Trojaner-Board - Suchmaschinen Umleitung zu Werbseiten (über Rocketnews)

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Suchmaschinen Umleitung zu Werbseiten (über Rocketnews) (https://www.trojaner-board.de/114253-suchmaschinen-umleitung-werbseiten-rocketnews.html)

Suchmaschinen Umleitung zu Werbseiten (über Rocketnews)

Liebes Trojaner-Board-Team,

es lässt mich ein bisschen verzweifeln. Seit einer Woche werde ich von Suchmaschinen nicht auf die gewünschte Seite, sondern auf andere Werbeseiten umgeleitet. Dieses geschieht meist über die Seite "rocketnews".
Sowohl das Vodafone Sicherheitscenter, Malwarebytes als auch verschiedene RescueCDs haben nichts gefunden.

Ich hoffe, dass ich hier an der richtigen Stelle bin. Ich bin mit solchen Dingen nicht so vertraut. Was müsste ich als nächstes tun?

Viele Grüße,
Katharina

Zitat:

Malwarebytes als auch verschiedene RescueCDs haben nichts gefunden.

Bitte trotzdem alle Logs von Malwarebytes posten

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

Code:

 Malwarebytes' Anti-Malware 1.50.1.1100

www.malwarebytes.org
 

Datenbank Version: 912042202
 

Windows 6.1.7601 Service Pack 1

Internet Explorer 9.0.8112.16421
 

22.04.2012 18:19:47

mbam-log-2012-04-22 (18-19-47).txt
 

Art des Suchlaufs: Quick-Scan

Durchsuchte Objekte: 234411

Laufzeit: 6 Minute(n), 27 Sekunde(n)
 

Infizierte Speicherprozesse: 0

Infizierte Speichermodule: 0

Infizierte Registrierungsschlüssel: 0

Infizierte Registrierungswerte: 0

Infizierte Dateiobjekte der Registrierung: 0

Infizierte Verzeichnisse: 0

Infizierte Dateien: 0
 

Infizierte Speicherprozesse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel:

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung:

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse:

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien:

(Keine bösartigen Objekte gefunden)

Bitte erstmal routinemäßig einen Vollscan mit malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Außerdem müssen alle Funde entfernt werden.

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

OTL Logfile:

Code:

OTL logfile created on: 4/28/2012 10:43:41 AM - Run 1

OTL by OldTimer - Version 3.2.42.1     Folder = C:\Users\***\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1.86 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 42.53% Memory free

3.73 Gb Paging File | 2.15 Gb Available in Paging File | 57.75% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 230.88 Gb Total Space | 124.05 Gb Free Space | 53.73% Space Free | Partition Type: NTFS

 

Computer Name: *** | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

PRC - C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe ()

PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files (x86)\Vodafone-Sicherheitspaket\ORSP Client\fsorsp.exe (F-Secure Corporation)

PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)

PRC - C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)

PRC - C:\Program Files (x86)\Vodafone-Sicherheitspaket\Common\FSMA32.EXE (F-Secure Corporation)

PRC - C:\Program Files (x86)\Vodafone-Sicherheitspaket\Common\FSM32.EXE (F-Secure Corporation)

PRC - C:\Program Files (x86)\Vodafone-Sicherheitspaket\Common\FSHDLL32.EXE (F-Secure Corporation)

PRC - C:\Program Files (x86)\Vodafone-Sicherheitspaket\Anti-Virus\fsgk32st.exe (F-Secure Corporation)

PRC - C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)

PRC - C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

MOD - \\?\c:\program files (x86)\vodafone-sicherheitspaket\hips\fshook32.dll ()

MOD - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSGUI\strres.eng ()

MOD - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSGUI\gres.dll ()

MOD - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSGUI\flyerres.eng ()

MOD - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSGUI\fsavures.eng ()

MOD - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSGUI\about.dll ()

MOD - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSGUI\aboutres.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (VFPRadioSupportService) -- C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe (CSR, plc)

SRV:64bit: - (PowerSavingUtilityService) -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe (FUJITSU LIMITED)

SRV:64bit: - (WirelessSelectorService) -- C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe ()

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (Radio.fx) -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe ()

SRV - (FSORSPClient) -- C:\Program Files (x86)\Vodafone-Sicherheitspaket\ORSP Client\fsorsp.exe (F-Secure Corporation)

SRV - (FSDFWD) -- C:\Program Files (x86)\Vodafone-Sicherheitspaket\FWES\Program\fsdfwd.exe (F-Secure Corporation)

SRV - (HP LaserJet Service) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (FSMA) -- C:\Program Files (x86)\Vodafone-Sicherheitspaket\Common\FSMA32.EXE (F-Secure Corporation)

SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program Files (x86)\Vodafone-Sicherheitspaket\Anti-Virus\fsgk32st.exe (F-Secure Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (TestHandler) -- C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (bbcap) -- C:\Windows\SysNative\drivers\bbcap.sys (Windows (R) Codename Longhorn DDK provider)

DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (FSFW) -- C:\Windows\SysNative\drivers\fsdfw.sys (F-Secure Corporation)

DRV:64bit: - (FSES) -- C:\Windows\SysNative\drivers\fses.sys (F-Secure Corporation)

DRV:64bit: - (HPFXFAX) -- C:\Windows\SysNative\drivers\hppdfaxio.sys (Hewlett Packard)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (HPFXBULKLEDM) -- C:\Windows\SysNative\drivers\hppdbulkio.sys (Hewlett Packard)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (LVUVC64) Logitech QuickCam E3500(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (SynasUSB) -- C:\Windows\SysNative\drivers\synUSB64.sys (SIA Syncrosoft)

DRV:64bit: - (FUJ02E3) -- C:\Windows\SysNative\drivers\fuj02e3.sys (FUJITSU LIMITED)

DRV:64bit: - (FUJ02B1) -- C:\Windows\SysNative\drivers\fuj02b1.sys (FUJITSU LIMITED)

DRV - (F-Secure Gatekeeper) -- C:\Program Files (x86)\Vodafone-Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys ()

DRV - (F-Secure HIPS) -- C:\Program Files (x86)\Vodafone-Sicherheitspaket\HIPS\drivers\fshs.sys (F-Secure Corporation)

DRV - (fsvista) -- C:\Program Files (x86)\Vodafone-Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys ()

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6D3272B0-B5B9-432B-AA58-7392CB7DF3E4}

IE:64bit: - HKLM\..\SearchScopes\{6D3272B0-B5B9-432B-AA58-7392CB7DF3E4}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

IE - HKLM\..\SearchScopes\{A390A7C2-A9C4-46BC-9438-7D27C65AA126}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF

IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029

IE - HKCU\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found

IE - HKCU\..\SearchScopes,DefaultScope = {A390A7C2-A9C4-46BC-9438-7D27C65AA126}

IE - HKCU\..\SearchScopes\{A390A7C2-A9C4-46BC-9438-7D27C65AA126}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF

IE - HKCU\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\Vodafone-Sicherheitspaket\NRS\litmus-ff@f-secure.com [2012/04/23 18:13:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/29 19:27:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/25 13:34:40 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/14 15:04:53 | 000,000,000 | ---D | M]

 

[2011/05/25 23:17:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions

[2012/04/28 00:53:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\82plz4jj.default\extensions

[2012/04/28 00:53:39 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\82plz4jj.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}

[2011/07/14 00:31:23 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\82plz4jj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012/02/02 23:47:16 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\82plz4jj.default\extensions\engine@conduit.com

[2012/04/25 13:34:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012/04/23 18:13:46 | 000,000,000 | ---D | M] ("Browsing Protection") -- C:\PROGRAM FILES (X86)\VODAFONE-SICHERHEITSPAKET\NRS\LITMUS-FF@F-SECURE.COM

() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\82PLZ4JJ.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI

[2012/04/25 13:34:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/04/03 18:50:22 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011/10/08 17:07:20 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011/10/08 17:07:20 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011/10/08 17:07:20 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011/10/08 17:07:20 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011/10/08 17:07:20 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2011/10/08 17:07:20 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Vodafone-Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Vodafone-Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [BthSyncServ] "C:\Program Files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe" File not found

O4:64bit: - HKLM..\Run: [ConMgr] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (CSR, plc)

O4:64bit: - HKLM..\Run: [CSRSkype] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe (CSR, plc)

O4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [HP LaserJet Professional CM1410 Series Fax] C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)

O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)

O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\Vodafone-Sicherheitspaket\Common\FSM32.EXE (F-Secure Corporation)

O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSGUI\TNBUtil.exe (F-Secure Corporation)

O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)

O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [ToolboxFX] C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)

O4 - HKCU..\Run: [Dzuwp] C:\Users\***\AppData\Roaming\DDACLSysi.dll (Yeoelupsd)

O4 - HKCU..\Run: [Hjaiktj] C:\Users\***\AppData\Roaming\mscpxl327.dll (Yeoelupsd)

O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000023 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {8C922C73-FFFA-45A3-B2C2-BC1E30074267} hxxp://www.sony.de/bravia/RegistrationAgent.cab (WalkmanRegistrar Object)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B49D026-1CE7-4AA1-9068-98B28AF95EE4}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{b26b162e-b9f4-11e0-aade-b482fe64b043}\Shell - "" = AutoRun

O33 - MountPoints2\{b26b162e-b9f4-11e0-aade-b482fe64b043}\Shell\AutoRun\command - "" = E:\DPFMate.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012/04/28 10:42:58 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2012/04/28 01:16:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Amazon

[2012/04/28 01:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon

[2012/04/28 01:16:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon

[2012/04/25 13:54:47 | 000,000,000 | ---D | C] -- C:\bd_logs

[2012/04/25 13:34:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012/04/25 13:34:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012/04/22 18:12:57 | 000,000,000 | ---D | C] -- C:\Users\Katharina\AppData\Roaming\Malwarebytes

[2012/04/22 18:12:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2012/04/22 18:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/04/22 18:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/04/22 18:12:42 | 000,024,152 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/04/22 18:12:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/04/22 13:51:23 | 000,139,264 | RHS- | C] (Yeoelupsd) -- C:\Users\***\AppData\Roaming\mscpxl327.dll

[2012/04/22 13:51:23 | 000,139,264 | RHS- | C] (Yeoelupsd) -- C:\Users\***\AppData\Roaming\DDACLSysi.dll

[2012/04/15 00:41:05 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll

[2012/04/15 00:41:05 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll

[2012/04/15 00:41:02 | 002,311,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll

[2012/04/15 00:41:02 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll

[2012/04/15 00:41:02 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll

[2012/04/15 00:41:02 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll

[2012/04/15 00:41:01 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll

[2012/04/15 00:41:00 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll

[2012/04/15 00:41:00 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll

[2012/04/15 00:40:59 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl

[2012/04/15 00:40:59 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl

[2012/04/15 00:40:31 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe

[2012/04/15 00:40:30 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe

[2012/04/15 00:40:29 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe

[2012/04/15 00:36:11 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imagehlp.dll

[2012/04/15 00:36:11 | 000,023,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fs_rec.sys

[2012/04/15 00:36:10 | 000,220,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll

[2012/04/03 18:51:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012/04/03 18:50:58 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2012/04/03 18:50:58 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2012/04/03 18:50:58 | 000,149,280 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

[2012/04/03 18:50:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

[2012/04/02 22:29:06 | 008,741,536 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2012/04/02 22:14:41 | 000,418,464 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

 
 ========== Files - Modified Within 30 Days ==========

 

[2012/04/28 10:43:44 | 001,520,490 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/04/28 10:43:44 | 000,661,528 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012/04/28 10:43:44 | 000,623,370 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/04/28 10:43:44 | 000,133,484 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012/04/28 10:43:44 | 000,109,866 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/04/28 10:29:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/04/28 10:09:15 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/04/28 09:54:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/04/28 09:51:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2012/04/28 09:24:53 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/04/28 09:24:53 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/04/28 09:23:58 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/04/28 09:18:02 | 000,000,530 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job

[2012/04/28 09:17:29 | 1500,946,432 | -HS- | M] () -- C:\hiberfil.sys

[2012/04/22 18:12:47 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2012/04/22 13:51:23 | 000,139,264 | RHS- | M] (Yeoelupsd) -- C:\Users\***\AppData\Roaming\mscpxl327.dll

[2012/04/22 13:51:23 | 000,139,264 | RHS- | M] (Yeoelupsd) -- C:\Users\***\AppData\Roaming\DDACLSysi.dll

[2012/04/20 21:57:00 | 000,007,634 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg

[2012/04/14 18:26:28 | 000,418,464 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe

[2012/04/14 18:26:28 | 000,070,304 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

[2012/04/14 18:25:41 | 008,741,536 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe

[2012/04/14 15:04:54 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012/04/03 18:50:20 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\deployJava1.dll

[2012/04/03 18:50:20 | 000,157,472 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaws.exe

[2012/04/03 18:50:20 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\javaw.exe

[2012/04/03 18:50:20 | 000,149,280 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\SysWow64\java.exe

 
 ========== Files Created - No Company Name ==========

 

[2012/04/28 09:18:02 | 000,000,530 | ---- | C] () -- C:\Windows\tasks\Scheduled scanning task.job

[2012/04/22 18:12:47 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk

[2012/04/02 22:14:42 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/01/31 23:59:23 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{1B8A72D1-0554-4792-BAE5-E27D02254F4E}

[2012/01/27 17:07:15 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{8787AC16-8976-44EE-BD6E-C697184DCDB9}

[2012/01/26 19:20:21 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{40AEAC3A-EB8D-416F-95DF-5E975192497C}

[2012/01/10 22:25:32 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{87833589-56F7-43DA-AE50-4D517937B4E8}

[2012/01/10 11:55:29 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{C2274A70-0A98-4DD3-A214-0826516D5EC5}

[2012/01/10 07:24:01 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{EE32D3E8-6D07-48D7-98F9-C46030F4F7A5}

[2012/01/03 22:11:12 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{25754AB5-4772-4A0C-BA40-D2C6A491E023}

[2011/12/31 17:33:35 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{04DD0C38-32CC-49D7-8AC3-0933D7E1AF2C}

[2011/12/22 16:59:29 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{55A598FD-BCE0-4CC6-A6AD-51DE46FA7F74}

[2011/12/11 18:26:36 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{3885C551-565C-440A-ACA1-7605E2020FDA}

[2011/12/05 00:50:57 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{3130C77D-008C-4E79-880B-1D889BFBCAB2}

[2011/12/04 14:41:14 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{93919BA7-DE26-4B1E-86F8-DD5BF5C372B4}

[2011/11/11 07:32:57 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{64745AB8-F417-479C-B6C9-EE7F9D1B22BC}

[2011/10/17 23:43:17 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{41359F55-61E8-4775-BEB2-FF6606742581}

[2011/09/22 21:37:55 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{4B028D1C-EDC7-42CC-A21C-33C17B0FA747}

[2011/09/07 12:11:31 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{1257BD2D-84F6-4627-B85D-88D4EEFB0F73}

[2011/08/15 23:11:55 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll

[2011/07/17 14:34:15 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{2E16BCC7-06A0-4729-88CC-F277BDCE9EC1}

[2011/06/01 17:21:04 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll

[2010/12/28 20:25:17 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg

[2010/12/28 20:06:42 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys

[2010/12/28 20:06:09 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe

[2010/12/08 18:15:50 | 000,022,528 | ---- | C] (         ) -- C:\Windows\SysWow64\drivers\gt680x.sys

[2010/11/09 14:49:23 | 000,007,634 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg

[2010/11/08 20:07:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/11/08 18:10:53 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys

[2010/11/08 18:10:20 | 001,516,890 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/10/03 16:09:20 | 000,000,049 | ---- | C] () -- C:\Windows\OFCSCAN.INI

[2010/08/31 17:22:00 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin

[2010/08/31 17:22:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll

[2010/08/31 17:22:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

[2010/08/31 17:22:00 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

[2010/08/31 17:21:59 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
 

< End of report >

--- --- ---

Ich habe noch den OTL-Logfile geschickt.
Mache dann jetzt erstmal den Vollscan.

Danke schonmal :)

Code:

 Malwarebytes Anti-Malware 1.61.0.1400

www.malwarebytes.org
 

Datenbank Version: v2012.04.30.03
 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

*** :: *** [Administrator]
 

30.04.2012 14:27:58

mbam-log-2012-04-30 (14-27-58).txt
 

Art des Suchlaufs: Vollständiger Suchlauf

Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM

Deaktivierte Suchlaufeinstellungen: P2P

Durchsuchte Objekte: 372787

Laufzeit: 1 Stunde(n), 12 Sekunde(n)
 

Infizierte Speicherprozesse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Speichermodule: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungsschlüssel: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Registrierungswerte: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateiobjekte der Registrierung: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Verzeichnisse: 0

(Keine bösartigen Objekte gefunden)
 

Infizierte Dateien: 0

(Keine bösartigen Objekte gefunden)
 

(Ende)

Das ist der neue Scanbericht.
Zeitgleich hat das Vodafone Sicherheitscenter von F-secure allerdings einen Virus (Gen: Variant.barys.1667) in User/Appdata... angezeigt, der allerdings nicht bereinigt werden konnte.

Außerdem habe ich das gerade noch im Quarantäne Ordner des Sicherheitscenters gefunden:

Trojan.Generic.KDV.604983 und Trojan.Generic.KDV. 529802 unter Users/Appdata/Temp...

Hier jetzt das Ergebnis von Eset

Code:

 ESETSmartInstaller@High as downloader log:

all ok

# version=7

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=2f4cc5dd73f49449bac5c26edcf8289c

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-04-30 03:37:23

# local_time=2012-04-30 05:37:23 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1033

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode=2304 16777215 100 0 0 0 0 0

# compatibility_mode=5893 16776573 100 94 8277 87424432 0 0

# compatibility_mode=8192 67108863 100 0 122 122 0 0

# scanned=151215

# found=2

# cleaned=0

# scan_time=5682

C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe        Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I

${Memory}        probably a variant of Win32/Ponmocup.AA trojan        00000000000000000000000000000000        I

Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

Hallo Arne,

der normale Modus läuft uneingeschränkt, ich habe nur das Gefühl, dass das Laden von Seiten im Browser länger dauert.
Das Startmenü sieht auchganz normal aus. Habe keine leeren Ordner gefunden.

LG,
Katharina

Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:

hier steht das Log

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Setze oben mittig den Haken bei Scanne alle Benutzer
Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die http://billy-oneal.com/Canned%20Spee.../customFix.png Textbox von OTL - wenn OTL auf deutsch ist wird sie mit http://larusso.trojaner-board.de/Images/otlfix.jpg beschriftet

Code:

netsvcs

msconfig

safebootminimal

safebootnetwork

activex

drivers32

%ALLUSERSPROFILE%\Application Data\*.

%ALLUSERSPROFILE%\Application Data\*.exe /s

%APPDATA%\*.

%APPDATA%\*.exe /s

%SYSTEMDRIVE%\*.exe

/md5start

wininit.exe

userinit.exe

eventlog.dll

scecli.dll

netlogon.dll

cngaudit.dll

ws2ifsl.sys

sceclt.dll

ntelogon.dll

winlogon.exe

logevent.dll

user32.DLL

iaStor.sys

nvstor.sys

atapi.sys

IdeChnDr.sys

viasraid.sys

AGP440.sys

vaxscsi.sys

nvatabus.sys

viamraid.sys

nvata.sys

nvgts.sys

iastorv.sys

ViPrt.sys

eNetHook.dll

ahcix86.sys

KR10N.sys

nvstor32.sys

ahcix86s.sys

/md5stop

%systemroot%\system32\drivers\*.sys /lockedfiles

%systemroot%\System32\config\*.sav

%systemroot%\*. /mp /s

%systemroot%\system32\*.dll /lockedfiles

CREATERESTOREPOINT

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf http://billy-oneal.com/Canned%20Spee.../OTL/btnOK.png.
Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread

Hallo Arne,
hier der OTL logfile

OTL Logfile:

Code:

OTL logfile created on: 5/1/2012 9:46:27 PM - Run 2

OTL by OldTimer - Version 3.2.42.1     Folder = C:\Users\***\Desktop

64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

1.86 Gb Total Physical Memory | 0.89 Gb Available Physical Memory | 47.78% Memory free

3.73 Gb Paging File | 2.32 Gb Available in Paging File | 62.23% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 230.88 Gb Total Space | 123.80 Gb Free Space | 53.62% Space Free | Partition Type: NTFS

 

Computer Name: *** | User Name: *** | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

PRC - C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe ()

PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

PRC - C:\Program Files (x86)\Vodafone-Sicherheitspaket\ORSP Client\fsorsp.exe (F-Secure Corporation)

PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

PRC - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)

PRC - C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)

PRC - C:\Program Files (x86)\Vodafone-Sicherheitspaket\Common\FSMA32.EXE (F-Secure Corporation)

PRC - C:\Program Files (x86)\Vodafone-Sicherheitspaket\Common\FSM32.EXE (F-Secure Corporation)

PRC - C:\Program Files (x86)\Vodafone-Sicherheitspaket\Common\FSHDLL32.EXE (F-Secure Corporation)

PRC - C:\Program Files (x86)\Vodafone-Sicherheitspaket\Anti-Virus\fsgk32st.exe (F-Secure Corporation)

PRC - C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)

PRC - C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)

PRC - C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions)

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\3ce70b84dbb9970e1893672c5d430c80\Microsoft.VisualBasic.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\262285b3d0afafc5059f3fe9be69bff5\System.Windows.Forms.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\8177623eac8f15cf95b587625439eac7\System.Drawing.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\adb2fc93e7a4462eb399442c678be681\System.Runtime.Serialization.Formatters.Soap.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll ()

MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()

MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()

MOD - \\?\c:\program files (x86)\vodafone-sicherheitspaket\hips\fshook32.dll ()

MOD - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSGUI\strres.eng ()

MOD - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSGUI\gres.dll ()

MOD - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSGUI\flyerres.eng ()

MOD - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSGUI\fsavures.eng ()

MOD - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSGUI\about.dll ()

MOD - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSGUI\aboutres.dll ()

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV:64bit: - (VFPRadioSupportService) -- C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe (CSR, plc)

SRV:64bit: - (PowerSavingUtilityService) -- C:\Program Files\Fujitsu\PSUtility\PSUService.exe (FUJITSU LIMITED)

SRV:64bit: - (WirelessSelectorService) -- C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe ()

SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (Radio.fx) -- C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe ()

SRV - (FSORSPClient) -- C:\Program Files (x86)\Vodafone-Sicherheitspaket\ORSP Client\fsorsp.exe (F-Secure Corporation)

SRV - (FSDFWD) -- C:\Program Files (x86)\Vodafone-Sicherheitspaket\FWES\Program\fsdfwd.exe (F-Secure Corporation)

SRV - (HP LaserJet Service) -- C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe (HP)

SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)

SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)

SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)

SRV - (FSMA) -- C:\Program Files (x86)\Vodafone-Sicherheitspaket\Common\FSMA32.EXE (F-Secure Corporation)

SRV - (F-Secure Gatekeeper Handler Starter) -- C:\Program Files (x86)\Vodafone-Sicherheitspaket\Anti-Virus\fsgk32st.exe (F-Secure Corporation)

SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)

SRV - (TestHandler) -- C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Technology Solutions)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)

DRV:64bit: - (bbcap) -- C:\Windows\SysNative\drivers\bbcap.sys (Windows (R) Codename Longhorn DDK provider)

DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer)

DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)

DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)

DRV:64bit: - (FSFW) -- C:\Windows\SysNative\drivers\fsdfw.sys (F-Secure Corporation)

DRV:64bit: - (FSES) -- C:\Windows\SysNative\drivers\fses.sys (F-Secure Corporation)

DRV:64bit: - (HPFXFAX) -- C:\Windows\SysNative\drivers\hppdfaxio.sys (Hewlett Packard)

DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)

DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)

DRV:64bit: - (HPFXBULKLEDM) -- C:\Windows\SysNative\drivers\hppdbulkio.sys (Hewlett Packard)

DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )

DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)

DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)

DRV:64bit: - (IntcDAud) Intel(R) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)

DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)

DRV:64bit: - (HECIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)

DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation)

DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)

DRV:64bit: - (LVUVC64) Logitech QuickCam E3500(UVC) -- C:\Windows\SysNative\drivers\lvuvc64.sys (Logitech Inc.)

DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)

DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)

DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)

DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)

DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)

DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)

DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)

DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)

DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)

DRV:64bit: - (SynasUSB) -- C:\Windows\SysNative\drivers\synUSB64.sys (SIA Syncrosoft)

DRV:64bit: - (FUJ02E3) -- C:\Windows\SysNative\drivers\fuj02e3.sys (FUJITSU LIMITED)

DRV:64bit: - (FUJ02B1) -- C:\Windows\SysNative\drivers\fuj02b1.sys (FUJITSU LIMITED)

DRV - (F-Secure Gatekeeper) -- C:\Program Files (x86)\Vodafone-Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys ()

DRV - (F-Secure HIPS) -- C:\Program Files (x86)\Vodafone-Sicherheitspaket\HIPS\drivers\fshs.sys (F-Secure Corporation)

DRV - (fsvista) -- C:\Program Files (x86)\Vodafone-Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys ()

DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6D3272B0-B5B9-432B-AA58-7392CB7DF3E4}

IE:64bit: - HKLM\..\SearchScopes\{6D3272B0-B5B9-432B-AA58-7392CB7DF3E4}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = {AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

IE - HKLM\..\SearchScopes\{A390A7C2-A9C4-46BC-9438-7D27C65AA126}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF

IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

 

 

IE - HKU\S-1-5-21-4283561108-4089370474-1362386471-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ts.fujitsu.com

IE - HKU\S-1-5-21-4283561108-4089370474-1362386471-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]

IE - HKU\S-1-5-21-4283561108-4089370474-1362386471-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029

IE - HKU\S-1-5-21-4283561108-4089370474-1362386471-1000\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found

IE - HKU\S-1-5-21-4283561108-4089370474-1362386471-1000\..\SearchScopes,DefaultScope = {A390A7C2-A9C4-46BC-9438-7D27C65AA126}

IE - HKU\S-1-5-21-4283561108-4089370474-1362386471-1000\..\SearchScopes\{A390A7C2-A9C4-46BC-9438-7D27C65AA126}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF

IE - HKU\S-1-5-21-4283561108-4089370474-1362386471-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029

IE - HKU\S-1-5-21-4283561108-4089370474-1362386471-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 
 ========== FireFox ==========

 

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()

FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.652: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.647: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)

FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files (x86)\Vodafone-Sicherheitspaket\NRS\litmus-ff@f-secure.com [2012/04/23 18:13:46 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/06/29 19:27:58 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/04/25 13:34:40 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/04/14 15:04:53 | 000,000,000 | ---D | M]

 

[2011/05/25 23:17:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions

[2012/04/28 00:53:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\82plz4jj.default\extensions

[2012/04/28 00:53:39 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\82plz4jj.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}

[2011/07/14 00:31:23 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\82plz4jj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012/02/02 23:47:16 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\82plz4jj.default\extensions\engine@conduit.com

[2012/04/25 13:34:51 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2012/04/23 18:13:46 | 000,000,000 | ---D | M] ("Browsing Protection") -- C:\PROGRAM FILES (X86)\VODAFONE-SICHERHEITSPAKET\NRS\LITMUS-FF@F-SECURE.COM

() (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\82PLZ4JJ.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI

[2012/04/25 13:34:40 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012/04/03 18:50:22 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll

[2011/10/08 17:07:20 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2011/10/08 17:07:20 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2011/10/08 17:07:20 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2011/10/08 17:07:20 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2011/10/08 17:07:20 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2011/10/08 17:07:20 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)

O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files (x86)\Vodafone-Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation)

O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files (x86)\Vodafone-Sicherheitspaket\NRS\iescript\baselitmus.dll (F-Secure Corporation)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4:64bit: - HKLM..\Run: [BthSyncServ] "C:\Program Files\CSR\Bluetooth Feature Pack 5.0\bthsyncserv.exe" File not found

O4:64bit: - HKLM..\Run: [ConMgr] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (CSR, plc)

O4:64bit: - HKLM..\Run: [CSRSkype] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe (CSR, plc)

O4:64bit: - HKLM..\Run: [FDM7] C:\Program Files\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [HP LaserJet Professional CM1410 Series Fax] C:\Program Files (x86)\HP\Digital Imaging\Fax\Fax Driver 0.6 Base\hppfaxprintersrv.exe (Hewlett-Packard Company)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)

O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [PSUTility] C:\Program Files\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)

O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [ContentTransferWMDetector.exe] C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe (Sony Corporation)

O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files (x86)\Vodafone-Sicherheitspaket\Common\FSM32.EXE (F-Secure Corporation)

O4 - HKLM..\Run: [F-Secure TNB] C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSGUI\TNBUtil.exe (F-Secure Corporation)

O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files (x86)\HP\HP UT\bin\hppusg.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)

O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)

O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)

O4 - HKLM..\Run: [ToolboxFX] C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe (Hewlett-Packard Company)

O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe (CyberLink Corp.)

O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)

O4 - HKU\S-1-5-21-4283561108-4089370474-1362386471-1000..\Run: [Dzuwp] C:\Users\***\AppData\Roaming\DDACLSysi.dll (Yeoelupsd)

O4 - HKU\S-1-5-21-4283561108-4089370474-1362386471-1000..\Run: [Hjaiktj] C:\Users\***\AppData\Roaming\mscpxl327.dll (Yeoelupsd)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)

O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk = C:\Program Files (x86)\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)

O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKU\S-1-5-21-4283561108-4089370474-1362386471-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()

O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found

O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm ()

O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()

O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000023 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\fslsp_x64.dll (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files (x86)\Vodafone-Sicherheitspaket\FSPS\program\FSLSP.DLL (F-Secure Corporation)

O1364bit: - gopher Prefix: missing

O13 - gopher Prefix: missing

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {8C922C73-FFFA-45A3-B2C2-BC1E30074267} hxxp://www.sony.de/bravia/RegistrationAgent.cab (WalkmanRegistrar Object)

O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8B49D026-1CE7-4AA1-9068-98B28AF95EE4}: DhcpNameServer = 192.168.2.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{b26b162e-b9f4-11e0-aade-b482fe64b043}\Shell - "" = AutoRun

O33 - MountPoints2\{b26b162e-b9f4-11e0-aade-b482fe64b043}\Shell\AutoRun\command - "" = E:\DPFMate.exe

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

 

 

SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootMin:64bit: Base - Driver Group

SafeBootMin:64bit: Boot Bus Extender - Driver Group

SafeBootMin:64bit: Boot file system - Driver Group

SafeBootMin:64bit: File system - Driver Group

SafeBootMin:64bit: Filter - Driver Group

SafeBootMin:64bit: HelpSvc - Service

SafeBootMin:64bit: PCI Configuration - Driver Group

SafeBootMin:64bit: PNP Filter - Driver Group

SafeBootMin:64bit: Primary disk - Driver Group

SafeBootMin:64bit: sacsvr - Service

SafeBootMin:64bit: SCSI Class - Driver Group

SafeBootMin:64bit: System Bus Extender - Driver Group

SafeBootMin:64bit: vmms - Service

SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootMin: Base - Driver Group

SafeBootMin: Boot Bus Extender - Driver Group

SafeBootMin: Boot file system - Driver Group

SafeBootMin: File system - Driver Group

SafeBootMin: Filter - Driver Group

SafeBootMin: HelpSvc - Service

SafeBootMin: PCI Configuration - Driver Group

SafeBootMin: PNP Filter - Driver Group

SafeBootMin: Primary disk - Driver Group

SafeBootMin: sacsvr - Service

SafeBootMin: SCSI Class - Driver Group

SafeBootMin: System Bus Extender - Driver Group

SafeBootMin: vmms - Service

SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

SafeBootNet:64bit: Base - Driver Group

SafeBootNet:64bit: Boot Bus Extender - Driver Group

SafeBootNet:64bit: Boot file system - Driver Group

SafeBootNet:64bit: File system - Driver Group

SafeBootNet:64bit: Filter - Driver Group

SafeBootNet:64bit: HelpSvc - Service

SafeBootNet:64bit: Messenger - Service

SafeBootNet:64bit: NDIS Wrapper - Driver Group

SafeBootNet:64bit: NetBIOSGroup - Driver Group

SafeBootNet:64bit: NetDDEGroup - Driver Group

SafeBootNet:64bit: Network - Driver Group

SafeBootNet:64bit: NetworkProvider - Driver Group

SafeBootNet:64bit: PCI Configuration - Driver Group

SafeBootNet:64bit: PNP Filter - Driver Group

SafeBootNet:64bit: PNP_TDI - Driver Group

SafeBootNet:64bit: Primary disk - Driver Group

SafeBootNet:64bit: rdsessmgr - Service

SafeBootNet:64bit: sacsvr - Service

SafeBootNet:64bit: SCSI Class - Driver Group

SafeBootNet:64bit: Streams Drivers - Driver Group

SafeBootNet:64bit: System Bus Extender - Driver Group

SafeBootNet:64bit: TDI - Driver Group

SafeBootNet:64bit: vmms - Service

SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)

SafeBootNet:64bit: WudfUsbccidDriver - Driver

SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: Base - Driver Group

SafeBootNet: Boot Bus Extender - Driver Group

SafeBootNet: Boot file system - Driver Group

SafeBootNet: File system - Driver Group

SafeBootNet: Filter - Driver Group

SafeBootNet: HelpSvc - Service

SafeBootNet: Messenger - Service

SafeBootNet: NDIS Wrapper - Driver Group

SafeBootNet: NetBIOSGroup - Driver Group

SafeBootNet: NetDDEGroup - Driver Group

SafeBootNet: Network - Driver Group

SafeBootNet: NetworkProvider - Driver Group

SafeBootNet: PCI Configuration - Driver Group

SafeBootNet: PNP Filter - Driver Group

SafeBootNet: PNP_TDI - Driver Group

SafeBootNet: Primary disk - Driver Group

SafeBootNet: rdsessmgr - Service

SafeBootNet: sacsvr - Service

SafeBootNet: SCSI Class - Driver Group

SafeBootNet: Streams Drivers - Driver Group

SafeBootNet: System Bus Extender - Driver Group

SafeBootNet: TDI - Driver Group

SafeBootNet: vmms - Service

SafeBootNet: WudfUsbccidDriver - Driver

SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers

SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive

SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive

SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller

SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc

SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard

SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse

SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net

SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient

SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService

SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans

SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters

SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter

SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System

SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive

SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers

SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy

SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers

SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume

SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices

SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

 

ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings

ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install

ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework

ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig

ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)

ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0

ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework

ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack

ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE

ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx

ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help

ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6

ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools

ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements

ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player

ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access

ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7

ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll

ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings

ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install

ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding

ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts

ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help

ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface

ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework

ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP

ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig

ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP

 

Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)

Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: msacm.l3codec - C:\Windows\SysWOW64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)

Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)

Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)

Drivers32: vidc.yv12 - C:\Windows\SysWow64\yv12vfw.dll (www.helixcommunity.org)

 

CREATERESTOREPOINT

Restore point Set: OTL Restore Point

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012/04/30 16:01:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET

[2012/04/30 14:41:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\F-Secure

[2012/04/30 14:37:22 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe

[2012/04/28 10:42:58 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2012/04/28 01:16:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Amazon

[2012/04/28 01:16:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon

[2012/04/28 01:16:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon

[2012/04/25 13:54:47 | 000,000,000 | ---D | C] -- C:\bd_logs

[2012/04/25 13:34:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla

[2012/04/25 13:34:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service

[2012/04/22 18:12:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes

[2012/04/22 18:12:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

[2012/04/22 18:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware

[2012/04/22 18:12:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes

[2012/04/22 18:12:42 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

[2012/04/22 18:12:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware

[2012/04/03 18:51:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java

[2012/04/03 18:50:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java

 
 ========== Files - Modified Within 30 Days ==========

 

[2012/05/01 21:42:02 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2012/05/01 21:42:02 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2012/05/01 21:34:28 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2012/05/01 21:34:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2012/05/01 21:34:10 | 1500,946,432 | -HS- | M] () -- C:\hiberfil.sys

[2012/05/01 17:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/05/01 17:09:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2012/05/01 13:17:37 | 001,520,490 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2012/05/01 13:17:37 | 000,661,528 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2012/05/01 13:17:37 | 000,623,370 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2012/05/01 13:17:37 | 000,133,484 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2012/05/01 13:17:37 | 000,109,866 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2012/05/01 11:07:36 | 000,000,530 | ---- | M] () -- C:\Windows\tasks\Scheduled scanning task.job

[2012/04/30 14:37:40 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe

[2012/04/30 14:20:19 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/28 09:51:52 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe

[2012/04/22 13:51:23 | 000,139,264 | ---- | M] () -- C:\Users\***\AppData\Roaming\mscpxl327.dll

[2012/04/22 13:51:23 | 000,139,264 | ---- | M] () -- C:\Users\***\AppData\Roaming\DDACLSysi.dll

[2012/04/20 21:57:00 | 000,007,634 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg

[2012/04/14 15:04:54 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk

[2012/04/04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

 
 ========== Files Created - No Company Name ==========

 

[2012/04/30 17:39:53 | 000,000,530 | ---- | C] () -- C:\Windows\tasks\Scheduled scanning task.job

[2012/04/30 14:20:19 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

[2012/04/22 13:51:23 | 000,139,264 | ---- | C] () -- C:\Users\***\AppData\Roaming\mscpxl327.dll

[2012/04/22 13:51:23 | 000,139,264 | ---- | C] () -- C:\Users\***\AppData\Roaming\DDACLSysi.dll

[2012/04/02 22:14:42 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2012/01/31 23:59:23 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{1B8A72D1-0554-4792-BAE5-E27D02254F4E}

[2012/01/27 17:07:15 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{8787AC16-8976-44EE-BD6E-C697184DCDB9}

[2012/01/26 19:20:21 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{40AEAC3A-EB8D-416F-95DF-5E975192497C}

[2012/01/10 22:25:32 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{87833589-56F7-43DA-AE50-4D517937B4E8}

[2012/01/10 11:55:29 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{C2274A70-0A98-4DD3-A214-0826516D5EC5}

[2012/01/10 07:24:01 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{EE32D3E8-6D07-48D7-98F9-C46030F4F7A5}

[2012/01/03 22:11:12 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{25754AB5-4772-4A0C-BA40-D2C6A491E023}

[2011/12/31 17:33:35 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{04DD0C38-32CC-49D7-8AC3-0933D7E1AF2C}

[2011/12/22 16:59:29 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{55A598FD-BCE0-4CC6-A6AD-51DE46FA7F74}

[2011/12/11 18:26:36 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{3885C551-565C-440A-ACA1-7605E2020FDA}

[2011/12/05 00:50:57 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{3130C77D-008C-4E79-880B-1D889BFBCAB2}

[2011/12/04 14:41:14 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{93919BA7-DE26-4B1E-86F8-DD5BF5C372B4}

[2011/11/11 07:32:57 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{64745AB8-F417-479C-B6C9-EE7F9D1B22BC}

[2011/10/17 23:43:17 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{41359F55-61E8-4775-BEB2-FF6606742581}

[2011/09/22 21:37:55 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{4B028D1C-EDC7-42CC-A21C-33C17B0FA747}

[2011/09/07 12:11:31 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{1257BD2D-84F6-4627-B85D-88D4EEFB0F73}

[2011/08/15 23:11:55 | 000,554,496 | ---- | C] () -- C:\Windows\SysWow64\dvmsg.dll

[2011/07/17 14:34:15 | 000,000,000 | ---- | C] () -- C:\Users\***\AppData\Local\{2E16BCC7-06A0-4729-88CC-F277BDCE9EC1}

[2011/06/01 17:21:04 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll

[2010/12/28 20:25:17 | 000,000,051 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe.cfg

[2010/12/28 20:06:42 | 000,002,892 | ---- | C] () -- C:\Windows\SysWow64\audcon.sys

[2010/12/28 20:06:09 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\SYNSOPOS.exe

[2010/12/08 18:15:50 | 000,022,528 | ---- | C] (         ) -- C:\Windows\SysWow64\drivers\gt680x.sys

[2010/11/09 14:49:23 | 000,007,634 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg

[2010/11/08 20:07:28 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat

[2010/11/08 18:10:53 | 000,042,672 | ---- | C] () -- C:\Windows\SysWow64\drivers\fsbts.sys

[2010/11/08 18:10:20 | 001,516,890 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI

[2010/10/03 16:09:20 | 000,000,049 | ---- | C] () -- C:\Windows\OFCSCAN.INI

[2010/08/31 17:22:00 | 000,870,544 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin

[2010/08/31 17:22:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll

[2010/08/31 17:22:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll

[2010/08/31 17:22:00 | 000,051,068 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin

[2010/08/31 17:21:59 | 000,127,896 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin

 
 ========== LOP Check ==========

 

[2012/02/01 17:54:02 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#

[2012/04/28 01:16:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon

[2012/02/02 23:47:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo

[2011/04/29 00:55:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Blueberry

[2012/05/01 21:38:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox

[2012/01/18 17:04:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft

[2010/12/15 02:36:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers

[2012/04/30 14:41:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\F-Secure

[2011/05/29 19:33:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeScreenToVideo

[2011/11/13 18:49:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\go

[2012/03/13 19:37:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech

[2011/04/29 00:38:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LogSys

[2011/10/31 19:47:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge

[2011/02/13 16:27:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Publish Providers

[2011/02/13 16:07:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony

[2010/12/28 20:43:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Steinberg

[2011/08/15 23:12:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tobit

[2012/03/26 21:34:59 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

[2012/05/01 11:07:36 | 000,000,530 | ---- | M] () -- C:\Windows\Tasks\Scheduled scanning task.job

 
 ========== Purity Check ==========

 

 

 
 ========== Custom Scans ==========

 
 < %ALLUSERSPROFILE%\Application Data\*. >

 
 < %ALLUSERSPROFILE%\Application Data\*.exe /s >

 
 < %APPDATA%\*. >

[2012/02/01 17:54:02 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#

[2010/11/08 19:27:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe

[2012/04/28 01:16:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon

[2010/12/25 18:17:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer

[2012/02/02 23:47:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo

[2011/04/29 00:55:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Blueberry

[2012/05/01 21:38:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox

[2012/03/11 01:55:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss

[2012/01/18 17:04:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft

[2010/12/15 02:36:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers

[2012/04/30 14:41:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\F-Secure

[2011/05/29 19:33:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeScreenToVideo

[2011/11/13 18:49:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\go

[2011/12/03 19:06:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Hewlett-Packard Company

[2012/01/02 14:58:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HpUpdate

[2010/10/02 13:59:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities

[2012/03/13 19:37:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech

[2011/04/29 00:38:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LogSys

[2010/11/08 19:27:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia

[2012/04/22 18:12:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes

[2009/07/14 09:45:37 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs

[2011/05/18 12:06:46 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft

[2011/05/25 23:17:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla

[2011/10/31 19:47:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge

[2011/02/13 16:27:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Publish Providers

[2011/10/26 14:20:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Real

[2012/04/30 21:59:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype

[2011/05/29 19:55:20 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SkypePM

[2011/02/13 16:07:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony

[2011/01/13 23:59:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony Corporation

[2010/12/28 20:43:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Steinberg

[2011/08/15 23:12:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Tobit

[2012/03/11 18:12:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc

 
 < %APPDATA%\*.exe /s >

[2012/02/15 01:03:14 | 024,246,216 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe

[2012/02/15 01:03:22 | 000,174,752 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Uninstall.exe

[2011/11/09 23:49:45 | 000,317,048 | ---- | M] (RealNetworks, Inc.) -- C:\Users\***\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\9.00\rnupgagent.exe

 
 < %SYSTEMDRIVE%\*.exe >

 
 < MD5 for: AGP440.SYS  >

[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys

[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys

[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys

 
 < MD5 for: ATAPI.SYS  >

[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys

[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys

[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys

 
 < MD5 for: CNGAUDIT.DLL  >

[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll

[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll

[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll

[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

 
 < MD5 for: IASTOR.SYS  >

[2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Fujitsu\Driver Pool\7\iaStor.sys

[2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\drivers\iaStor.sys

[2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_78ebae21a80aa2b4\iaStor.sys

[2010/03/03 19:51:40 | 000,540,696 | ---- | M] (Intel Corporation) MD5=ABBF174CB394F5C437410A788B7E404A -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_d73865c94450cce1\iaStor.sys

 
 < MD5 for: IASTORV.SYS  >

[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys

[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys

[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys

[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys

[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys

[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys

[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys

[2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys

[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

 
 < MD5 for: NETLOGON.DLL  >

[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll

[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll

[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll

[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll

[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll

[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

 
 < MD5 for: NVSTOR.SYS  >

[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys

[2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys

[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys

[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys

[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys

[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys

[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys

[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys

 
 < MD5 for: SCECLI.DLL  >

[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll

[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll

[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll

[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll

[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll

 
 < MD5 for: USER32.DLL  >

[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll

[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll

[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll

[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll

[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll

[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll

 
 < MD5 for: USERINIT.EXE  >

[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe

[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe

[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe

[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe

[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe

 
 < MD5 for: WININIT.EXE  >

[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe

[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe

[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe

[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe

 
 < MD5 for: WINLOGON.EXE  >

[2012/04/04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe

[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe

[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe

[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe

[2010/06/03 09:25:55 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe

[2010/06/03 09:25:55 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe

 
 < MD5 for: WS2IFSL.SYS  >

[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys

[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys

 
 < %systemroot%\system32\drivers\*.sys /lockedfiles >

 
 < %systemroot%\System32\config\*.sav >

 
 < %systemroot%\*. /mp /s >

 
 < %systemroot%\system32\*.dll /lockedfiles >

[2009/07/14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll
 

< End of report >

--- --- ---

Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!!

Code:

:OTL

IE - HKLM\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029

IE - HKU\S-1-5-21-4283561108-4089370474-1362386471-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ts.fujitsu.com

IE - HKU\S-1-5-21-4283561108-4089370474-1362386471-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [Binary data over 100 bytes]

IE - HKU\S-1-5-21-4283561108-4089370474-1362386471-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2475029

IE - HKU\S-1-5-21-4283561108-4089370474-1362386471-1000\..\URLSearchHook: {a1e75a0e-4397-4ba8-bb50-e19fb66890f4} - No CLSID value found

IE - HKU\S-1-5-21-4283561108-4089370474-1362386471-1000\..\SearchScopes,DefaultScope = {A390A7C2-A9C4-46BC-9438-7D27C65AA126}

IE - HKU\S-1-5-21-4283561108-4089370474-1362386471-1000\..\SearchScopes\{A390A7C2-A9C4-46BC-9438-7D27C65AA126}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7FTSF

IE - HKU\S-1-5-21-4283561108-4089370474-1362386471-1000\..\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029

[2012/04/28 00:53:39 | 000,000,000 | ---D | M] (MyAshampoo Community Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\82plz4jj.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}

[2011/07/14 00:31:23 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\82plz4jj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}

[2012/02/02 23:47:16 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\82plz4jj.default\extensions\engine@conduit.com

O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O4 - HKLM..\Run: []  File not found

O4 - HKU\S-1-5-21-4283561108-4089370474-1362386471-1000..\Run: [Dzuwp] C:\Users\***\AppData\Roaming\DDACLSysi.dll (Yeoelupsd)

O4 - HKU\S-1-5-21-4283561108-4089370474-1362386471-1000..\Run: [Hjaiktj] C:\Users\***\AppData\Roaming\mscpxl327.dll (Yeoelupsd)

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found

O32 - HKLM CDRom: AutoRun - 1

O33 - MountPoints2\{b26b162e-b9f4-11e0-aade-b482fe64b043}\Shell - "" = AutoRun

O33 - MountPoints2\{b26b162e-b9f4-11e0-aade-b482fe64b043}\Shell\AutoRun\command - "" = E:\DPFMate.exe

[2012/04/22 13:51:23 | 000,139,264 | ---- | C] () -- C:\Users\***\AppData\Roaming\mscpxl327.dll

[2012/04/22 13:51:23 | 000,139,264 | ---- | C] () -- C:\Users\***\AppData\Roaming\DDACLSysi.dll

[2012/02/01 17:54:02 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#

:Commands

[purity]

[emptytemp]

[emptyflash]

[resethosts]

Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

Hallo Arne,

hier der Logfile.
ich muss gestehen, beim ersten Mal habe ich wohl nicht überall die Sternchen gefunden. Beim zweiten Mal habe ich sie aber ersetzt, daher 2 Logfiles.
Ich hoffe, das war okay so.

Code:

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.

HKU\S-1-5-21-4283561108-4089370474-1362386471-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKU\S-1-5-21-4283561108-4089370474-1362386471-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!

HKU\S-1-5-21-4283561108-4089370474-1362386471-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-4283561108-4089370474-1362386471-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ not found.

HKEY_USERS\S-1-5-21-4283561108-4089370474-1362386471-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-4283561108-4089370474-1362386471-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A390A7C2-A9C4-46BC-9438-7D27C65AA126}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A390A7C2-A9C4-46BC-9438-7D27C65AA126}\ not found.

Registry key HKEY_USERS\S-1-5-21-4283561108-4089370474-1362386471-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.

Folder C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\82plz4jj.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ not found.

Folder C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\82plz4jj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\ not found.

Folder C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\82plz4jj.default\extensions\engine@conduit.com\ not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.

Registry value HKEY_USERS\S-1-5-21-4283561108-4089370474-1362386471-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Dzuwp deleted successfully.

File C:\Users\***\AppData\Roaming\DDACLSysi.dll not found.

Registry value HKEY_USERS\S-1-5-21-4283561108-4089370474-1362386471-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Hjaiktj deleted successfully.

File C:\Users\***\AppData\Roaming\mscpxl327.dll not found.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b26b162e-b9f4-11e0-aade-b482fe64b043}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b26b162e-b9f4-11e0-aade-b482fe64b043}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b26b162e-b9f4-11e0-aade-b482fe64b043}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b26b162e-b9f4-11e0-aade-b482fe64b043}\ not found.

File E:\DPFMate.exe not found.

File C:\Users\***\AppData\Roaming\mscpxl327.dll not found.

File C:\Users\***\AppData\Roaming\DDACLSysi.dll not found.

Folder C:\Users\***\AppData\Roaming\.#\ not found.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Journal

 

User: Katharina

->Temp folder emptied: 1127276791 bytes

->Temporary Internet Files folder emptied: 372240808 bytes

->Java cache emptied: 10730488 bytes

->FireFox cache emptied: 50244752 bytes

->Flash cache emptied: 839 bytes

 

User: Public

 

User: RegBack

 

User: systemprofile

 

User: TxR

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 346767999 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 1,819.00 mb

 

 

[EMPTYFLASH]

 

User: Administrator

 

User: All Users

 

User: Default

 

User: Default User

 

User: Journal

 

User: Katharina

->Flash cache emptied: 0 bytes

 

User: Public

 

User: RegBack

 

User: systemprofile

 

User: TxR

 

Total Flash Files Cleaned = 0.00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.42.1 log created on 05022012_151414
 

Files\Folders moved on Reboot...

File\Folder C:\Users\Katharina\AppData\Local\Temp\2011-08-23-1174466038_04-RG.PDF  not found!

C:\Users\Katharina\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

Registry entries deleted on Reboot...

Code:

All processes killed

========== OTL ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.

HKU\S-1-5-21-4283561108-4089370474-1362386471-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!

HKU\S-1-5-21-4283561108-4089370474-1362386471-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!

HKU\S-1-5-21-4283561108-4089370474-1362386471-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!

Registry value HKEY_USERS\S-1-5-21-4283561108-4089370474-1362386471-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\ not found.

HKEY_USERS\S-1-5-21-4283561108-4089370474-1362386471-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-4283561108-4089370474-1362386471-1000\Software\Microsoft\Internet Explorer\SearchScopes\{A390A7C2-A9C4-46BC-9438-7D27C65AA126}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A390A7C2-A9C4-46BC-9438-7D27C65AA126}\ not found.

Registry key HKEY_USERS\S-1-5-21-4283561108-4089370474-1362386471-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\ not found.

C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\82plz4jj.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\searchplugin folder moved successfully.

C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\82plz4jj.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\modules folder moved successfully.

C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\82plz4jj.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\META-INF folder moved successfully.

C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\82plz4jj.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\defaults folder moved successfully.

C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\82plz4jj.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\components folder moved successfully.

C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\82plz4jj.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}\chrome folder moved successfully.

C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\82plz4jj.default\extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} folder moved successfully.

C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\82plz4jj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\chrome folder moved successfully.

C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\82plz4jj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} folder moved successfully.

C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\82plz4jj.default\extensions\engine@conduit.com\searchplugin folder moved successfully.

C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\82plz4jj.default\extensions\engine@conduit.com\META-INF folder moved successfully.

C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\82plz4jj.default\extensions\engine@conduit.com\lib folder moved successfully.

C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\82plz4jj.default\extensions\engine@conduit.com\DualPackage folder moved successfully.

C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\82plz4jj.default\extensions\engine@conduit.com\defaults folder moved successfully.

C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\82plz4jj.default\extensions\engine@conduit.com\components folder moved successfully.

C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\82plz4jj.default\extensions\engine@conduit.com\chrome folder moved successfully.

C:\Users\Katharina\AppData\Roaming\mozilla\Firefox\Profiles\82plz4jj.default\extensions\engine@conduit.com folder moved successfully.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.

Registry value HKEY_USERS\S-1-5-21-4283561108-4089370474-1362386471-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Dzuwp not found.

C:\Users\Katharina\AppData\Roaming\DDACLSysi.dll moved successfully.

Registry value HKEY_USERS\S-1-5-21-4283561108-4089370474-1362386471-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Hjaiktj not found.

C:\Users\Katharina\AppData\Roaming\mscpxl327.dll moved successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin not found.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b26b162e-b9f4-11e0-aade-b482fe64b043}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b26b162e-b9f4-11e0-aade-b482fe64b043}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b26b162e-b9f4-11e0-aade-b482fe64b043}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b26b162e-b9f4-11e0-aade-b482fe64b043}\ not found.

File E:\DPFMate.exe not found.

File C:\Users\Katharina\AppData\Roaming\mscpxl327.dll not found.

File C:\Users\Katharina\AppData\Roaming\DDACLSysi.dll not found.

C:\Users\Katharina\AppData\Roaming\.# folder moved successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: Journal

 

User: Katharina

->Temp folder emptied: 4893 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 6056146 bytes

->Flash cache emptied: 456 bytes

 

User: Public

 

User: RegBack

 

User: systemprofile

 

User: TxR

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 614565 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 6.00 mb

 

 

[EMPTYFLASH]

 

User: Administrator

 

User: All Users

 

User: Default

 

User: Default User

 

User: Journal

 

User: Katharina

->Flash cache emptied: 0 bytes

 

User: Public

 

User: RegBack

 

User: systemprofile

 

User: TxR

 

Total Flash Files Cleaned = 0.00 mb

 

C:\Windows\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

OTL by OldTimer - Version 3.2.42.1 log created on 05022012_152855
 

Files\Folders moved on Reboot...

File\Folder C:\Users\Katharina\AppData\Local\Temp\2011-08-23-1174466038_04-RG.PDF  not found!

C:\Users\Katharina\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
 

Registry entries deleted on Reboot...

Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten, Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

Hallo,

hier das Log von Kaspersky

Code:

17:56:36.0871 3680        TDSS rootkit removing tool 2.7.34.0 May  2 2012 09:59:18

17:56:37.0261 3680        ============================================================

17:56:37.0261 3680        Current date / time: 2012/05/02 17:56:37.0261

17:56:37.0261 3680        SystemInfo:

17:56:37.0261 3680        

17:56:37.0261 3680        OS Version: 6.1.7601 ServicePack: 1.0

17:56:37.0261 3680        Product type: Workstation

17:56:37.0261 3680        ComputerName: WUSCHEL

17:56:37.0261 3680        UserName: Katharina

17:56:37.0261 3680        Windows directory: C:\Windows

17:56:37.0261 3680        System windows directory: C:\Windows

17:56:37.0261 3680        Running under WOW64

17:56:37.0261 3680        Processor architecture: Intel x64

17:56:37.0261 3680        Number of processors: 4

17:56:37.0261 3680        Page size: 0x1000

17:56:37.0261 3680        Boot type: Normal boot

17:56:37.0261 3680        ============================================================

17:56:41.0177 3680        Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

17:56:41.0177 3680        ============================================================

17:56:41.0177 3680        \Device\Harddisk0\DR0:

17:56:41.0177 3680        MBR partitions:

17:56:41.0177 3680        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x40466C, BlocksNum 0x1CDC0B04

17:56:41.0177 3680        ============================================================

17:56:41.0473 3680        C: <-> \Device\Harddisk0\DR0\Partition0

17:56:41.0473 3680        ============================================================

17:56:41.0473 3680        Initialize success

17:56:41.0473 3680        ============================================================

17:56:54.0827 3552        ============================================================

17:56:54.0827 3552        Scan started

17:56:54.0827 3552        Mode: Manual; SigCheck; TDLFS; 

17:56:54.0827 3552        ============================================================

17:56:59.0241 3552        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys

17:56:59.0756 3552        1394ohci - ok

17:56:59.0865 3552        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys

17:56:59.0897 3552        ACPI - ok

17:57:00.0021 3552        AcpiPmi         (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys

17:57:00.0817 3552        AcpiPmi - ok

17:57:01.0160 3552        AdobeFlashPlayerUpdateSvc (459ac130c6ab892b1cd5d7544626efc5) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

17:57:01.0301 3552        AdobeFlashPlayerUpdateSvc - ok

17:57:04.0608 3552        adp94xx         (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys

17:57:04.0842 3552        adp94xx - ok

17:57:05.0949 3552        adpahci         (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys

17:57:06.0168 3552        adpahci - ok

17:57:07.0400 3552        adpu320         (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys

17:57:07.0525 3552        adpu320 - ok

17:57:07.0587 3552        AeLookupSvc     (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll

17:57:09.0974 3552        AeLookupSvc - ok

17:57:10.0333 3552        AFD             (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys

17:57:10.0832 3552        AFD - ok

17:57:10.0910 3552        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys

17:57:10.0957 3552        agp440 - ok

17:57:11.0097 3552        ALG             (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe

17:57:11.0253 3552        ALG - ok

17:57:11.0347 3552        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys

17:57:11.0441 3552        aliide - ok

17:57:11.0565 3552        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys

17:57:11.0721 3552        amdide - ok

17:57:12.0174 3552        AmdK8           (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys

17:57:12.0299 3552        AmdK8 - ok

17:57:12.0689 3552        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys

17:57:12.0798 3552        AmdPPM - ok

17:57:12.0907 3552        amdsata         (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys

17:57:12.0938 3552        amdsata - ok

17:57:14.0108 3552        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys

17:57:14.0217 3552        amdsbs - ok

17:57:14.0264 3552        amdxata         (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys

17:57:14.0311 3552        amdxata - ok

17:57:14.0576 3552        AppID           (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys

17:57:19.0272 3552        AppID - ok

17:57:19.0334 3552        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll

17:57:19.0490 3552        AppIDSvc - ok

17:57:19.0740 3552        Appinfo         (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll

17:57:19.0849 3552        Appinfo - ok

17:57:19.0927 3552        AppMgmt         (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll

17:57:20.0052 3552        AppMgmt - ok

17:57:20.0504 3552        arc             (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys

17:57:20.0582 3552        arc - ok

17:57:20.0925 3552        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys

17:57:21.0003 3552        arcsas - ok

17:57:21.0081 3552        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys

17:57:21.0206 3552        AsyncMac - ok

17:57:21.0347 3552        atapi           (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys

17:57:21.0440 3552        atapi - ok

17:57:21.0768 3552        athr            (d6cad7e5b05055bb8226bdcb1644da27) C:\Windows\system32\DRIVERS\athrx.sys

17:57:22.0017 3552        athr - ok

17:57:22.0376 3552        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

17:57:22.0610 3552        AudioEndpointBuilder - ok

17:57:22.0610 3552        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll

17:57:22.0907 3552        AudioSrv - ok

17:57:23.0094 3552        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll

17:57:23.0905 3552        AxInstSV - ok

17:57:24.0311 3552        b06bdrv         (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys

17:57:24.0482 3552        b06bdrv - ok

17:57:24.0591 3552        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys

17:57:24.0779 3552        b57nd60a - ok

17:57:24.0950 3552        bbcap           (849ea7a204f9f77e7b2adb8699f7bfc8) C:\Windows\system32\DRIVERS\bbcap.sys

17:57:25.0091 3552        bbcap - ok

17:57:25.0231 3552        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll

17:57:25.0325 3552        BDESVC - ok

17:57:25.0418 3552        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys

17:57:25.0590 3552        Beep - ok

17:57:26.0073 3552        BFE             (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll

17:57:26.0245 3552        BFE - ok

17:57:26.0432 3552        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll

17:57:27.0041 3552        BITS - ok

17:57:27.0165 3552        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys

17:57:27.0243 3552        blbdrive - ok

17:57:27.0353 3552        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys

17:57:27.0477 3552        bowser - ok

17:57:27.0649 3552        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys

17:57:27.0945 3552        BrFiltLo - ok

17:57:27.0992 3552        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys

17:57:28.0008 3552        BrFiltUp - ok

17:57:28.0101 3552        Browser         (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll

17:57:28.0195 3552        Browser - ok

17:57:28.0289 3552        Brserid         (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys

17:57:28.0367 3552        Brserid - ok

17:57:28.0413 3552        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys

17:57:28.0476 3552        BrSerWdm - ok

17:57:28.0538 3552        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys

17:57:28.0616 3552        BrUsbMdm - ok

17:57:28.0679 3552        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys

17:57:28.0725 3552        BrUsbSer - ok

17:57:28.0772 3552        BthEnum         (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys

17:57:28.0850 3552        BthEnum - ok

17:57:28.0928 3552        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys

17:57:28.0991 3552        BTHMODEM - ok

17:57:29.0037 3552        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys

17:57:29.0147 3552        BthPan - ok

17:57:29.0256 3552        BTHPORT         (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys

17:57:29.0427 3552        BTHPORT - ok

17:57:29.0505 3552        bthserv         (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll

17:57:29.0630 3552        bthserv - ok

17:57:29.0677 3552        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys

17:57:29.0724 3552        BTHUSB - ok

17:57:29.0786 3552        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys

17:57:29.0895 3552        cdfs - ok

17:57:29.0942 3552        cdrom           (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys

17:57:30.0129 3552        cdrom - ok

17:57:30.0644 3552        CertPropSvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

17:57:31.0019 3552        CertPropSvc - ok

17:57:31.0393 3552        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys

17:57:31.0549 3552        circlass - ok

17:57:31.0689 3552        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys

17:57:31.0861 3552        CLFS - ok

17:57:32.0641 3552        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

17:57:32.0719 3552        clr_optimization_v2.0.50727_32 - ok

17:57:33.0702 3552        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe

17:57:33.0811 3552        clr_optimization_v2.0.50727_64 - ok

17:57:34.0076 3552        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe

17:57:34.0154 3552        clr_optimization_v4.0.30319_32 - ok

17:57:34.0232 3552        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe

17:57:34.0263 3552        clr_optimization_v4.0.30319_64 - ok

17:57:34.0310 3552        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys

17:57:34.0373 3552        CmBatt - ok

17:57:34.0404 3552        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys

17:57:34.0435 3552        cmdide - ok

17:57:34.0544 3552        CNG             (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys

17:57:34.0872 3552        CNG - ok

17:57:34.0919 3552        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys

17:57:34.0950 3552        Compbatt - ok

17:57:35.0012 3552        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys

17:57:35.0059 3552        CompositeBus - ok

17:57:35.0090 3552        COMSysApp - ok

17:57:35.0121 3552        crcdisk         (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys

17:57:35.0153 3552        crcdisk - ok

17:57:35.0667 3552        CryptSvc        (15597883fbe9b056f276ada3ad87d9af) C:\Windows\system32\cryptsvc.dll

17:57:35.0792 3552        CryptSvc - ok

17:57:35.0901 3552        CSC             (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys

17:57:36.0089 3552        CSC - ok

17:57:36.0713 3552        CscService      (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll

17:57:36.0900 3552        CscService - ok

17:57:37.0243 3552        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

17:57:40.0488 3552        DcomLaunch - ok

17:57:40.0535 3552        defragsvc       (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll

17:57:40.0675 3552        defragsvc - ok

17:57:40.0800 3552        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys

17:57:40.0893 3552        DfsC - ok

17:57:40.0987 3552        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll

17:57:41.0143 3552        Dhcp - ok

17:57:41.0174 3552        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys

17:57:41.0237 3552        discache - ok

17:57:41.0299 3552        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys

17:57:41.0346 3552        Disk - ok

17:57:41.0393 3552        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll

17:57:41.0471 3552        Dnscache - ok

17:57:41.0533 3552        dot3svc         (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll

17:57:41.0627 3552        dot3svc - ok

17:57:41.0705 3552        DPS             (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll

17:57:41.0814 3552        DPS - ok

17:57:41.0892 3552        drmkaud         (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys

17:57:41.0954 3552        drmkaud - ok

17:57:42.0079 3552        DXGKrnl         (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys

17:57:42.0188 3552        DXGKrnl - ok

17:57:42.0251 3552        EapHost         (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll

17:57:42.0375 3552        EapHost - ok

17:57:42.0656 3552        ebdrv           (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys

17:57:42.0812 3552        ebdrv - ok

17:57:42.0968 3552        EFS             (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe

17:57:43.0046 3552        EFS - ok

17:57:43.0187 3552        ehRecvr         (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe

17:57:43.0405 3552        ehRecvr - ok

17:57:43.0452 3552        ehSched         (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe

17:57:43.0577 3552        ehSched - ok

17:57:43.0701 3552        elxstor         (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys

17:57:43.0904 3552        elxstor - ok

17:57:43.0951 3552        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys

17:57:44.0029 3552        ErrDev - ok

17:57:44.0123 3552        EventSystem     (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll

17:57:44.0325 3552        EventSystem - ok

17:57:44.0450 3552        exfat           (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys

17:57:44.0575 3552        exfat - ok

17:57:44.0731 3552        F-Secure Gatekeeper (c898cf54315e594c33f915b053e2ec2b) C:\Program Files (x86)\Vodafone-Sicherheitspaket\Anti-Virus\minifilter\fsgk.sys

17:57:44.0871 3552        F-Secure Gatekeeper - ok

17:57:44.0949 3552        F-Secure Gatekeeper Handler Starter (a9be66e05254b20df82e0f7cddeca7dd) C:\Program Files (x86)\Vodafone-Sicherheitspaket\Anti-Virus\fsgk32st.exe

17:57:45.0027 3552        F-Secure Gatekeeper Handler Starter - ok

17:57:45.0059 3552        F-Secure HIPS   (564af68fbec406cbecd42bfcbe144ef3) C:\Program Files (x86)\Vodafone-Sicherheitspaket\HIPS\drivers\fshs.sys

17:57:45.0090 3552        F-Secure HIPS - ok

17:57:45.0137 3552        fastfat         (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys

17:57:45.0246 3552        fastfat - ok

17:57:45.0355 3552        Fax             (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe

17:57:45.0620 3552        Fax - ok

17:57:45.0667 3552        fdc             (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys

17:57:45.0714 3552        fdc - ok

17:57:45.0776 3552        fdPHost         (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll

17:57:45.0854 3552        fdPHost - ok

17:57:45.0901 3552        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll

17:57:45.0979 3552        FDResPub - ok

17:57:46.0041 3552        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys

17:57:46.0088 3552        FileInfo - ok

17:57:46.0119 3552        Filetrace       (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys

17:57:46.0182 3552        Filetrace - ok

17:57:46.0229 3552        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys

17:57:46.0260 3552        flpydisk - ok

17:57:46.0338 3552        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys

17:57:46.0416 3552        FltMgr - ok

17:57:46.0525 3552        FontCache       (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll

17:57:46.0634 3552        FontCache - ok

17:57:46.0775 3552        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe

17:57:46.0821 3552        FontCache3.0.0.0 - ok

17:57:46.0884 3552        FsDepends       (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys

17:57:46.0946 3552        FsDepends - ok

17:57:47.0149 3552        FSDFWD          (153897703502463f810a365dbbc58b18) C:\Program Files (x86)\Vodafone-Sicherheitspaket\FWES\Program\fsdfwd.exe

17:57:47.0243 3552        FSDFWD - ok

17:57:47.0305 3552        FSES            (740cce07189f9833bf865844ac49c0b1) C:\Windows\system32\drivers\fses.sys

17:57:47.0336 3552        FSES - ok

17:57:47.0414 3552        FSFW            (deb4d284ebcd430c9f15c6624dc3382b) C:\Windows\system32\drivers\fsdfw.sys

17:57:47.0461 3552        FSFW - ok

17:57:47.0508 3552        FSMA            (392e85687a902239c01baddf212b1a36) C:\Program Files (x86)\Vodafone-Sicherheitspaket\Common\FSMA32.EXE

17:57:47.0555 3552        FSMA - ok

17:57:47.0617 3552        FSORSPClient    (42aef6a385354aca65fc210ce7ce4d7c) C:\Program Files (x86)\Vodafone-Sicherheitspaket\ORSP Client\fsorsp.exe

17:57:47.0679 3552        FSORSPClient - ok

17:57:47.0742 3552        fsvista         (3fcbe4e9c764e05505d4e4b1d6f36786) C:\Program Files (x86)\Vodafone-Sicherheitspaket\Anti-Virus\minifilter\fsvista.sys

17:57:47.0773 3552        fsvista - ok

17:57:47.0804 3552        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys

17:57:47.0851 3552        Fs_Rec - ok

17:57:47.0898 3552        FUJ02B1         (ba0c1ffda496d8bcbcac63f8d98d20e3) C:\Windows\system32\DRIVERS\FUJ02B1.sys

17:57:47.0945 3552        FUJ02B1 - ok

17:57:47.0960 3552        FUJ02E3         (7135030cbf87d724b6037bb023923730) C:\Windows\system32\DRIVERS\FUJ02E3.sys

17:57:48.0038 3552        FUJ02E3 - ok

17:57:48.0116 3552        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys

17:57:48.0241 3552        fvevol - ok

17:57:48.0288 3552        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys

17:57:48.0319 3552        gagp30kx - ok

17:57:48.0444 3552        gpsvc           (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll

17:57:48.0584 3552        gpsvc - ok

17:57:48.0725 3552        gupdate         (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

17:57:48.0865 3552        gupdate - ok

17:57:48.0927 3552        gupdatem        (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

17:57:48.0990 3552        gupdatem - ok

17:57:49.0068 3552        gusvc           (cc839e8d766cc31a7710c9f38cf3e375) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

17:57:49.0208 3552        gusvc - ok

17:57:49.0255 3552        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys

17:57:49.0333 3552        hcw85cir - ok

17:57:49.0411 3552        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys

17:57:49.0520 3552        HdAudAddService - ok

17:57:49.0551 3552        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys

17:57:49.0614 3552        HDAudBus - ok

17:57:49.0676 3552        HECIx64         (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys

17:57:49.0723 3552        HECIx64 - ok

17:57:49.0754 3552        HidBatt         (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys

17:57:49.0817 3552        HidBatt - ok

17:57:49.0863 3552        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys

17:57:49.0941 3552        HidBth - ok

17:57:49.0988 3552        HidIr           (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys

17:57:50.0066 3552        HidIr - ok

17:57:50.0097 3552        hidserv         (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll

17:57:50.0160 3552        hidserv - ok

17:57:50.0238 3552        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys

17:57:50.0285 3552        HidUsb - ok

17:57:50.0331 3552        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll

17:57:50.0409 3552        hkmsvc - ok

17:57:50.0503 3552        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll

17:57:50.0597 3552        HomeGroupListener - ok

17:57:50.0643 3552        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll

17:57:50.0690 3552        HomeGroupProvider - ok

17:57:50.0831 3552        HP LaserJet Service (d1e9cb573a9edf7be12e9c57f32e97f7) C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe

17:57:50.0940 3552        HP LaserJet Service ( UnsignedFile.Multi.Generic ) - warning

17:57:50.0940 3552        HP LaserJet Service - detected UnsignedFile.Multi.Generic (1)

17:57:50.0987 3552        HPFXBULKLEDM    (e325f85012e793cee74b73c4f22ae311) C:\Windows\system32\drivers\hppdbulkio.sys

17:57:51.0033 3552        HPFXBULKLEDM - ok

17:57:51.0080 3552        HPFXFAX         (aa2790dda5ebe22fe5aac11da1103e5b) C:\Windows\system32\drivers\hppdfaxio.sys

17:57:51.0111 3552        HPFXFAX - ok

17:57:51.0158 3552        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys

17:57:51.0205 3552        HpSAMD - ok

17:57:51.0330 3552        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys

17:57:51.0439 3552        HTTP - ok

17:57:51.0501 3552        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys

17:57:51.0533 3552        hwpolicy - ok

17:57:51.0611 3552        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys

17:57:51.0657 3552        i8042prt - ok

17:57:51.0751 3552        iaStor          (abbf174cb394f5c437410a788b7e404a) C:\Windows\system32\DRIVERS\iaStor.sys

17:57:51.0907 3552        iaStor - ok

17:57:52.0016 3552        iaStorV         (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys

17:57:52.0188 3552        iaStorV - ok

17:57:52.0391 3552        idsvc           (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe

17:57:52.0500 3552        idsvc - ok

17:57:53.0124 3552        igfx            (8e509de232cfa4f8a5b34f01802f500e) C:\Windows\system32\DRIVERS\igdkmd64.sys

17:57:53.0436 3552        igfx - ok

17:57:53.0607 3552        iirsp           (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys

17:57:53.0654 3552        iirsp - ok

17:57:53.0795 3552        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll

17:57:53.0997 3552        IKEEXT - ok

17:57:54.0075 3552        Impcd           (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys

17:57:54.0169 3552        Impcd - ok

17:57:54.0419 3552        IntcAzAudAddService (42943bb3ab7a405b30eff7c8283cc129) C:\Windows\system32\drivers\RTKVHD64.sys

17:57:54.0824 3552        IntcAzAudAddService - ok

17:57:55.0011 3552        IntcDAud        (d248aae81c156c0d47a77cd61bc24cd4) C:\Windows\system32\DRIVERS\IntcDAud.sys

17:57:55.0136 3552        IntcDAud - ok

17:57:55.0199 3552        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys

17:57:55.0261 3552        intelide - ok

17:57:55.0308 3552        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys

17:57:55.0370 3552        intelppm - ok

17:57:55.0401 3552        IPBusEnum       (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll

17:57:55.0511 3552        IPBusEnum - ok

17:57:55.0557 3552        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys

17:57:55.0667 3552        IpFilterDriver - ok

17:57:55.0760 3552        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll

17:57:55.0869 3552        iphlpsvc - ok

17:57:55.0916 3552        IPMIDRV         (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys

17:57:56.0010 3552        IPMIDRV - ok

17:57:56.0057 3552        IPNAT           (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys

17:57:56.0135 3552        IPNAT - ok

17:57:56.0166 3552        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys

17:57:56.0259 3552        IRENUM - ok

17:57:56.0291 3552        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys

17:57:56.0337 3552        isapnp - ok

17:57:56.0384 3552        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys

17:57:56.0447 3552        iScsiPrt - ok

17:57:56.0493 3552        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys

17:57:56.0540 3552        kbdclass - ok

17:57:56.0571 3552        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys

17:57:56.0634 3552        kbdhid - ok

17:57:56.0712 3552        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

17:57:56.0759 3552        KeyIso - ok

17:57:56.0790 3552        KSecDD          (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys

17:57:56.0821 3552        KSecDD - ok

17:57:56.0868 3552        KSecPkg         (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys

17:57:56.0930 3552        KSecPkg - ok

17:57:56.0961 3552        ksthunk         (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys

17:57:57.0039 3552        ksthunk - ok

17:57:57.0117 3552        KtmRm           (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll

17:57:57.0242 3552        KtmRm - ok

17:57:57.0320 3552        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll

17:57:57.0476 3552        LanmanServer - ok

17:57:57.0539 3552        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll

17:57:57.0648 3552        LanmanWorkstation - ok

17:57:57.0726 3552        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys

17:57:57.0804 3552        lltdio - ok

17:57:57.0866 3552        lltdsvc         (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll

17:57:57.0944 3552        lltdsvc - ok

17:57:57.0991 3552        lmhosts         (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll

17:57:58.0069 3552        lmhosts - ok

17:57:58.0209 3552        LMS             (a1c148801b4af64847aeb9f3ad9594ef) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

17:57:58.0319 3552        LMS ( UnsignedFile.Multi.Generic ) - warning

17:57:58.0319 3552        LMS - detected UnsignedFile.Multi.Generic (1)

17:57:58.0381 3552        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys

17:57:58.0428 3552        LSI_FC - ok

17:57:58.0459 3552        LSI_SAS         (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys

17:57:58.0490 3552        LSI_SAS - ok

17:57:58.0521 3552        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys

17:57:58.0553 3552        LSI_SAS2 - ok

17:57:58.0615 3552        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys

17:57:58.0662 3552        LSI_SCSI - ok

17:57:58.0709 3552        luafv           (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys

17:57:58.0802 3552        luafv - ok

17:57:58.0833 3552        LVPr2M64 - ok

17:57:59.0286 3552        LVUVC64         (5747bc465abea2858c5d037252aed84e) C:\Windows\system32\DRIVERS\lvuvc64.sys

17:57:59.0551 3552        LVUVC64 - ok

17:57:59.0723 3552        Mcx2Svc         (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll

17:57:59.0816 3552        Mcx2Svc - ok

17:57:59.0863 3552        megasas         (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys

17:57:59.0910 3552        megasas - ok

17:58:00.0003 3552        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys

17:58:00.0081 3552        MegaSR - ok

17:58:00.0128 3552        MMCSS           (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

17:58:00.0253 3552        MMCSS - ok

17:58:00.0315 3552        Modem           (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys

17:58:00.0393 3552        Modem - ok

17:58:00.0425 3552        monitor         (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys

17:58:00.0503 3552        monitor - ok

17:58:00.0565 3552        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys

17:58:00.0612 3552        mouclass - ok

17:58:00.0690 3552        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys

17:58:00.0768 3552        mouhid - ok

17:58:00.0861 3552        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys

17:58:00.0893 3552        mountmgr - ok

17:58:01.0017 3552        MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

17:58:01.0095 3552        MozillaMaintenance - ok

17:58:01.0158 3552        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys

17:58:01.0236 3552        mpio - ok

17:58:01.0283 3552        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys

17:58:01.0361 3552        mpsdrv - ok

17:58:01.0485 3552        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll

17:58:01.0797 3552        MpsSvc - ok

17:58:01.0875 3552        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys

17:58:02.0000 3552        MRxDAV - ok

17:58:02.0047 3552        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys

17:58:02.0125 3552        mrxsmb - ok

17:58:02.0172 3552        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys

17:58:02.0250 3552        mrxsmb10 - ok

17:58:02.0297 3552        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys

17:58:02.0390 3552        mrxsmb20 - ok

17:58:02.0421 3552        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys

17:58:02.0577 3552        msahci - ok

17:58:02.0624 3552        msdsm           (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys

17:58:02.0702 3552        msdsm - ok

17:58:02.0749 3552        MSDTC           (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe

17:58:02.0843 3552        MSDTC - ok

17:58:02.0905 3552        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys

17:58:02.0983 3552        Msfs - ok

17:58:03.0030 3552        mshidkmdf       (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys

17:58:03.0108 3552        mshidkmdf - ok

17:58:03.0139 3552        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys

17:58:03.0170 3552        msisadrv - ok

17:58:03.0217 3552        MSiSCSI         (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll

17:58:03.0326 3552        MSiSCSI - ok

17:58:03.0326 3552        msiserver - ok

17:58:03.0404 3552        MSKSSRV         (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys

17:58:03.0467 3552        MSKSSRV - ok

17:58:03.0498 3552        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys

17:58:03.0576 3552        MSPCLOCK - ok

17:58:03.0591 3552        MSPQM           (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys

17:58:03.0685 3552        MSPQM - ok

17:58:03.0763 3552        MsRPC           (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys

17:58:03.0841 3552        MsRPC - ok

17:58:03.0888 3552        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys

17:58:03.0919 3552        mssmbios - ok

17:58:03.0997 3552        MSTEE           (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys

17:58:04.0075 3552        MSTEE - ok

17:58:04.0137 3552        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys

17:58:04.0184 3552        MTConfig - ok

17:58:04.0215 3552        Mup             (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys

17:58:04.0247 3552        Mup - ok

17:58:04.0340 3552        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll

17:58:04.0434 3552        napagent - ok

17:58:04.0496 3552        NativeWifiP     (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys

17:58:04.0637 3552        NativeWifiP - ok

17:58:04.0777 3552        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys

17:58:04.0902 3552        NDIS - ok

17:58:04.0933 3552        NdisCap         (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys

17:58:05.0042 3552        NdisCap - ok

17:58:05.0089 3552        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys

17:58:05.0183 3552        NdisTapi - ok

17:58:05.0245 3552        Ndisuio         (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys

17:58:05.0323 3552        Ndisuio - ok

17:58:05.0385 3552        NdisWan         (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys

17:58:05.0495 3552        NdisWan - ok

17:58:05.0541 3552        NDProxy         (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys

17:58:05.0619 3552        NDProxy - ok

17:58:05.0713 3552        Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll

17:58:05.0775 3552        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

17:58:05.0775 3552        Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

17:58:05.0838 3552        NetBIOS         (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys

17:58:05.0931 3552        NetBIOS - ok

17:58:06.0009 3552        NetBT           (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys

17:58:06.0119 3552        NetBT - ok

17:58:06.0181 3552        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

17:58:06.0228 3552        Netlogon - ok

17:58:06.0321 3552        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll

17:58:06.0446 3552        Netman - ok

17:58:06.0493 3552        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll

17:58:06.0571 3552        netprofm - ok

17:58:06.0680 3552        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe

17:58:06.0727 3552        NetTcpPortSharing - ok

17:58:06.0774 3552        nfrd960         (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys

17:58:06.0836 3552        nfrd960 - ok

17:58:06.0930 3552        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll

17:58:07.0039 3552        NlaSvc - ok

17:58:07.0070 3552        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys

17:58:07.0117 3552        Npfs - ok

17:58:07.0148 3552        nsi             (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll

17:58:07.0242 3552        nsi - ok

17:58:07.0273 3552        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys

17:58:07.0335 3552        nsiproxy - ok

17:58:07.0507 3552        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys

17:58:07.0710 3552        Ntfs - ok

17:58:07.0866 3552        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys

17:58:07.0959 3552        Null - ok

17:58:08.0053 3552        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys

17:58:08.0100 3552        nvraid - ok

17:58:08.0131 3552        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys

17:58:08.0178 3552        nvstor - ok

17:58:08.0225 3552        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys

17:58:08.0287 3552        nv_agp - ok

17:58:08.0318 3552        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys

17:58:08.0365 3552        ohci1394 - ok

17:58:08.0459 3552        ose             (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

17:58:08.0552 3552        ose - ok

17:58:08.0973 3552        osppsvc         (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

17:58:09.0192 3552        osppsvc - ok

17:58:09.0379 3552        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

17:58:09.0519 3552        p2pimsvc - ok

17:58:09.0597 3552        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll

17:58:09.0707 3552        p2psvc - ok

17:58:09.0800 3552        Parport         (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys

17:58:09.0909 3552        Parport - ok

17:58:10.0175 3552        partmgr         (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys

17:58:10.0221 3552        partmgr - ok

17:58:10.0268 3552        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll

17:58:10.0377 3552        PcaSvc - ok

17:58:10.0440 3552        pci             (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys

17:58:10.0518 3552        pci - ok

17:58:10.0596 3552        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys

17:58:10.0643 3552        pciide - ok

17:58:11.0157 3552        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys

17:58:11.0251 3552        pcmcia - ok

17:58:11.0282 3552        pcw             (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys

17:58:11.0329 3552        pcw - ok

17:58:11.0391 3552        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys

17:58:11.0563 3552        PEAUTH - ok

17:58:11.0750 3552        PeerDistSvc     (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll

17:58:11.0875 3552        PeerDistSvc - ok

17:58:12.0062 3552        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe

17:58:12.0156 3552        PerfHost - ok

17:58:12.0608 3552        pla             (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll

17:58:12.0827 3552        pla - ok

17:58:12.0936 3552        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll

17:58:13.0014 3552        PlugPlay - ok

17:58:13.0108 3552        Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll

17:58:13.0186 3552        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning

17:58:13.0186 3552        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)

17:58:13.0310 3552        PNRPAutoReg     (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll

17:58:13.0357 3552        PNRPAutoReg - ok

17:58:13.0420 3552        PNRPsvc         (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll

17:58:13.0466 3552        PNRPsvc - ok

17:58:13.0560 3552        PolicyAgent     (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll

17:58:13.0810 3552        PolicyAgent - ok

17:58:13.0903 3552        Power           (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll

17:58:14.0044 3552        Power - ok

17:58:14.0636 3552        PowerSavingUtilityService (843ba5f09a391d52ac1f8486c5fc3d4f) C:\Program Files\Fujitsu\PSUtility\PSUService.exe

17:58:14.0699 3552        PowerSavingUtilityService - ok

17:58:14.0870 3552        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys

17:58:14.0964 3552        PptpMiniport - ok

17:58:15.0011 3552        Processor       (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys

17:58:15.0058 3552        Processor - ok

17:58:15.0120 3552        ProfSvc         (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll

17:58:15.0260 3552        ProfSvc - ok

17:58:15.0323 3552        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

17:58:15.0385 3552        ProtectedStorage - ok

17:58:15.0448 3552        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys

17:58:15.0588 3552        Psched - ok

17:58:15.0682 3552        qicflt          (a73512132ecb2cd721e163abceac359f) C:\Windows\system32\DRIVERS\qicflt.sys

17:58:15.0822 3552        qicflt - ok

17:58:16.0056 3552        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys

17:58:16.0181 3552        ql2300 - ok

17:58:16.0633 3552        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys

17:58:16.0711 3552        ql40xx - ok

17:58:17.0101 3552        QWAVE           (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll

17:58:17.0226 3552        QWAVE - ok

17:58:17.0320 3552        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys

17:58:17.0429 3552        QWAVEdrv - ok

17:58:18.0302 3552        Radio.fx        (138f7963118ec710c348819c08f72230) C:\Program Files (x86)\Tobit Radio.fx\Server\rfx-server.exe

17:58:19.0020 3552        Radio.fx - ok

17:58:21.0376 3552        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys

17:58:21.0532 3552        RasAcd - ok

17:58:22.0093 3552        RasAgileVpn     (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys

17:58:22.0218 3552        RasAgileVpn - ok

17:58:22.0639 3552        RasAuto         (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll

17:58:22.0733 3552        RasAuto - ok

17:58:22.0858 3552        Rasl2tp         (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys

17:58:22.0998 3552        Rasl2tp - ok

17:58:23.0216 3552        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll

17:58:23.0357 3552        RasMan - ok

17:58:23.0404 3552        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys

17:58:23.0482 3552        RasPppoe - ok

17:58:23.0528 3552        RasSstp         (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys

17:58:23.0591 3552        RasSstp - ok

17:58:23.0762 3552        rdbss           (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys

17:58:23.0887 3552        rdbss - ok

17:58:23.0918 3552        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys

17:58:23.0965 3552        rdpbus - ok

17:58:24.0012 3552        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys

17:58:24.0074 3552        RDPCDD - ok

17:58:24.0293 3552        RDPDR           (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys

17:58:24.0386 3552        RDPDR - ok

17:58:24.0418 3552        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys

17:58:24.0511 3552        RDPENCDD - ok

17:58:24.0542 3552        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys

17:58:24.0620 3552        RDPREFMP - ok

17:58:24.0854 3552        RDPWD           (6d76e6433574b058adcb0c50df834492) C:\Windows\system32\drivers\RDPWD.sys

17:58:24.0948 3552        RDPWD - ok

17:58:25.0073 3552        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys

17:58:25.0166 3552        rdyboost - ok

17:58:25.0416 3552        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll

17:58:25.0494 3552        RemoteAccess - ok

17:58:25.0525 3552        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll

17:58:25.0603 3552        RemoteRegistry - ok

17:58:25.0634 3552        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys

17:58:25.0728 3552        RFCOMM - ok

17:58:25.0806 3552        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll

17:58:25.0900 3552        RpcEptMapper - ok

17:58:25.0931 3552        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe

17:58:25.0993 3552        RpcLocator - ok

17:58:26.0648 3552        RpcSs           (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll

17:58:26.0726 3552        RpcSs - ok

17:58:26.0789 3552        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys

17:58:26.0882 3552        rspndr - ok

17:58:26.0976 3552        RSUSBSTOR       (4a25dc970c58104602ed274dacafd784) C:\Windows\system32\Drivers\RtsUStor.sys

17:58:27.0070 3552        RSUSBSTOR - ok

17:58:27.0179 3552        RTL8167         (4b42bc58294e83a6a92ec8b88c14c4a3) C:\Windows\system32\DRIVERS\Rt64win7.sys

17:58:27.0241 3552        RTL8167 - ok

17:58:27.0257 3552        RtsUIR - ok

17:58:27.0304 3552        s3cap           (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys

17:58:27.0366 3552        s3cap - ok

17:58:27.0444 3552        SamSs           (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

17:58:27.0491 3552        SamSs - ok

17:58:27.0538 3552        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys

17:58:27.0584 3552        sbp2port - ok

17:58:27.0631 3552        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll

17:58:27.0787 3552        SCardSvr - ok

17:58:27.0818 3552        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys

17:58:27.0912 3552        scfilter - ok

17:58:28.0052 3552        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll

17:58:28.0193 3552        Schedule - ok

17:58:28.0240 3552        SCPolicySvc     (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll

17:58:28.0302 3552        SCPolicySvc - ok

17:58:28.0349 3552        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll

17:58:28.0474 3552        SDRSVC - ok

17:58:28.0630 3552        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys

17:58:28.0786 3552        secdrv - ok

17:58:28.0832 3552        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll

17:58:28.0910 3552        seclogon - ok

17:58:28.0973 3552        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll

17:58:29.0051 3552        SENS - ok

17:58:29.0082 3552        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll

17:58:29.0160 3552        SensrSvc - ok

17:58:29.0191 3552        Serenum         (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys

17:58:29.0238 3552        Serenum - ok

17:58:29.0269 3552        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys

17:58:29.0316 3552        Serial - ok

17:58:29.0394 3552        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys

17:58:29.0503 3552        sermouse - ok

17:58:29.0612 3552        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll

17:58:29.0768 3552        SessionEnv - ok

17:58:29.0800 3552        sffdisk         (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys

17:58:29.0878 3552        sffdisk - ok

17:58:29.0893 3552        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys

17:58:29.0940 3552        sffp_mmc - ok

17:58:29.0956 3552        sffp_sd         (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys

17:58:30.0018 3552        sffp_sd - ok

17:58:30.0049 3552        sfloppy         (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys

17:58:30.0080 3552        sfloppy - ok

17:58:30.0205 3552        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll

17:58:30.0299 3552        SharedAccess - ok

17:58:30.0361 3552        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll

17:58:30.0548 3552        ShellHWDetection - ok

17:58:30.0642 3552        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys

17:58:30.0689 3552        SiSRaid2 - ok

17:58:30.0829 3552        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys

17:58:30.0892 3552        SiSRaid4 - ok

17:58:31.0516 3552        Smb             (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys

17:58:31.0640 3552        Smb - ok

17:58:31.0734 3552        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe

17:58:31.0812 3552        SNMPTRAP - ok

17:58:31.0906 3552        spldr           (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys

17:58:31.0952 3552        spldr - ok

17:58:32.0046 3552        Spooler         (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe

17:58:32.0218 3552        Spooler - ok

17:58:33.0216 3552        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe

17:58:33.0434 3552        sppsvc - ok

17:58:33.0637 3552        sppuinotify     (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll

17:58:33.0778 3552        sppuinotify - ok

17:58:33.0934 3552        srv             (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys

17:58:34.0074 3552        srv - ok

17:58:34.0308 3552        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys

17:58:34.0402 3552        srv2 - ok

17:58:34.0464 3552        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys

17:58:34.0589 3552        srvnet - ok

17:58:34.0651 3552        SSDPSRV         (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll

17:58:34.0729 3552        SSDPSRV - ok

17:58:34.0760 3552        SstpSvc         (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll

17:58:34.0807 3552        SstpSvc - ok

17:58:34.0838 3552        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys

17:58:34.0885 3552        stexstor - ok

17:58:35.0010 3552        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll

17:58:35.0119 3552        stisvc - ok

17:58:35.0244 3552        storflt         (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys

17:58:35.0322 3552        storflt - ok

17:58:35.0369 3552        StorSvc         (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll

17:58:35.0431 3552        StorSvc - ok

17:58:35.0509 3552        storvsc         (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys

17:58:35.0540 3552        storvsc - ok

17:58:35.0603 3552        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys

17:58:35.0665 3552        swenum - ok

17:58:35.0743 3552        swprv           (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll

17:58:35.0946 3552        swprv - ok

17:58:35.0993 3552        SynasUSB        (512231ba47975f3f1a67b11f271bb49d) C:\Windows\system32\drivers\SynUSB64.sys

17:58:36.0149 3552        SynasUSB - ok

17:58:36.0196 3552        SynTP           (2f827bb08cc7f1a17df2ead7b424d731) C:\Windows\system32\DRIVERS\SynTP.sys

17:58:36.0274 3552        SynTP - ok

17:58:36.0461 3552        SysMain         (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll

17:58:36.0570 3552        SysMain - ok

17:58:36.0742 3552        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll

17:58:37.0849 3552        TabletInputService - ok

17:58:37.0958 3552        TapiSrv         (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll

17:58:38.0052 3552        TapiSrv - ok

17:58:38.0161 3552        TBS             (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll

17:58:38.0224 3552        TBS - ok

17:58:38.0551 3552        Tcpip           (fc62769e7bff2896035aeed399108162) C:\Windows\system32\drivers\tcpip.sys

17:58:38.0645 3552        Tcpip - ok

17:58:39.0238 3552        TCPIP6          (fc62769e7bff2896035aeed399108162) C:\Windows\system32\DRIVERS\tcpip.sys

17:58:39.0347 3552        TCPIP6 - ok

17:58:39.0565 3552        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys

17:58:39.0612 3552        tcpipreg - ok

17:58:39.0659 3552        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys

17:58:39.0706 3552        TDPIPE - ok

17:58:39.0877 3552        TDTCP           (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys

17:58:39.0955 3552        TDTCP - ok

17:58:40.0064 3552        tdx             (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys

17:58:40.0096 3552        tdx - ok

17:58:40.0205 3552        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys

17:58:40.0220 3552        TermDD - ok

17:58:40.0298 3552        TermService     (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll

17:58:40.0423 3552        TermService - ok

17:58:40.0673 3552        TestHandler     (76468df7a7a92413a57c998de5c39290) C:\Program Files (x86)\Fujitsu\SystemDiagnostics\OnlineDiagnostic\TestManager\TestHandler.exe

17:58:40.0688 3552        TestHandler - ok

17:58:40.0766 3552        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll

17:58:40.0844 3552        Themes - ok

17:58:40.0860 3552        THREADORDER     (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll

17:58:40.0907 3552        THREADORDER - ok

17:58:40.0969 3552        TPM             (dbcc20c02e8a3e43b03c304a4e40a84f) C:\Windows\system32\drivers\tpm.sys

17:58:41.0016 3552        TPM - ok

17:58:41.0047 3552        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll

17:58:41.0094 3552        TrkWks - ok

17:58:41.0312 3552        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe

17:58:41.0453 3552        TrustedInstaller - ok

17:58:41.0500 3552        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys

17:58:41.0624 3552        tssecsrv - ok

17:58:42.0014 3552        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys

17:58:42.0248 3552        TsUsbFlt - ok

17:58:42.0311 3552        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys

17:58:42.0420 3552        tunnel - ok

17:58:42.0498 3552        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys

17:58:42.0529 3552        uagp35 - ok

17:58:42.0654 3552        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys

17:58:42.0888 3552        udfs - ok

17:58:42.0997 3552        UI0Detect       (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe

17:58:43.0060 3552        UI0Detect - ok

17:58:43.0122 3552        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys

17:58:43.0169 3552        uliagpkx - ok

17:58:43.0231 3552        umbus           (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys

17:58:43.0294 3552        umbus - ok

17:58:43.0418 3552        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys

17:58:43.0465 3552        UmPass - ok

17:58:43.0528 3552        UmRdpService    (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll

17:58:43.0590 3552        UmRdpService - ok

17:58:44.0074 3552        UNS             (41118d920b2b268c0adc36421248cdcf) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

17:58:44.0323 3552        UNS ( UnsignedFile.Multi.Generic ) - warning

17:58:44.0323 3552        UNS - detected UnsignedFile.Multi.Generic (1)

17:58:44.0588 3552        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll

17:58:44.0916 3552        upnphost - ok

17:58:45.0041 3552        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys

17:58:45.0166 3552        usbaudio - ok

17:58:45.0197 3552        usbccgp         (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys

17:58:45.0275 3552        usbccgp - ok

17:58:45.0275 3552        USBCCID - ok

17:58:45.0368 3552        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys

17:58:45.0446 3552        usbcir - ok

17:58:45.0478 3552        usbehci         (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys

17:58:45.0509 3552        usbehci - ok

17:58:45.0587 3552        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys

17:58:45.0696 3552        usbhub - ok

17:58:45.0727 3552        usbohci         (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys

17:58:45.0758 3552        usbohci - ok

17:58:45.0836 3552        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys

17:58:45.0899 3552        usbprint - ok

17:58:45.0946 3552        usbscan         (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys

17:58:45.0977 3552        usbscan - ok

17:58:46.0024 3552        USBSTOR         (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS

17:58:46.0117 3552        USBSTOR - ok

17:58:46.0164 3552        usbuhci         (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys

17:58:46.0226 3552        usbuhci - ok

17:58:46.0351 3552        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys

17:58:46.0429 3552        usbvideo - ok

17:58:46.0492 3552        UxSms           (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll

17:58:46.0554 3552        UxSms - ok

17:58:46.0616 3552        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe

17:58:46.0679 3552        VaultSvc - ok

17:58:46.0835 3552        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys

17:58:46.0866 3552        vdrvroot - ok

17:58:46.0991 3552        vds             (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe

17:58:47.0209 3552        vds - ok

17:58:47.0365 3552        VFPRadioSupportService (d9656445499625b0ed88c0b203f3c16f) C:\Program Files\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe

17:58:47.0833 3552        VFPRadioSupportService - ok

17:58:47.0911 3552        vga             (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys

17:58:47.0958 3552        vga - ok

17:58:48.0114 3552        VgaSave         (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys

17:58:48.0223 3552        VgaSave - ok

17:58:49.0986 3552        vhdmp           (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys

17:58:50.0392 3552        vhdmp - ok

17:58:50.0438 3552        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys

17:58:50.0470 3552        viaide - ok

17:58:50.0532 3552        vmbus           (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys

17:58:50.0594 3552        vmbus - ok

17:58:50.0813 3552        VMBusHID        (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys

17:58:50.0953 3552        VMBusHID - ok

17:58:50.0969 3552        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys

17:58:51.0000 3552        volmgr - ok

17:58:51.0140 3552        volmgrx         (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys

17:58:51.0203 3552        volmgrx - ok

17:58:51.0312 3552        volsnap         (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys

17:58:51.0421 3552        volsnap - ok

17:58:51.0468 3552        vsmraid         (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys

17:58:51.0515 3552        vsmraid - ok

17:58:51.0749 3552        VSS             (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe

17:58:51.0936 3552        VSS - ok

17:58:52.0092 3552        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys

17:58:52.0154 3552        vwifibus - ok

17:58:52.0201 3552        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys

17:58:52.0264 3552        vwififlt - ok

17:58:52.0326 3552        vwifimp         (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys

17:58:52.0388 3552        vwifimp - ok

17:58:52.0482 3552        W32Time         (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll

17:58:52.0607 3552        W32Time - ok

17:58:52.0700 3552        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys

17:58:52.0763 3552        WacomPen - ok

17:58:52.0841 3552        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

17:58:52.0903 3552        WANARP - ok

17:58:52.0919 3552        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys

17:58:52.0966 3552        Wanarpv6 - ok

17:58:53.0137 3552        WatAdminSvc     (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe

17:58:53.0246 3552        WatAdminSvc - ok

17:58:53.0621 3552        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe

17:58:53.0886 3552        wbengine - ok

17:58:54.0151 3552        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll

17:58:54.0260 3552        WbioSrvc - ok

17:58:54.0494 3552        wcncsvc         (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll

17:58:54.0682 3552        wcncsvc - ok

17:58:54.0728 3552        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll

17:58:54.0838 3552        WcsPlugInService - ok

17:58:54.0962 3552        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys

17:58:55.0009 3552        Wd - ok

17:58:55.0087 3552        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys

17:58:55.0165 3552        Wdf01000 - ok

17:58:55.0196 3552        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

17:58:55.0306 3552        WdiServiceHost - ok

17:58:55.0306 3552        WdiSystemHost   (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll

17:58:55.0337 3552        WdiSystemHost - ok

17:58:55.0384 3552        WebClient       (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll

17:58:55.0508 3552        WebClient - ok

17:58:55.0649 3552        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll

17:58:55.0820 3552        Wecsvc - ok

17:58:56.0226 3552        wercplsupport   (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll

17:58:56.0335 3552        wercplsupport - ok

17:58:56.0398 3552        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll

17:58:56.0476 3552        WerSvc - ok

17:58:56.0585 3552        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys

17:58:56.0632 3552        WfpLwf - ok

17:58:56.0663 3552        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys

17:58:56.0694 3552        WIMMount - ok

17:58:56.0725 3552        WinDefend - ok

17:58:56.0741 3552        WinHttpAutoProxySvc - ok

17:58:56.0834 3552        Winmgmt         (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll

17:58:56.0928 3552        Winmgmt - ok

17:58:57.0131 3552        WinRM           (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll

17:58:57.0318 3552        WinRM - ok

17:58:57.0614 3552        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys

17:58:57.0739 3552        WinUsb - ok

17:58:57.0864 3552        WirelessSelectorService (c2208229a0761b05e874e10ffb341a64) C:\Program Files\Fujitsu\WirelessSelector\WSUService.exe

17:58:57.0911 3552        WirelessSelectorService - ok

17:58:58.0020 3552        Wlansvc         (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll

17:58:58.0145 3552        Wlansvc - ok

17:58:58.0176 3552        WmiAcpi         (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys

17:58:58.0238 3552        WmiAcpi - ok

17:58:58.0332 3552        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe

17:58:58.0488 3552        wmiApSrv - ok

17:58:58.0535 3552        WMPNetworkSvc - ok

17:58:58.0597 3552        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll

17:58:58.0660 3552        WPCSvc - ok

17:58:58.0738 3552        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll

17:58:58.0847 3552        WPDBusEnum - ok

17:58:58.0878 3552        ws2ifsl         (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys

17:58:58.0972 3552        ws2ifsl - ok

17:58:59.0003 3552        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll

17:58:59.0065 3552        wscsvc - ok

17:58:59.0065 3552        WSearch - ok

17:58:59.0315 3552        wuauserv        (9df12edbc698b0bc353b3ef84861e430) C:\Windows\system32\wuaueng.dll

17:58:59.0455 3552        wuauserv - ok

17:58:59.0642 3552        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys

17:58:59.0783 3552        WudfPf - ok

17:58:59.0876 3552        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys

17:58:59.0970 3552        WUDFRd - ok

17:59:00.0032 3552        wudfsvc         (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll

17:59:00.0095 3552        wudfsvc - ok

17:59:00.0157 3552        WwanSvc         (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll

17:59:00.0251 3552        WwanSvc - ok

17:59:00.0298 3552        MBR (0x1B8)     (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0

17:59:00.0766 3552        \Device\Harddisk0\DR0 - ok

17:59:00.0812 3552        Boot (0x1200)   (af35c63a367f61bdc9d88d9d59c47ee6) \Device\Harddisk0\DR0\Partition0

17:59:00.0812 3552        \Device\Harddisk0\DR0\Partition0 - ok

17:59:00.0812 3552        ============================================================

17:59:00.0812 3552        Scan finished

17:59:00.0812 3552        ============================================================

17:59:00.0828 1000        Detected object count: 5

17:59:00.0828 1000        Actual detected object count: 5

17:59:54.0305 1000        HP LaserJet Service ( UnsignedFile.Multi.Generic ) - skipped by user

17:59:54.0305 1000        HP LaserJet Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:59:54.0305 1000        LMS ( UnsignedFile.Multi.Generic ) - skipped by user

17:59:54.0305 1000        LMS ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:59:54.0305 1000        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

17:59:54.0305 1000        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:59:54.0320 1000        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user

17:59:54.0320 1000        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 

17:59:54.0320 1000        UNS ( UnsignedFile.Multi.Generic ) - skipped by user

17:59:54.0320 1000        UNS ( UnsignedFile.Multi.Generic ) - User select action: Skip

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix

Lade dir ComboFix hier herunter auf deinen Desktop.

Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.

Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.

Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.

Wichtiger Hinweis:

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:

Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.

startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

Hallo Arne,

ich habe Combofix ausgeführt. Nach Stufe 50 ist mein Laptop allerdings von selbst runtergefahren, lies sich aber ohne Probleme wieder hochfahren. Als Log habe ich von Combofix allerdings nur das gefunden.
Ist das das richtige?

Code:

ComboFix 12-05-02.03 - Katharina 02.05.2012  21:22:33.1.4 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.1909.921 [GMT 2:00]

ausgeführt von:: C:\Users\Katharina\Desktop\ComboFix.exe

AV: Vodafone-Sicherheitspaket 9.01 *Enabled/Updated* {15414183-282E-D62C-CA37-EF24860A2F17}

FW: Vodafone-Sicherheitspaket 9.01 *Disabled* {2D7AC0A6-6241-D774-E168-461178D9686C}

SP: Vodafone-Sicherheitspaket 9.01 *Enabled/Updated* {AE20A067-0E14-D9A2-F087-D456FD8D65AA}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
 

(((((((((((((((((((((((   Dateien erstellt von 2012-04-02 bis 2012-05-02  ))))))))))))))))))))))))))))))

LG,
Katharina