7557983BB73C2E ] Modem          C:\Windows\system32\drivers\modem.sys
23:32:41.0859 3220  Modem - ok
23:32:41.0883 3220  [ C247CC2A57E0A0C8C6DCCF7807B3E9E5 ] monitor        C:\Windows\system32\DRIVERS\monitor.sys
23:32:41.0920 3220  monitor - ok
23:32:41.0928 3220  [ 9367304E5E412B120CF5F4EA14E4E4F1 ] mouclass        C:\Windows\system32\DRIVERS\mouclass.sys
23:32:41.0944 3220  mouclass - ok
23:32:41.0975 3220  [ C2C2BD5C5CE5AAF786DDD74B75D2AC69 ] mouhid          C:\Windows\system32\DRIVERS\mouhid.sys
23:32:42.0022 3220  mouhid - ok
23:32:42.0044 3220  [ 11BC9B1E8801B01F7F6ADB9EAD30019B ] MountMgr        C:\Windows\system32\drivers\mountmgr.sys
23:32:42.0061 3220  MountMgr - ok
23:32:42.0101 3220  [ 528A5C2570F468155A1B3CF0A2FF5EBD ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
23:32:42.0117 3220  MozillaMaintenance - ok
23:32:42.0140 3220  [ F8276EB8698142884498A528DFEA8478 ] mpio            C:\Windows\system32\drivers\mpio.sys
23:32:42.0156 3220  mpio - ok
23:32:42.0188 3220  [ C92B9ABDB65A5991E00C28F13491DBA2 ] mpsdrv          C:\Windows\system32\drivers\mpsdrv.sys
23:32:42.0247 3220  mpsdrv - ok
23:32:42.0329 3220  [ 897E3BAF68BA406A61682AE39C83900C ] MpsSvc          C:\Windows\system32\mpssvc.dll
23:32:42.0391 3220  MpsSvc - ok
23:32:42.0406 3220  [ 3C200630A89EF2C0864D515B7A75802E ] Mraid35x        C:\Windows\system32\drivers\mraid35x.sys
23:32:42.0423 3220  Mraid35x - ok
23:32:42.0458 3220  [ 7C1DE4AA96DC0C071611F9E7DE02A68D ] MRxDAV          C:\Windows\system32\drivers\mrxdav.sys
23:32:42.0495 3220  MRxDAV - ok
23:32:42.0525 3220  [ 1485811B320FF8C7EDAD1CAEBB1C6C2B ] mrxsmb          C:\Windows\system32\DRIVERS\mrxsmb.sys
23:32:42.0612 3220  mrxsmb - ok
23:32:42.0623 3220  [ 3B929A60C833FC615FD97FBA82BC7632 ] mrxsmb10        C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:32:42.0671 3220  mrxsmb10 - ok
23:32:42.0693 3220  [ C64AB3E1F53B4F5B5BB6D796B2D7BEC3 ] mrxsmb20        C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:32:42.0736 3220  mrxsmb20 - ok
23:32:42.0787 3220  [ AA459F2AB3AB603C357FF117CAE3D818 ] msahci          C:\Windows\system32\drivers\msahci.sys
23:32:42.0813 3220  msahci - ok
23:32:42.0849 3220  [ 264BBB4AAF312A485F0E44B65A6B7202 ] msdsm          C:\Windows\system32\drivers\msdsm.sys
23:32:42.0877 3220  msdsm - ok
23:32:42.0913 3220  [ 7EC02CE772F068ED0BEAFA3DA341A9BC ] MSDTC          C:\Windows\System32\msdtc.exe
23:32:43.0015 3220  MSDTC - ok
23:32:43.0049 3220  [ 704F59BFC4512D2BB0146AEC31B10A7C ] Msfs            C:\Windows\system32\drivers\Msfs.sys
23:32:43.0125 3220  Msfs - ok
23:32:43.0151 3220  [ 00EBC952961664780D43DCA157E79B27 ] msisadrv        C:\Windows\system32\drivers\msisadrv.sys
23:32:43.0175 3220  msisadrv - ok
23:32:43.0207 3220  [ 366B0C1F4478B519C181E37D43DCDA32 ] MSiSCSI        C:\Windows\system32\iscsiexe.dll
23:32:43.0289 3220  MSiSCSI - ok
23:32:43.0296 3220  msiserver - ok
23:32:43.0319 3220  [ 0EA73E498F53B96D83DBFCA074AD4CF8 ] MSKSSRV        C:\Windows\system32\drivers\MSKSSRV.sys
23:32:43.0398 3220  MSKSSRV - ok
23:32:43.0422 3220  [ 52E59B7E992A58E740AA63F57EDBAE8B ] MSPCLOCK        C:\Windows\system32\drivers\MSPCLOCK.sys
23:32:43.0499 3220  MSPCLOCK - ok
23:32:43.0531 3220  [ 49084A75BAE043AE02D5B44D02991BB2 ] MSPQM          C:\Windows\system32\drivers\MSPQM.sys
23:32:43.0601 3220  MSPQM - ok
23:32:43.0654 3220  [ DC6CCF440CDEDE4293DB41C37A5060A5 ] MsRPC          C:\Windows\system32\drivers\MsRPC.sys
23:32:43.0689 3220  MsRPC - ok
23:32:43.0711 3220  [ 855796E59DF77EA93AF46F20155BF55B ] mssmbios        C:\Windows\system32\DRIVERS\mssmbios.sys
23:32:43.0734 3220  mssmbios - ok
23:32:43.0756 3220  [ 86D632D75D05D5B7C7C043FA3564AE86 ] MSTEE          C:\Windows\system32\drivers\MSTEE.sys
23:32:43.0834 3220  MSTEE - ok
23:32:43.0862 3220  [ 0CC49F78D8ACA0877D885F149084E543 ] Mup            C:\Windows\system32\Drivers\mup.sys
23:32:43.0891 3220  Mup - ok
23:32:43.0947 3220  [ A5B10C845E7538C60C0F5D87A57CB3F5 ] napagent        C:\Windows\system32\qagentRT.dll
23:32:44.0038 3220  napagent - ok
23:32:44.0105 3220  [ 2007B826C4ACD94AE32232B41F0842B9 ] NativeWifiP    C:\Windows\system32\DRIVERS\nwifi.sys
23:32:44.0150 3220  NativeWifiP - ok
23:32:44.0214 3220  [ 65950E07329FCEE8E6516B17C8D0ABB6 ] NDIS            C:\Windows\system32\drivers\ndis.sys
23:32:44.0272 3220  NDIS - ok
23:32:44.0280 3220  [ 64DF698A425478E321981431AC171334 ] NdisTapi        C:\Windows\system32\DRIVERS\ndistapi.sys
23:32:44.0341 3220  NdisTapi - ok
23:32:44.0357 3220  [ 8BAA43196D7B5BB972C9A6B2BBF61A19 ] Ndisuio        C:\Windows\system32\DRIVERS\ndisuio.sys
23:32:44.0428 3220  Ndisuio - ok
23:32:44.0478 3220  [ F8158771905260982CE724076419EF19 ] NdisWan        C:\Windows\system32\DRIVERS\ndiswan.sys
23:32:44.0544 3220  NdisWan - ok
23:32:44.0565 3220  [ 9CB77ED7CB72850253E973A2D6AFDF49 ] NDProxy        C:\Windows\system32\drivers\NDProxy.sys
23:32:44.0623 3220  NDProxy - ok
23:32:44.0647 3220  [ A499294F5029A7862ADC115BDA7371CE ] NetBIOS        C:\Windows\system32\DRIVERS\netbios.sys
23:32:44.0726 3220  NetBIOS - ok
23:32:44.0780 3220  [ FC2C792EBDDC8E28DF939D6A92C83D61 ] netbt          C:\Windows\system32\DRIVERS\netbt.sys
23:32:44.0845 3220  netbt - ok
23:32:44.0872 3220  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] Netlogon        C:\Windows\system32\lsass.exe
23:32:44.0897 3220  Netlogon - ok
23:32:44.0942 3220  [ 9B63B29DEFC0F3115A559D2597BF5D75 ] Netman          C:\Windows\System32\netman.dll
23:32:45.0047 3220  Netman - ok
23:32:45.0077 3220  [ 7846D0136CC2B264926A73047BA7688A ] netprofm        C:\Windows\System32\netprofm.dll
23:32:45.0161 3220  netprofm - ok
23:32:45.0200 3220  [ 74751DDA198165947FD7454D83F49825 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:32:45.0222 3220  NetTcpPortSharing - ok
23:32:45.0255 3220  [ 4AC08BD6AF2DF42E0C3196D826C8AEA7 ] nfrd960        C:\Windows\system32\drivers\nfrd960.sys
23:32:45.0277 3220  nfrd960 - ok
23:32:45.0314 3220  [ F145BF4C4668E7E312069F81EF847CFC ] NlaSvc          C:\Windows\System32\nlasvc.dll
23:32:45.0395 3220  NlaSvc - ok
23:32:45.0441 3220  [ B298874F8E0EA93F06EC40AA8D146478 ] Npfs            C:\Windows\system32\drivers\Npfs.sys
23:32:45.0498 3220  Npfs - ok
23:32:45.0522 3220  [ ACB62BAA1C319B17752553DF3026EEEB ] nsi            C:\Windows\system32\nsisvc.dll
23:32:45.0593 3220  nsi - ok
23:32:45.0600 3220  [ 1523AF19EE8B030BA682F7A53537EAEB ] nsiproxy        C:\Windows\system32\drivers\nsiproxy.sys
23:32:45.0672 3220  nsiproxy - ok
23:32:45.0745 3220  [ 2ACCAA3C3C55370A32F17B3595E1A217 ] Ntfs            C:\Windows\system32\drivers\Ntfs.sys
23:32:45.0849 3220  Ntfs - ok
23:32:45.0867 3220  [ DD5D684975352B85B52E3FD5347C20CB ] Null            C:\Windows\system32\drivers\Null.sys
23:32:45.0941 3220  Null - ok
23:32:45.0962 3220  [ 2C040B7ADA5B06F6FACADAC8514AA034 ] nvraid          C:\Windows\system32\drivers\nvraid.sys
23:32:45.0987 3220  nvraid - ok
23:32:46.0012 3220  [ F7EA0FE82842D05EDA3EFDD376DBFDBA ] nvstor          C:\Windows\system32\drivers\nvstor.sys
23:32:46.0036 3220  nvstor - ok
23:32:46.0061 3220  [ 19067CA93075EF4823E3938A686F532F ] nv_agp          C:\Windows\system32\drivers\nv_agp.sys
23:32:46.0087 3220  nv_agp - ok
23:32:46.0095 3220  NwlnkFlt - ok
23:32:46.0101 3220  NwlnkFwd - ok
23:32:46.0152 3220  [ 404B0121AE1A75D9A63B6934EB07C258 ] OA008Ufd        C:\Windows\system32\DRIVERS\OA008Ufd.sys
23:32:46.0207 3220  OA008Ufd - ok
23:32:46.0234 3220  [ 126885007E8F601861165FC77C93F1BE ] OA008Vid        C:\Windows\system32\DRIVERS\OA008Vid.sys
23:32:46.0268 3220  OA008Vid - ok
23:32:46.0356 3220  [ 84DE1DD996B48B05ACE31AD015FA108A ] odserv          C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:32:46.0390 3220  odserv - ok
23:32:46.0461 3220  [ B5B1CE65AC15BBD11C0619E3EF7CFC28 ] ohci1394        C:\Windows\system32\DRIVERS\ohci1394.sys
23:32:46.0516 3220  ohci1394 - ok
23:32:46.0553 3220  [ 5A432A042DAE460ABE7199B758E8606C ] ose            C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:32:46.0575 3220  ose - ok
23:32:46.0646 3220  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2pimsvc        C:\Windows\system32\p2psvc.dll
23:32:46.0768 3220  p2pimsvc - ok
23:32:46.0806 3220  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] p2psvc          C:\Windows\system32\p2psvc.dll
23:32:46.0848 3220  p2psvc - ok
23:32:46.0901 3220  [ AECD57F94C887F58919F307C35498EA0 ] Parport        C:\Windows\system32\drivers\parport.sys
23:32:47.0008 3220  Parport - ok
23:32:47.0045 3220  [ B43751085E2ABE389DA466BC62A4B987 ] partmgr        C:\Windows\system32\drivers\partmgr.sys
23:32:47.0068 3220  partmgr - ok
23:32:47.0092 3220  [ 9AB157B374192FF276C1628FBDBA2B0E ] PcaSvc          C:\Windows\System32\pcasvc.dll
23:32:47.0145 3220  PcaSvc - ok
23:32:47.0183 3220  [ 47AB1E0FC9D0E12BB53BA246E3A0906D ] pci            C:\Windows\system32\drivers\pci.sys
23:32:47.0201 3220  pci - ok
23:32:47.0220 3220  [ 8D618C829034479985A9ED56106CC732 ] pciide          C:\Windows\system32\drivers\pciide.sys
23:32:47.0233 3220  pciide - ok
23:32:47.0284 3220  [ 037661F3D7C507C9993B7010CEEE6288 ] pcmcia          C:\Windows\system32\drivers\pcmcia.sys
23:32:47.0300 3220  pcmcia - ok
23:32:47.0342 3220  [ 58865916F53592A61549B04941BFD80D ] PEAUTH          C:\Windows\system32\drivers\peauth.sys
23:32:47.0452 3220  PEAUTH - ok
23:32:47.0546 3220  [ 0ED8727EA0172860F47258456C06CAEA ] PerfHost        C:\Windows\SysWow64\perfhost.exe
23:32:47.0601 3220  PerfHost - ok
23:32:47.0673 3220  [ E9E68C1A0F25CF4A7AC966EEA74EE89E ] pla            C:\Windows\system32\pla.dll
23:32:47.0780 3220  pla - ok
23:32:47.0824 3220  [ FE6B0F59215C9FD9F9D26539C58C8B82 ] PlugPlay        C:\Windows\system32\umpnpmgr.dll
23:32:47.0864 3220  PlugPlay - ok
23:32:47.0900 3220  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPAutoReg    C:\Windows\system32\p2psvc.dll
23:32:47.0935 3220  PNRPAutoReg - ok
23:32:47.0989 3220  [ 9AE31D2E1D15C10D91318E0EC149CEAC ] PNRPsvc        C:\Windows\system32\p2psvc.dll
23:32:48.0022 3220  PNRPsvc - ok
23:32:48.0083 3220  [ 89A5560671C2D8B4A4B51F3E1AA069D8 ] PolicyAgent    C:\Windows\System32\ipsecsvc.dll
23:32:48.0170 3220  PolicyAgent - ok
23:32:48.0219 3220  [ 23386E9952025F5F21C368971E2E7301 ] PptpMiniport    C:\Windows\system32\DRIVERS\raspptp.sys
23:32:48.0284 3220  PptpMiniport - ok
23:32:48.0320 3220  [ 5080E59ECEE0BC923F14018803AA7A01 ] Processor      C:\Windows\system32\drivers\processr.sys
23:32:48.0402 3220  Processor - ok
23:32:48.0451 3220  [ E058CE4FC2449D8BFA14739C83B7FF2A ] ProfSvc        C:\Windows\system32\profsvc.dll
23:32:48.0526 3220  ProfSvc - ok
23:32:48.0552 3220  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] ProtectedStorage C:\Windows\system32\lsass.exe
23:32:48.0579 3220  ProtectedStorage - ok
23:32:48.0628 3220  [ C5AB7F0809392D0DA027F4A2A81BFA31 ] PSched          C:\Windows\system32\DRIVERS\pacer.sys
23:32:48.0674 3220  PSched - ok
23:32:48.0728 3220  [ 46851BC18322DA70F3F2299A1007C479 ] PxHlpa64        C:\Windows\system32\Drivers\PxHlpa64.sys
23:32:48.0747 3220  PxHlpa64 - ok
23:32:48.0803 3220  [ 0B83F4E681062F3839BE2EC1D98FD94A ] ql2300          C:\Windows\system32\drivers\ql2300.sys
23:32:48.0910 3220  ql2300 - ok
23:32:48.0956 3220  [ E1C80F8D4D1E39EF9595809C1369BF2A ] ql40xx          C:\Windows\system32\drivers\ql40xx.sys
23:32:48.0980 3220  ql40xx - ok
23:32:49.0028 3220  [ 90574842C3DA781E279061A3EFF91F07 ] QWAVE          C:\Windows\system32\qwave.dll
23:32:49.0076 3220  QWAVE - ok
23:32:49.0097 3220  [ E8D76EDAB77EC9C634C27B8EAC33ADC5 ] QWAVEdrv        C:\Windows\system32\drivers\qwavedrv.sys
23:32:49.0123 3220  QWAVEdrv - ok
23:32:49.0279 3220  [ CEF278088637401F07A0064B0B900A32 ] R300            C:\Windows\system32\DRIVERS\atikmdag.sys
23:32:49.0542 3220  R300 - ok
23:32:49.0576 3220  [ 1013B3B663A56D3DDD784F581C1BD005 ] RasAcd          C:\Windows\system32\DRIVERS\rasacd.sys
23:32:49.0649 3220  RasAcd - ok
23:32:49.0686 3220  [ B2AE18F847D07F0044404DDF7CB04497 ] RasAuto        C:\Windows\System32\rasauto.dll
23:32:49.0748 3220  RasAuto - ok
23:32:49.0803 3220  [ AC7BC4D42A7E558718DFDEC599BBFC2C ] Rasl2tp        C:\Windows\system32\DRIVERS\rasl2tp.sys
23:32:49.0850 3220  Rasl2tp - ok
23:32:49.0873 3220  [ 3AD83E4046C43BE510DE681588ACB8AF ] RasMan          C:\Windows\System32\rasmans.dll
23:32:49.0941 3220  RasMan - ok
23:32:49.0985 3220  [ 4517FBF8B42524AFE4EDE1DE102AAE3E ] RasPppoe        C:\Windows\system32\DRIVERS\raspppoe.sys
23:32:50.0043 3220  RasPppoe - ok
23:32:50.0080 3220  [ C6A593B51F34C33E5474539544072527 ] RasSstp        C:\Windows\system32\DRIVERS\rassstp.sys
23:32:50.0108 3220  RasSstp - ok
23:32:50.0155 3220  [ 322DB5C6B55E8D8EE8D6F358B2AAABB1 ] rdbss          C:\Windows\system32\DRIVERS\rdbss.sys
23:32:50.0209 3220  rdbss - ok
23:32:50.0237 3220  [ 603900CC05F6BE65CCBF373800AF3716 ] RDPCDD          C:\Windows\system32\DRIVERS\RDPCDD.sys
23:32:50.0296 3220  RDPCDD - ok
23:32:50.0332 3220  [ C045D1FB111C28DF0D1BE8D4BDA22C06 ] rdpdr          C:\Windows\system32\drivers\rdpdr.sys
23:32:50.0400 3220  rdpdr - ok
23:32:50.0406 3220  [ CAB9421DAF3D97B33D0D055858E2C3AB ] RDPENCDD        C:\Windows\system32\drivers\rdpencdd.sys
23:32:50.0488 3220  RDPENCDD - ok
23:32:50.0521 3220  [ AE4BD9E1C33D351D8E607FC81F15160C ] RDPWD          C:\Windows\system32\drivers\RDPWD.sys
23:32:50.0613 3220  RDPWD - ok
23:32:50.0644 3220  [ C612B9557DA73F70D41F8A6FBC8E5344 ] RemoteAccess    C:\Windows\System32\mprdim.dll
23:32:50.0722 3220  RemoteAccess - ok
23:32:50.0766 3220  [ 44B9D8EC2F3EF3A0EFB00857AF70D861 ] RemoteRegistry  C:\Windows\system32\regsvc.dll
23:32:50.0829 3220  RemoteRegistry - ok
23:32:50.0863 3220  [ D13D70FAC45FC1DF69F88559B1F72F0A ] rimmptsk        C:\Windows\system32\DRIVERS\rimmpx64.sys
23:32:50.0918 3220  rimmptsk - ok
23:32:50.0934 3220  [ BB9EDC55B0B8CB4FCD713428820E0776 ] rimsptsk        C:\Windows\system32\DRIVERS\rimspx64.sys
23:32:50.0987 3220  rimsptsk - ok
23:32:51.0012 3220  [ 481C3FDEACAAE04B74C58288DBC91DF9 ] rismxdp        C:\Windows\system32\DRIVERS\rixdpx64.sys
23:32:51.0045 3220  rismxdp - ok
23:32:51.0071 3220  [ F46C457840D4B7A4DAAFEE739CE04102 ] RpcLocator      C:\Windows\system32\locator.exe
23:32:51.0112 3220  RpcLocator - ok
23:32:51.0152 3220  [ CF8B9A3A5E7DC57724A89D0C3E8CF9EF ] RpcSs          C:\Windows\system32\rpcss.dll
23:32:51.0213 3220  RpcSs - ok
23:32:51.0250 3220  [ 22A9CB08B1A6707C1550C6BF099AAE73 ] rspndr          C:\Windows\system32\DRIVERS\rspndr.sys
23:32:51.0311 3220  rspndr - ok
23:32:51.0320 3220  [ 260BF9C43EE12C6898A9F5AAB0FB0E5D ] SamSs          C:\Windows\system32\lsass.exe
23:32:51.0345 3220  SamSs - ok
23:32:51.0381 3220  [ CD9C693589C60AD59BBBCFB0E524E01B ] sbp2port        C:\Windows\system32\drivers\sbp2port.sys
23:32:51.0397 3220  sbp2port - ok
23:32:51.0437 3220  [ FD1CDCF108D5EF3366F00D18B70FB89B ] SCardSvr        C:\Windows\System32\SCardSvr.dll
23:32:51.0486 3220  SCardSvr - ok
23:32:51.0532 3220  [ 0F838C811AD295D2A4489B9993096C63 ] Schedule        C:\Windows\system32\schedsvc.dll
23:32:51.0637 3220  Schedule - ok
23:32:51.0679 3220  [ 5A268127633C7EE2A7FB87F39D748D56 ] SCPolicySvc    C:\Windows\System32\certprop.dll
23:32:51.0713 3220  SCPolicySvc - ok
23:32:51.0757 3220  [ BE100BC2BE2513314C717BB2C4CFFF10 ] sdbus          C:\Windows\system32\DRIVERS\sdbus.sys
23:32:51.0808 3220  sdbus - ok
23:32:51.0843 3220  [ 4FF71B076A7760FE75EA5AE2D0EE0018 ] SDRSVC          C:\Windows\System32\SDRSVC.dll
23:32:51.0898 3220  SDRSVC - ok
23:32:51.0952 3220  [ 58DC20EB15F071804C56FCCC796417A2 ] SeaPort        C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
23:32:51.0972 3220  SeaPort - ok
23:32:51.0986 3220  [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv          C:\Windows\system32\drivers\secdrv.sys
23:32:52.0054 3220  secdrv - ok
23:32:52.0067 3220  [ 5ACDCBC67FCF894A1815B9F96D704490 ] seclogon        C:\Windows\system32\seclogon.dll
23:32:52.0119 3220  seclogon - ok
23:32:52.0138 3220  [ 90973A64B96CD647FF81C79443618EED ] SENS            C:\Windows\system32\sens.dll
23:32:52.0194 3220  SENS - ok
23:32:52.0234 3220  [ F71BFE7AC6C52273B7C82CBF1BB2A222 ] Serenum        C:\Windows\system32\drivers\serenum.sys
23:32:52.0301 3220  Serenum - ok
23:32:52.0320 3220  [ E62FAC91EE288DB29A9696A9D279929C ] Serial          C:\Windows\system32\drivers\serial.sys
23:32:52.0395 3220  Serial - ok
23:32:52.0416 3220  [ A842F04833684BCEEA7336211BE478DF ] sermouse        C:\Windows\system32\drivers\sermouse.sys
23:32:52.0473 3220  sermouse - ok
23:32:52.0508 3220  [ A8E4A4407A09F35DCCC3771AF590B0C4 ] SessionEnv      C:\Windows\system32\sessenv.dll
23:32:52.0554 3220  SessionEnv - ok
23:32:52.0583 3220  [ 3A19C899BCF0EA24CFEC2038E6A489DB ] sffdisk        C:\Windows\system32\DRIVERS\sffdisk.sys
23:32:52.0621 3220  sffdisk - ok
23:32:52.0635 3220  [ 7073AEE3F82F3D598E3825962AA98AB2 ] sffp_mmc        C:\Windows\system32\drivers\sffp_mmc.sys
23:32:52.0682 3220  sffp_mmc - ok
23:32:52.0692 3220  [ FDCA63A2EEE528585EB66CEAC183EC22 ] sffp_sd        C:\Windows\system32\DRIVERS\sffp_sd.sys
23:32:52.0743 3220  sffp_sd - ok
23:32:52.0764 3220  [ 6B7838C94135768BD455CBDC23E39E5F ] sfloppy        C:\Windows\system32\drivers\sfloppy.sys
23:32:52.0873 3220  sfloppy - ok
23:32:52.0936 3220  [ 4C5AEE179DA7E1EE9A9CCB9DA289AF34 ] SharedAccess    C:\Windows\System32\ipnathlp.dll
23:32:53.0048 3220  SharedAccess - ok
23:32:53.0079 3220  [ 56793271ECDEDD350C5ADD305603E963 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:32:53.0130 3220  ShellHWDetection - ok
23:32:53.0160 3220  [ 7A5DE502AEB719D4594C6471060A78B3 ] SiSRaid2        C:\Windows\system32\drivers\sisraid2.sys
23:32:53.0185 3220  SiSRaid2 - ok
23:32:53.0211 3220  [ 3A2F769FAB9582BC720E11EA1DFB184D ] SiSRaid4        C:\Windows\system32\drivers\sisraid4.sys
23:32:53.0235 3220  SiSRaid4 - ok
23:32:53.0296 3220  [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate    C:\Program Files (x86)\Skype\Updater\Updater.exe
23:32:53.0317 3220  SkypeUpdate - ok
23:32:53.0428 3220  [ A9A27A8E257B45A604FDAD4F26FE7241 ] slsvc          C:\Windows\system32\SLsvc.exe
23:32:53.0631 3220  slsvc - ok
23:32:53.0677 3220  [ FD74B4B7C2088E390A30C85A896FC3AF ] SLUINotify      C:\Windows\system32\SLUINotify.dll
23:32:53.0751 3220  SLUINotify - ok
23:32:53.0794 3220  [ 290B6F6A0EC4FCDFC90F5CB6D7020473 ] Smb            C:\Windows\system32\DRIVERS\smb.sys
23:32:53.0863 3220  Smb - ok
23:32:53.0913 3220  [ F8F47F38909823B1AF28D60B96340CFF ] SNMPTRAP        C:\Windows\System32\snmptrap.exe
23:32:53.0958 3220  SNMPTRAP - ok
23:32:54.0006 3220  [ 386C3C63F00A7040C7EC5E384217E89D ] spldr          C:\Windows\system32\drivers\spldr.sys
23:32:54.0030 3220  spldr - ok
23:32:54.0064 3220  [ F66FF751E7EFC816D266977939EF5DC3 ] Spooler        C:\Windows\System32\spoolsv.exe
23:32:54.0123 3220  Spooler - ok
23:32:54.0203 3220  [ D630B6F2E8379B6F10DC16E82A426552 ] sprtsvc_DellSupportCenter C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
23:32:54.0225 3220  sprtsvc_DellSupportCenter - ok
23:32:54.0265 3220  [ 880A57FCCB571EBD063D4DD50E93E46D ] srv            C:\Windows\system32\DRIVERS\srv.sys
23:32:54.0338 3220  srv - ok
23:32:54.0417 3220  [ A1AD14A6D7A37891FFFECA35EBBB0730 ] srv2            C:\Windows\system32\DRIVERS\srv2.sys
23:32:54.0473 3220  srv2 - ok
23:32:54.0493 3220  [ 4BED62F4FA4D8300973F1151F4C4D8A7 ] srvnet          C:\Windows\system32\DRIVERS\srvnet.sys
23:32:54.0538 3220  srvnet - ok
23:32:54.0569 3220  [ 192C74646EC5725AEF3F80D19FF75F6A ] SSDPSRV        C:\Windows\System32\ssdpsrv.dll
23:32:54.0635 3220  SSDPSRV - ok
23:32:54.0661 3220  [ 2EE3FA0308E6185BA64A9A7F2E74332B ] SstpSvc        C:\Windows\system32\sstpsvc.dll
23:32:54.0707 3220  SstpSvc - ok
23:32:54.0818 3220  [ C5DF63AE2693C9B6B01B4A2E6C1C64AC ] STacSV          C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
23:32:54.0867 3220  STacSV - ok
23:32:54.0906 3220  [ BA16447226ABFD342E130D2F24F73D32 ] STHDA          C:\Windows\system32\DRIVERS\stwrt64.sys
23:32:54.0941 3220  STHDA - ok
23:32:54.0994 3220  [ 15825C1FBFB8779992CB65087F316AF5 ] stisvc          C:\Windows\System32\wiaservc.dll
23:32:55.0097 3220  stisvc - ok
23:32:55.0161 3220  [ 1D0063597C3666404FCF97698ABEB019 ] stllssvr        C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
23:32:55.0179 3220  stllssvr - ok
23:32:55.0214 3220  [ 8A851CA908B8B974F89C50D2E18D4F0C ] swenum          C:\Windows\system32\DRIVERS\swenum.sys
23:32:55.0235 3220  swenum - ok
23:32:55.0297 3220  [ 6DE37F4DE19D4EFD9C48C43ADDBC949A ] swprv          C:\Windows\System32\swprv.dll
23:32:55.0397 3220  swprv - ok
23:32:55.0427 3220  [ 2F26A2C6FC96B29BEFF5D8ED74E6625B ] Symc8xx        C:\Windows\system32\drivers\symc8xx.sys
23:32:55.0450 3220  Symc8xx - ok
23:32:55.0472 3220  [ A909667976D3BCCD1DF813FED517D837 ] Sym_hi          C:\Windows\system32\drivers\sym_hi.sys
23:32:55.0493 3220  Sym_hi - ok
23:32:55.0506 3220  [ 36887B56EC2D98B9C362F6AE4DE5B7B0 ] Sym_u3          C:\Windows\system32\drivers\sym_u3.sys
23:32:55.0528 3220  Sym_u3 - ok
23:32:55.0594 3220  [ 79A93EC9D224B1F43C0E2F023D61DCA3 ] SynTP          C:\Windows\system32\DRIVERS\SynTP.sys
23:32:55.0622 3220  SynTP - ok
23:32:55.0700 3220  [ 92D7A8B0F87B036F17D25885937897A6 ] SysMain        C:\Windows\system32\sysmain.dll
23:32:55.0827 3220  SysMain - ok
23:32:55.0863 3220  [ 005CE42567F9113A3BCCB3B20073B029 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:32:55.0921 3220  TabletInputService - ok
23:32:56.0089 3220  [ CC2562B4D55E0B6A4758C65407F63B79 ] TapiSrv        C:\Windows\System32\tapisrv.dll
23:32:56.0184 3220  TapiSrv - ok
23:32:56.0210 3220  [ CDBE8D7C1E201B911CDC346D06617FB5 ] TBS            C:\Windows\System32\tbssvc.dll
23:32:56.0291 3220  TBS - ok
23:32:56.0353 3220  [ C2CB949645C299E23FBFD26CAD3FC96E ] Tcpip          C:\Windows\system32\drivers\tcpip.sys
23:32:56.0467 3220  Tcpip - ok
23:32:56.0514 3220  [ C2CB949645C299E23FBFD26CAD3FC96E ] Tcpip6          C:\Windows\system32\DRIVERS\tcpip.sys
23:32:56.0612 3220  Tcpip6 - ok
23:32:56.0646 3220  [ C7E72A4071EE0200E3C075DACFB2B334 ] tcpipreg        C:\Windows\system32\drivers\tcpipreg.sys
23:32:56.0696 3220  tcpipreg - ok
23:32:56.0735 3220  [ 1D8BF4AAA5FB7A2761475781DC1195BC ] TDPIPE          C:\Windows\system32\drivers\tdpipe.sys
23:32:56.0810 3220  TDPIPE - ok
23:32:56.0836 3220  [ 7F7E00CDF609DF657F4CDA02DD1C9BB1 ] TDTCP          C:\Windows\system32\drivers\tdtcp.sys
23:32:56.0916 3220  TDTCP - ok
23:32:56.0956 3220  [ 458919C8C42E398DC4802178D5FFEE27 ] tdx            C:\Windows\system32\DRIVERS\tdx.sys
23:32:57.0017 3220  tdx - ok
23:32:57.0064 3220  [ 8C19678D22649EC002EF2282EAE92F98 ] TermDD          C:\Windows\system32\DRIVERS\termdd.sys
23:32:57.0090 3220  TermDD - ok
23:32:57.0150 3220  [ 5CDD30BC217082DAC71A9878D9BFD566 ] TermService    C:\Windows\System32\termsrv.dll
23:32:57.0244 3220  TermService - ok
23:32:57.0270 3220  [ 56793271ECDEDD350C5ADD305603E963 ] Themes          C:\Windows\system32\shsvcs.dll
23:32:57.0303 3220  Themes - ok
23:32:57.0331 3220  [ 3CBE4995E80E13CCFBC42E5DCF3AC81A ] THREADORDER    C:\Windows\system32\mmcss.dll
23:32:57.0391 3220  THREADORDER - ok
23:32:57.0415 3220  [ F4689F05AF472A651A7B1B7B02D200E7 ] TrkWks          C:\Windows\System32\trkwks.dll
23:32:57.0493 3220  TrkWks - ok
23:32:57.0566 3220  [ 66328B08EF5A9305D8EDE36B93930369 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:32:57.0619 3220  TrustedInstaller - ok
23:32:57.0646 3220  [ B2388462329ACD17AF50D8701E0C1B18 ] tssecsrv        C:\Windows\system32\DRIVERS\tssecsrv.sys
23:32:57.0685 3220  tssecsrv - ok
23:32:57.0707 3220  [ 89EC74A9E602D16A75A4170511029B3C ] tunmp          C:\Windows\system32\DRIVERS\tunmp.sys
23:32:57.0743 3220  tunmp - ok
23:32:57.0789 3220  [ 30A9B3F45AD081BFFC3BCAA9C812B609 ] tunnel          C:\Windows\system32\DRIVERS\tunnel.sys
23:32:57.0824 3220  tunnel - ok
23:32:57.0850 3220  [ FEC266EF401966311744BD0F359F7F56 ] uagp35          C:\Windows\system32\drivers\uagp35.sys
23:32:57.0874 3220  uagp35 - ok
23:32:57.0918 3220  [ FAF2640A2A76ED03D449E443194C4C34 ] udfs            C:\Windows\system32\DRIVERS\udfs.sys
23:32:57.0980 3220  udfs - ok
23:32:58.0014 3220  [ 060507C4113391394478F6953A79EEDC ] UI0Detect      C:\Windows\system32\UI0Detect.exe
23:32:58.0092 3220  UI0Detect - ok
23:32:58.0103 3220  [ 4EC9447AC3AB462647F60E547208CA00 ] uliagpkx        C:\Windows\system32\drivers\uliagpkx.sys
23:32:58.0128 3220  uliagpkx - ok
23:32:58.0150 3220  [ 697F0446134CDC8F99E69306184FBBB4 ] uliahci        C:\Windows\system32\drivers\uliahci.sys
23:32:58.0181 3220  uliahci - ok
23:32:58.0204 3220  [ 31707F09846056651EA2C37858F5DDB0 ] UlSata          C:\Windows\system32\drivers\ulsata.sys
23:32:58.0229 3220  UlSata - ok
23:32:58.0249 3220  [ 85E5E43ED5B48C8376281BAB519271B7 ] ulsata2        C:\Windows\system32\drivers\ulsata2.sys
23:32:58.0273 3220  ulsata2 - ok
23:32:58.0295 3220  [ 46E9A994C4FED537DD951F60B86AD3F4 ] umbus          C:\Windows\system32\DRIVERS\umbus.sys
23:32:58.0355 3220  umbus - ok
23:32:58.0382 3220  [ 7093799FF80E9DECA0680D2E3535BE60 ] upnphost        C:\Windows\System32\upnphost.dll
23:32:58.0446 3220  upnphost - ok
23:32:58.0492 3220  [ C9E9D59C0099A9FF51697E9306A44240 ] USBAAPL64      C:\Windows\system32\Drivers\usbaapl64.sys
23:32:58.0514 3220  USBAAPL64 - ok
23:32:58.0572 3220  [ 07E3498FC60834219D2356293DA0FECC ] usbccgp        C:\Windows\system32\DRIVERS\usbccgp.sys
23:32:58.0621 3220  usbccgp - ok
23:32:58.0638 3220  [ 9247F7E0B65852C1F6631480984D6ED2 ] usbcir          C:\Windows\system32\drivers\usbcir.sys
23:32:58.0716 3220  usbcir - ok
23:32:58.0757 3220  [ 827E44DE934A736EA31E91D353EB126F ] usbehci        C:\Windows\system32\DRIVERS\usbehci.sys
23:32:58.0803 3220  usbehci - ok
23:32:58.0849 3220  [ BB35CD80A2ECECFADC73569B3D70C7D1 ] usbhub          C:\Windows\system32\DRIVERS\usbhub.sys
23:32:58.0900 3220  usbhub - ok
23:32:58.0925 3220  [ EBA14EF0C07CEC233F1529C698D0D154 ] usbohci        C:\Windows\system32\drivers\usbohci.sys
23:32:59.0026 3220  usbohci - ok
23:32:59.0049 3220  [ ACFEE697AF477021BB3EC78C5431FED2 ] usbprint        C:\Windows\system32\drivers\usbprint.sys
23:32:59.0164 3220  usbprint - ok
23:32:59.0206 3220  [ B854C1558FCA0C269A38663E8B59B581 ] USBSTOR        C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:32:59.0284 3220  USBSTOR - ok
23:32:59.0325 3220  [ B2872CBF9F47316ABD0E0C74A1ABA507 ] usbuhci        C:\Windows\system32\DRIVERS\usbuhci.sys
23:32:59.0370 3220  usbuhci - ok
23:32:59.0408 3220  [ D76E231E4850BB3F88A3D9A78DF191E3 ] UxSms          C:\Windows\System32\uxsms.dll
23:32:59.0454 3220  UxSms - ok
23:32:59.0504 3220  [ 294945381DFA7CE58CECF0A9896AF327 ] vds            C:\Windows\System32\vds.exe
23:32:59.0574 3220  vds - ok
23:32:59.0601 3220  [ 916B94BCF1E09873FFF2D5FB11767BBC ] vga            C:\Windows\system32\DRIVERS\vgapnp.sys
23:32:59.0661 3220  vga - ok
23:32:59.0680 3220  [ B83AB16B51FEDA65DD81B8C59D114D63 ] VgaSave        C:\Windows\System32\drivers\vga.sys
23:32:59.0741 3220  VgaSave - ok
23:32:59.0767 3220  [ 8294B6C3FDB6C33F24E150DE647ECDAA ] viaide          C:\Windows\system32\drivers\viaide.sys
23:32:59.0780 3220  viaide - ok
23:32:59.0825 3220  [ 2B7E885ED951519A12C450D24535DFCA ] volmgr          C:\Windows\system32\drivers\volmgr.sys
23:32:59.0842 3220  volmgr - ok
23:32:59.0897 3220  [ CEC5AC15277D75D9E5DEC2E1C6EAF877 ] volmgrx        C:\Windows\system32\drivers\volmgrx.sys
23:32:59.0924 3220  volmgrx - ok
23:32:59.0978 3220  [ 582F710097B46140F5A89A19A6573D4B ] volsnap        C:\Windows\system32\drivers\volsnap.sys
23:33:00.0001 3220  volsnap - ok
23:33:00.0018 3220  [ A68F455ED2673835209318DD61BFBB0E ] vsmraid        C:\Windows\system32\drivers\vsmraid.sys
23:33:00.0036 3220  vsmraid - ok
23:33:00.0112 3220  [ B75232DAD33BFD95BF6F0A3E6BFF51E1 ] VSS            C:\Windows\system32\vssvc.exe
23:33:00.0223 3220  VSS - ok
23:33:00.0285 3220  [ F14A7DE2EA41883E250892E1E5230A9A ] W32Time        C:\Windows\system32\w32time.dll
23:33:00.0381 3220  W32Time - ok
23:33:00.0407 3220  [ FEF8FE5923FEAD2CEE4DFABFCE3393A7 ] WacomPen        C:\Windows\system32\drivers\wacompen.sys
23:33:00.0483 3220  WacomPen - ok
23:33:00.0533 3220  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarp          C:\Windows\system32\DRIVERS\wanarp.sys
23:33:00.0581 3220  Wanarp - ok
23:33:00.0586 3220  [ B8E7049622300D20BA6D8BE0C47C0CFD ] Wanarpv6        C:\Windows\system32\DRIVERS\wanarp.sys
23:33:00.0615 3220  Wanarpv6 - ok
23:33:00.0644 3220  [ B4E4C37D0AA6100090A53213EE2BF1C1 ] wcncsvc        C:\Windows\System32\wcncsvc.dll
23:33:00.0683 3220  wcncsvc - ok
23:33:00.0732 3220  [ EA4B369560E986F19D93F45A881484AC ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:33:00.0781 3220  WcsPlugInService - ok
23:33:00.0815 3220  [ 0C17A0816F65B89E362E682AD5E7266E ] Wd              C:\Windows\system32\drivers\wd.sys
23:33:00.0833 3220  Wd - ok
23:33:00.0884 3220  [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000        C:\Windows\system32\drivers\Wdf01000.sys
23:33:00.0923 3220  Wdf01000 - ok
23:33:00.0946 3220  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiServiceHost  C:\Windows\system32\wdi.dll
23:33:01.0006 3220  WdiServiceHost - ok
23:33:01.0010 3220  [ C5EFDA73EBFCA8B02A094898DE0A9276 ] WdiSystemHost  C:\Windows\system32\wdi.dll
23:33:01.0059 3220  WdiSystemHost - ok
23:33:01.0077 3220  [ 3E6D05381CF35F75EBB055544A8ED9AC ] WebClient      C:\Windows\System32\webclnt.dll
23:33:01.0103 3220  WebClient - ok
23:33:01.0118 3220  [ 8D40BC587993F876658BF9FB0F7D3462 ] Wecsvc          C:\Windows\system32\wecsvc.dll
23:33:01.0198 3220  Wecsvc - ok
23:33:01.0233 3220  [ 9C980351D7E96288EA0C23AE232BD065 ] wercplsupport  C:\Windows\System32\wercplsupport.dll
23:33:01.0281 3220  wercplsupport - ok
23:33:01.0294 3220  [ 66B9ECEBC46683F47EDC06333C075FEF ] WerSvc          C:\Windows\System32\WerSvc.dll
23:33:01.0354 3220  WerSvc - ok
23:33:01.0386 3220  WinDefend - ok
23:33:01.0394 3220  WinHttpAutoProxySvc - ok
23:33:01.0468 3220  [ D2E7296ED1BD26D8DB2799770C077A02 ] Winmgmt        C:\Windows\system32\wbem\WMIsvc.dll
23:33:01.0536 3220  Winmgmt - ok
23:33:01.0618 3220  [ 6CBB0C68F13B9C2EC1B16F5FA5E7C869 ] WinRM          C:\Windows\system32\WsmSvc.dll
23:33:01.0760 3220  WinRM - ok
23:33:01.0807 3220  [ EC339C8115E91BAED835957E9A677F16 ] Wlansvc        C:\Windows\System32\wlansvc.dll
23:33:01.0916 3220  Wlansvc - ok
23:33:01.0922 3220  wltrysvc - ok
23:33:01.0970 3220  [ E18AEBAAA5A773FE11AA2C70F65320F5 ] WmiAcpi        C:\Windows\system32\DRIVERS\wmiacpi.sys
23:33:02.0031 3220  WmiAcpi - ok
23:33:02.0081 3220  [ 21FA389E65A852698B6A1341F36EE02D ] wmiApSrv        C:\Windows\system32\wbem\WmiApSrv.exe
23:33:02.0128 3220  wmiApSrv - ok
23:33:02.0153 3220  WMPNetworkSvc - ok
23:33:02.0178 3220  [ CBC156C913F099E6680D1DF9307DB7A8 ] WPCSvc          C:\Windows\System32\wpcsvc.dll
23:33:02.0231 3220  WPCSvc - ok
23:33:02.0274 3220  [ 490A18B4E4D53DC10879DEAA8E8B70D9 ] WPDBusEnum      C:\Windows\system32\wpdbusenum.dll
23:33:02.0340 3220  WPDBusEnum - ok
23:33:02.0378 3220  [ 5E2401B3FC1089C90E081291357371A9 ] WpdUsb          C:\Windows\system32\DRIVERS\wpdusb.sys
23:33:02.0425 3220  WpdUsb - ok
23:33:02.0534 3220  [ 8E344C1B4FE7EDE0E9055405B9987862 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe
23:33:02.0617 3220  WPFFontCache_v0400 - ok
23:33:02.0651 3220  [ 8A900348370E359B6BFF6A550E4649E1 ] ws2ifsl        C:\Windows\system32\drivers\ws2ifsl.sys
23:33:02.0723 3220  ws2ifsl - ok
23:33:02.0775 3220  [ 9EA3E6D0EF7A5C2B9181961052A4B01A ] wscsvc          C:\Windows\system32\wscsvc.dll
23:33:02.0804 3220  wscsvc - ok
23:33:02.0811 3220  WSearch - ok
23:33:02.0914 3220  [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv        C:\Windows\system32\wuaueng.dll
23:33:03.0097 3220  wuauserv - ok
23:33:03.0135 3220  [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf          C:\Windows\system32\drivers\WudfPf.sys
23:33:03.0196 3220  WudfPf - ok
23:33:03.0236 3220  [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd          C:\Windows\system32\DRIVERS\WUDFRd.sys
23:33:03.0282 3220  WUDFRd - ok
23:33:03.0324 3220  [ B20F051B03A966392364C83F009F7D17 ] wudfsvc        C:\Windows\System32\WUDFSvc.dll
23:33:03.0370 3220  wudfsvc - ok
23:33:03.0409 3220  ================ Scan global ===============================
23:33:03.0438 3220  [ 060DC3A7A9A2626031EB23D90151428D ] C:\Windows\system32\basesrv.dll
23:33:03.0473 3220  [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
23:33:03.0514 3220  [ D665D594B7E11133D29D726BDDC7A5B0 ] C:\Windows\system32\winsrv.dll
23:33:03.0571 3220  [ 934E0B7D77FF78C18D9F8891221B6DE3 ] C:\Windows\system32\services.exe
23:33:03.0578 3220  [Global] - ok
23:33:03.0579 3220  ================ Scan MBR ==================================
23:33:03.0597 3220  [ CDB4DE4BBD714F152979DA2DCBEF57EB ] \Device\Harddisk0\DR0
23:33:04.0019 3220  \Device\Harddisk0\DR0 - ok
23:33:04.0020 3220  ================ Scan VBR ==================================
23:33:04.0050 3220  [ AEFA43C8CFAE3143C881D54167C82811 ] \Device\Harddisk0\DR0\Partition1
23:33:04.0053 3220  \Device\Harddisk0\DR0\Partition1 - ok
23:33:04.0058 3220  [ B645E8026AC0CD1FC9A555595C37D59B ] \Device\Harddisk0\DR0\Partition2
23:33:04.0061 3220  \Device\Harddisk0\DR0\Partition2 - ok
23:33:04.0062 3220  ============================================================
23:33:04.0062 3220  Scan finished
23:33:04.0062 3220  ============================================================
23:33:04.0081 3460  Detected object count: 1
23:33:04.0081 3460  Actual detected object count: 1
23:33:37.0602 3460  DockLoginService ( UnsignedFile.Multi.Generic ) - skipped by user
23:33:37.0602 3460  DockLoginService ( UnsignedFile.Multi.Generic ) - User select action: Skip

cosinus 22.08.2013 22:40
Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Boris.K 23.08.2013 18:19
Hi,

hier schon Mal das Logfile von AdwCleaner:

Code:
# AdwCleaner v3.000 - Report created 23/08/2013 at 18:50:24
# Updated 20/08/2013 by Xplode
# Operating System : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Username : BK - BK-PC
# Running from : C:\Users\BK\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

[!] Folder Deleted : C:\ProgramData\Babylon
[!] Folder Deleted : C:\Program Files (x86)\MyPC Backup
[!] Folder Deleted : C:\Users\BK\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpepfkjapeclaafmhoelccknpfedainn
File Deleted : C:\Users\BK\AppData\Roaming\Mozilla\Firefox\Profiles\q8fa2qmt.default\searchplugins\mixidj.xml
File Deleted : C:\Users\BK\AppData\Roaming\Mozilla\Firefox\Profiles\q8fa2qmt.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\OCS
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16502


-\\ Mozilla Firefox v22.0 (de)

[ File : C:\Users\BK\AppData\Roaming\Mozilla\Firefox\Profiles\q8fa2qmt.default\prefs.js ]


-\\ Google Chrome v28.0.1500.95

[ File : C:\Users\BK\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [5898 octets] - [23/08/2013 18:49:22]
AdwCleaner[S0].txt - [5833 octets] - [23/08/2013 18:50:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5893 octets] ##########
JRT Log:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows (TM) Vista Home Premium x64
Ran by BK on 23.08.2013 at 19:01:42,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\lyricsget



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\{184AA5E6-741D-464A-820E-94B3ABC2F3B4}
Successfully deleted the following from C:\Users\BK\AppData\Roaming\mozilla\firefox\profiles\q8fa2qmt.default\prefs.js

user_pref("iminent.displayFavLinks", "1");
user_pref("iminent.registerToolbarEvent102", "1377035335758");
user_pref("iminent.version", "7.33.3.1");
Emptied folder: C:\Users\BK\AppData\Roaming\mozilla\firefox\profiles\q8fa2qmt.default\minidumps [338 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.08.2013 at 19:12:23,00
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST:


FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-08-2013
Ran by BK (administrator) on 23-08-2013 19:16:11
Running from C:\Users\BK\Desktop
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\STacSV64.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(ATI Technologies Inc.) C:\Windows\system32\Ati2evxx.exe
() C:\Windows\System32\WLTRYSVC.EXE
(Dell Inc.) C:\Windows\System32\bcmwltry.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_15f4e438\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Dell Inc.) C:\WINDOWS\System32\WLTRAY.EXE
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DellDock.exe
() C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
(Dropbox, Inc.) C:\Users\BK\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\system32\conime.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1657128 2008-11-25] (Synaptics, Inc.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [462848 2009-03-19] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Windows\system32\WLTRAY.exe [4119552 2008-12-21] (Dell Inc.)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKLM-x32\...\Run: [emsisoft anti-malware] - C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe [2928040 2013-08-18] (Emsisoft GmbH)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [250192 2009-04-24] (Microsoft Corporation)
HKLM-x32\...\Run: [Dell DataSafe Online] - C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe [1762032 2009-04-09] ()
HKLM-x32\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-05-23] (CyberLink Corp.)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-30] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-08-19] (Avira Operations GmbH & Co. KG)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\BK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\BK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\BK\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\BK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock.lnk
ShortcutTarget: Dell Dock.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WI1F86~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\BK\AppData\Roaming\Mozilla\Firefox\Profiles\q8fa2qmt.default
FF NewTab: hxxp://www.google.com/firefox
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com/firefox
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\2.0.31005.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Extension: LyricsGet - C:\Users\BK\AppData\Roaming\Mozilla\Firefox\Profiles\q8fa2qmt.default\Extensions\128
FF Extension: Bitdefender QuickScan - C:\Users\BK\AppData\Roaming\Mozilla\Firefox\Profiles\q8fa2qmt.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION

==================== Services (Whitelisted) =================

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [2938408 2013-08-18] (Emsisoft GmbH)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-19] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-19] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-08-19] (Avira Operations GmbH & Co. KG)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
R2 wltrysvc; C:\Windows\System32\WLTRYSVC.EXE [32768 2008-12-21] ()

==================== Drivers (Whitelisted) ====================

S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-04-30] (Emsisoft GmbH)
S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [66320 2012-04-30] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-08-18] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-08-18] (Emsisoft GmbH)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [29288 2010-12-24] (Wondershare)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-08-19] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-08-19] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-08-19] (Avira Operations GmbH & Co. KG)
S3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57032 2013-08-18] (Emsisoft GmbH)
S3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57032 2013-08-18] (Emsisoft GmbH)
R3 OA008Ufd; C:\Windows\System32\DRIVERS\OA008Ufd.sys [159840 2009-03-06] (Creative Technology Ltd.)
R3 OA008Vid; C:\Windows\System32\DRIVERS\OA008Vid.sys [313696 2009-05-06] (Creative Technology Ltd.)
S1 Beep; No ImagePath
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-08-23 19:12 - 2013-08-23 19:12 - 00001304 _____ C:\Users\BK\Desktop\JRT.txt
2013-08-23 19:01 - 2013-08-23 19:01 - 00000000 ____D C:\Windows\ERUNT
2013-08-23 18:59 - 2013-08-23 18:59 - 01021434 _____ (Thisisu) C:\Users\BK\Desktop\JRT.exe
2013-08-23 18:59 - 2013-08-23 18:59 - 00005872 _____ C:\Users\BK\Desktop\AdwCleaner[S0].txt
2013-08-23 18:49 - 2013-08-23 18:50 - 00000000 ____D C:\AdwCleaner
2013-08-23 18:48 - 2013-08-23 18:48 - 00975858 _____ C:\Users\BK\Desktop\adwcleaner.exe
2013-08-22 23:30 - 2013-08-22 23:30 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\BK\Desktop\tdsskiller.exe
2013-08-22 22:51 - 2013-08-22 23:12 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-22 22:50 - 2013-08-22 23:12 - 00000000 ____D C:\Users\BK\Desktop\mbar
2013-08-22 22:49 - 2013-08-22 22:49 - 12081912 _____ (Malwarebytes Corp.) C:\Users\BK\Desktop\mbar-1.06.1.1005.exe
2013-08-22 22:10 - 2013-08-22 22:10 - 00020509 _____ C:\ComboFix.txt
2013-08-22 21:49 - 2013-08-22 22:10 - 00000000 ____D C:\ComboFix
2013-08-22 21:49 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-08-22 21:49 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-08-22 21:49 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-08-22 21:49 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-08-22 21:49 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-08-22 21:49 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-08-22 21:49 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-08-22 21:49 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-08-22 21:46 - 2013-08-22 22:10 - 00000000 ____D C:\Qoobox
2013-08-22 21:45 - 2013-08-22 22:08 - 00000000 ____D C:\Windows\erdnt
2013-08-22 21:44 - 2013-08-22 21:44 - 05111180 ____R (Swearware) C:\Users\BK\Downloads\ComboFix.exe
2013-08-22 20:27 - 2013-08-22 21:08 - 00021298 _____ C:\Users\BK\Desktop\Addition.txt
2013-08-22 20:24 - 2013-08-22 20:24 - 00000000 ____D C:\FRST
2013-08-22 20:14 - 2013-08-22 20:14 - 00029216 _____ C:\Users\BK\Desktop\AVSCAN-20130819-211258-6EF0211E.LOG
2013-08-22 19:12 - 2013-08-22 19:25 - 00002881 _____ C:\Users\BK\Desktop\sharedaccess.reg
2013-08-22 19:05 - 2013-08-22 19:05 - 02828552 _____ (AVAST Software) C:\Users\BK\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-08-20 23:47 - 2013-08-20 23:55 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-08-20 23:45 - 2013-08-20 23:45 - 00000000 ____D C:\Users\BORISK~1\AppData\Local\avgchrome
2013-08-20 23:43 - 2013-08-20 23:43 - 00001142 _____ C:\Users\BK\Desktop\Continue Free Flac to MP3.lnk
2013-08-19 20:23 - 2013-08-19 20:23 - 00000000 ____D C:\Users\BK\AppData\Roaming\Avira
2013-08-19 20:17 - 2013-08-19 20:17 - 00001903 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-19 20:17 - 2013-08-19 20:06 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-19 20:17 - 2013-08-19 20:06 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-19 20:17 - 2013-08-19 20:06 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-19 20:16 - 2013-08-19 20:17 - 00000000 ____D C:\ProgramData\Avira
2013-08-19 20:16 - 2013-08-19 20:16 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-18 12:08 - 2013-08-18 12:11 - 00000000 ____D C:\Windows\system32\MRT
2013-08-18 12:08 - 2013-08-18 12:08 - 02092792 _____ C:\Users\BK\Downloads\avira_free_antivirus(1).exe
2013-08-18 12:03 - 2013-07-25 05:54 - 17830400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-18 12:03 - 2013-07-25 05:37 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-18 12:03 - 2013-07-25 05:35 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-18 12:03 - 2013-07-25 05:31 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-18 12:03 - 2013-07-25 05:30 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-18 12:03 - 2013-07-25 05:29 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-18 12:03 - 2013-07-25 05:29 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-18 12:03 - 2013-07-25 05:29 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-18 12:03 - 2013-07-25 05:28 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-18 12:03 - 2013-07-25 05:28 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-18 12:03 - 2013-07-25 05:28 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-18 12:03 - 2013-07-25 05:28 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-18 12:03 - 2013-07-25 05:28 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-18 12:03 - 2013-07-25 05:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-18 12:03 - 2013-07-25 05:27 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-18 12:03 - 2013-07-25 05:26 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-18 12:03 - 2013-07-25 04:40 - 12334080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-18 12:03 - 2013-07-25 04:32 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-18 12:03 - 2013-07-25 04:30 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-18 12:03 - 2013-07-25 04:26 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-18 12:03 - 2013-07-25 04:26 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-18 12:03 - 2013-07-25 04:25 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-08-18 12:03 - 2013-07-25 04:24 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-08-18 12:03 - 2013-07-25 04:24 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-18 12:03 - 2013-07-25 04:23 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-18 12:03 - 2013-07-25 04:23 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-18 12:03 - 2013-07-25 04:23 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-18 12:03 - 2013-07-25 04:23 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-08-18 12:03 - 2013-07-25 04:23 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-08-18 12:03 - 2013-07-25 04:22 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-18 12:03 - 2013-07-25 04:22 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-18 12:03 - 2013-07-25 04:22 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-08-18 11:52 - 2013-08-18 11:52 - 00000000 ____D C:\found.000
2013-08-18 00:59 - 2013-08-18 00:59 - 00000165 _____ C:\ProgramData\dfitrbruvdigcsdwlpv.reg
2013-08-18 00:59 - 2013-08-18 00:59 - 00000070 _____ C:\ProgramData\dfitrbruvdigcsdwlpv.bat
2013-08-18 00:32 - 2013-07-17 22:01 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-18 00:32 - 2013-07-17 21:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-18 00:32 - 2013-07-10 11:47 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-18 00:32 - 2013-07-10 11:42 - 01303552 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-18 00:32 - 2013-07-09 14:04 - 01585256 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-18 00:32 - 2013-07-09 14:04 - 01168088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-18 00:32 - 2013-07-08 06:51 - 04691904 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-18 00:32 - 2013-07-08 06:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-18 00:32 - 2013-07-08 06:20 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-18 00:32 - 2013-07-08 06:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-18 00:32 - 2013-07-08 06:16 - 00992768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-18 00:32 - 2013-07-08 06:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-18 00:32 - 2013-07-08 06:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-18 00:32 - 2013-07-08 06:15 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-18 00:32 - 2013-07-08 06:15 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-18 00:32 - 2013-07-08 06:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-08-18 00:32 - 2013-07-08 06:12 - 01276416 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-18 00:32 - 2013-07-08 06:12 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-18 00:32 - 2013-07-08 06:12 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-18 00:32 - 2013-07-08 03:39 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-18 00:32 - 2013-07-08 03:39 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-18 00:32 - 2013-07-08 03:39 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-18 00:32 - 2013-07-05 06:45 - 01423808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-18 00:32 - 2013-06-15 15:27 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2013-08-18 00:32 - 2013-06-15 13:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-03 12:45 - 2013-08-03 12:45 - 00000000 ____D C:\ProgramData\Mozilla
2013-08-03 12:45 - 2013-08-03 12:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

==================== One Month Modified Files and Folders =======

2013-08-23 19:15 - 2013-08-23 19:15 - 01576474 _____ (Farbar) C:\Users\BK\Desktop\FRST64.exe
2013-08-23 19:12 - 2013-08-23 19:12 - 00001304 _____ C:\Users\BK\Desktop\JRT.txt
2013-08-23 19:01 - 2013-08-23 19:01 - 00000000 ____D C:\Windows\ERUNT
2013-08-23 18:59 - 2013-08-23 18:59 - 01021434 _____ (Thisisu) C:\Users\BK\Desktop\JRT.exe
2013-08-23 18:59 - 2013-08-23 18:59 - 00005872 _____ C:\Users\BK\Desktop\AdwCleaner[S0].txt
2013-08-23 18:59 - 2009-08-05 13:00 - 01772866 _____ C:\Windows\WindowsUpdate.log
2013-08-23 18:58 - 2012-09-02 13:13 - 00001128 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-23 18:56 - 2012-04-01 22:12 - 00000000 ___RD C:\Users\BK\Dropbox
2013-08-23 18:56 - 2012-04-01 22:08 - 00000000 ____D C:\Users\BK\AppData\Roaming\Dropbox
2013-08-23 18:53 - 2012-09-02 13:13 - 00001124 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-23 18:53 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-23 18:53 - 2006-11-02 17:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-23 18:53 - 2006-11-02 17:22 - 00003616 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-23 18:52 - 2012-10-10 22:56 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2013-08-23 18:52 - 2006-11-02 17:42 - 00032556 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-23 18:51 - 2012-08-09 22:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-23 18:50 - 2013-08-23 18:49 - 00000000 ____D C:\AdwCleaner
2013-08-23 18:48 - 2013-08-23 18:48 - 00975858 _____ C:\Users\BK\Desktop\adwcleaner.exe
2013-08-23 18:48 - 2012-04-22 03:02 - 00003758 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{CFAF3200-B0F5-4291-86E5-6952ABD96C3C}
2013-08-22 23:30 - 2013-08-22 23:30 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\BK\Desktop\tdsskiller.exe
2013-08-22 23:12 - 2013-08-22 22:51 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-08-22 23:12 - 2013-08-22 22:50 - 00000000 ____D C:\Users\BK\Desktop\mbar
2013-08-22 22:49 - 2013-08-22 22:49 - 12081912 _____ (Malwarebytes Corp.) C:\Users\BK\Desktop\mbar-1.06.1.1005.exe
2013-08-22 22:10 - 2013-08-22 22:10 - 00020509 _____ C:\ComboFix.txt
2013-08-22 22:10 - 2013-08-22 21:49 - 00000000 ____D C:\ComboFix
2013-08-22 22:10 - 2013-08-22 21:46 - 00000000 ____D C:\Qoobox
2013-08-22 22:10 - 2006-11-02 15:33 - 00000000 __RHD C:\Users\Default
2013-08-22 22:08 - 2013-08-22 21:45 - 00000000 ____D C:\Windows\erdnt
2013-08-22 22:08 - 2012-04-01 10:35 - 00000000 ___RD C:\Users\BK\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-08-22 22:03 - 2006-11-02 14:34 - 00000215 _____ C:\Windows\system.ini
2013-08-22 22:02 - 2012-08-25 02:15 - 00035012 _____ C:\Windows\PFRO.log
2013-08-22 21:44 - 2013-08-22 21:44 - 05111180 ____R (Swearware) C:\Users\BK\Downloads\ComboFix.exe
2013-08-22 21:08 - 2013-08-22 20:27 - 00021298 _____ C:\Users\BK\Desktop\Addition.txt
2013-08-22 20:24 - 2013-08-22 20:24 - 00000000 ____D C:\FRST
2013-08-22 20:14 - 2013-08-22 20:14 - 00029216 _____ C:\Users\BK\Desktop\AVSCAN-20130819-211258-6EF0211E.LOG
2013-08-22 19:25 - 2013-08-22 19:12 - 00002881 _____ C:\Users\BK\Desktop\sharedaccess.reg
2013-08-22 19:05 - 2013-08-22 19:05 - 02828552 _____ (AVAST Software) C:\Users\BK\Downloads\avast-browser-cleanup_8.0.1484.29.exe
2013-08-21 00:26 - 2012-10-10 22:42 - 00000000 ____D C:\Users\BK\AppData\Roaming\QuickScan
2013-08-20 23:55 - 2013-08-20 23:47 - 00000898 _____ C:\Windows\SysWOW64\InstallUtil.InstallLog
2013-08-20 23:54 - 2012-08-09 22:39 - 00003736 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-20 23:53 - 2012-04-01 17:30 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 23:53 - 2012-04-01 17:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-20 23:45 - 2013-08-20 23:45 - 00000000 ____D C:\Users\BORISK~1\AppData\Local\avgchrome
2013-08-20 23:45 - 2012-04-01 11:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-20 23:43 - 2013-08-20 23:43 - 00001142 _____ C:\Users\BK\Desktop\Continue Free Flac to MP3.lnk
2013-08-19 22:40 - 2008-01-21 13:10 - 01445546 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-19 22:40 - 2008-01-21 13:09 - 00628992 _____ C:\Windows\system32\perfh007.dat
2013-08-19 22:40 - 2008-01-21 13:09 - 00126704 _____ C:\Windows\system32\perfc007.dat
2013-08-19 20:23 - 2013-08-19 20:23 - 00000000 ____D C:\Users\BK\AppData\Roaming\Avira
2013-08-19 20:17 - 2013-08-19 20:17 - 00001903 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-08-19 20:17 - 2013-08-19 20:16 - 00000000 ____D C:\ProgramData\Avira
2013-08-19 20:16 - 2013-08-19 20:16 - 00000000 ____D C:\Program Files (x86)\Avira
2013-08-19 20:06 - 2013-08-19 20:17 - 00130016 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-19 20:06 - 2013-08-19 20:17 - 00100712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-08-19 20:06 - 2013-08-19 20:17 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-08-18 17:01 - 2006-11-02 15:33 - 00000000 ____D C:\Windows\rescache
2013-08-18 12:11 - 2013-08-18 12:08 - 00000000 ____D C:\Windows\system32\MRT
2013-08-18 12:08 - 2013-08-18 12:08 - 02092792 _____ C:\Users\BK\Downloads\avira_free_antivirus(1).exe
2013-08-18 12:07 - 2006-11-02 14:35 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-08-18 11:52 - 2013-08-18 11:52 - 00000000 ____D C:\found.000
2013-08-18 00:59 - 2013-08-18 00:59 - 00000165 _____ C:\ProgramData\dfitrbruvdigcsdwlpv.reg
2013-08-18 00:59 - 2013-08-18 00:59 - 00000070 _____ C:\ProgramData\dfitrbruvdigcsdwlpv.bat
2013-08-18 00:50 - 2012-04-19 22:59 - 00000000 ____D C:\Program Files (x86)\Comodo
2013-08-18 00:48 - 2012-04-19 22:59 - 00000000 ____D C:\ProgramData\Comodo
2013-08-06 23:50 - 2012-09-16 15:21 - 00006656 _____ C:\Users\BORISK~1\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-08-03 12:48 - 2012-04-03 00:08 - 00000000 ____D C:\Users\BORISK~1\AppData\Local\Adobe
2013-08-03 12:45 - 2013-08-03 12:45 - 00000000 ____D C:\ProgramData\Mozilla
2013-08-03 12:45 - 2013-08-03 12:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-03 05:05 - 2012-09-02 13:14 - 00002027 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-25 05:54 - 2013-08-18 12:03 - 17830400 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-25 05:37 - 2013-08-18 12:03 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-25 05:35 - 2013-08-18 12:03 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-25 05:31 - 2013-08-18 12:03 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-25 05:30 - 2013-08-18 12:03 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-25 05:29 - 2013-08-18 12:03 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-07-25 05:29 - 2013-08-18 12:03 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-07-25 05:29 - 2013-08-18 12:03 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-25 05:28 - 2013-08-18 12:03 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-25 05:28 - 2013-08-18 12:03 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-25 05:28 - 2013-08-18 12:03 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-25 05:28 - 2013-08-18 12:03 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-07-25 05:28 - 2013-08-18 12:03 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-07-25 05:27 - 2013-08-18 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-25 05:27 - 2013-08-18 12:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-07-25 05:26 - 2013-08-18 12:03 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-25 04:40 - 2013-08-18 12:03 - 12334080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-25 04:32 - 2013-08-18 12:03 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-25 04:30 - 2013-08-18 12:03 - 09738752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-25 04:26 - 2013-08-18 12:03 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-25 04:26 - 2013-08-18 12:03 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-25 04:25 - 2013-08-18 12:03 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-07-25 04:24 - 2013-08-18 12:03 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-07-25 04:24 - 2013-08-18 12:03 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-25 04:23 - 2013-08-18 12:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-25 04:23 - 2013-08-18 12:03 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-25 04:23 - 2013-08-18 12:03 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-25 04:23 - 2013-08-18 12:03 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-07-25 04:23 - 2013-08-18 12:03 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-07-25 04:22 - 2013-08-18 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-25 04:22 - 2013-08-18 12:03 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-25 04:22 - 2013-08-18 12:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

Files to move or delete:
====================
C:\ProgramData\dfitrbruvdigcsdwlpv.bat
C:\ProgramData\dfitrbruvdigcsdwlpv.reg
C:\ProgramData\H6Sq7Tt.reg

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-08-23 19:00

==================== End Of Log ============================
--- --- ---

--- --- ---

cosinus 23.08.2013 18:21
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
C:\ProgramData\dfitrbruvdigcsdwlpv.bat
C:\ProgramData\dfitrbruvdigcsdwlpv.reg
C:\ProgramData\H6Sq7Tt.reg
C:\found.000

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


Boris.K 23.08.2013 18:27
Fixlog:

Code:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-08-2013
Ran by BK at 2013-08-23 19:25:10 Run:1
Running from C:\Users\BK\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\ProgramData\dfitrbruvdigcsdwlpv.bat
C:\ProgramData\dfitrbruvdigcsdwlpv.reg
C:\ProgramData\H6Sq7Tt.reg
C:\found.000
*****************

C:\ProgramData\dfitrbruvdigcsdwlpv.bat => Moved successfully.
C:\ProgramData\dfitrbruvdigcsdwlpv.reg => Moved successfully.
C:\ProgramData\H6Sq7Tt.reg => Moved successfully.
C:\found.000 => Moved successfully.

==== End of Fixlog ====
Ich hatte übrigens die ADDITION File nicht gepostet, weil die nicht ausgeliefert wurde. Ist das okay?


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:38 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131