Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   MyStart by Incredibar...noch jemand (https://www.trojaner-board.de/118374-mystart-by-incredibar-noch-jemand.html)

babycat 02.07.2012 22:32
MyStart by Incredibar...noch jemand
 
Mich hat es beim Update des PDFCreator auch erwischt :pfui:
Vielleicht kann mir ja auch jemand helfen.

Anbei die Logs:

Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:18 on 02/07/2012 (Nina)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Code:
OTL logfile created on: 02.07.2012 22:50:47 - Run 1
OTL by OldTimer - Version 3.2.53.1    Folder = C:\Users\babycat\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 46,22% Memory free
7,99 Gb Paging File | 5,72 Gb Available in Paging File | 71,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 80,01 Gb Total Space | 27,16 Gb Free Space | 33,94% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 49,91 Gb Free Space | 99,82% Space Free | Partition Type: NTFS
Drive E: | 168,08 Gb Total Space | 54,28 Gb Free Space | 32,29% Space Free | Partition Type: NTFS
 
Computer Name: babycat-PC | User Name: babycat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.02 22:45:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\babycat\Desktop\OTL.exe
PRC - [2012.06.27 16:42:06 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.06.06 09:14:32 | 000,185,856 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012.03.28 01:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
PRC - [2012.03.19 21:58:12 | 000,514,128 | ---- | M] (REINER SCT) -- C:\Windows\SysWOW64\cjpcsc.exe
PRC - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.11.20 20:29:18 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011.11.11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2011.03.04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.05.12 18:04:48 | 000,599,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2010.05.12 18:03:22 | 000,300,472 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2009.09.12 22:26:50 | 000,834,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009.09.12 19:09:48 | 000,357,800 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009.09.12 19:09:14 | 005,082,488 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009.08.23 14:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.27 16:42:06 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.08.12 13:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
MOD - [2011.08.12 13:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
MOD - [2011.08.12 13:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
MOD - [2011.08.12 13:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
MOD - [2011.08.12 13:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
MOD - [2006.08.12 13:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.12.02 05:12:11 | 000,165,456 | ---- | M] (Samsung Electronics) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc2.exe -- (Samsung UPD Service2)
SRV - [2012.06.27 16:42:06 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.24 22:03:21 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.06 09:14:32 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.28 01:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe -- (NIS)
SRV - [2012.03.19 21:58:12 | 000,514,128 | ---- | M] (REINER SCT) [Auto | Running] -- C:\Windows\SysWOW64\cjpcsc.exe -- (cjpcsc)
SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.11.20 20:29:18 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2011.03.04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.10.22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.10.08 07:18:46 | 000,697,616 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)
SRV - [2010.10.08 07:18:46 | 000,056,592 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)
SRV - [2010.10.08 07:18:44 | 000,957,712 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\iked.exe -- (iked)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.12 19:10:04 | 000,891,848 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.03.09 17:29:44 | 002,232,296 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe -- (AcronisOSSReinstallSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.29 08:28:38 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symnets.sys -- (SymNetS)
DRV:64bit: - [2012.03.29 08:28:30 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012.03.29 08:06:25 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.03.29 08:03:27 | 000,737,912 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012.03.29 08:03:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2012.03.27 09:55:06 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.01.18 08:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 500(UVC)
DRV:64bit: - [2012.01.18 08:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.11.30 00:44:29 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011.11.20 20:29:21 | 000,250,400 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011.11.20 20:29:15 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV:64bit: - [2011.11.20 20:29:12 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011.11.20 20:29:03 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011.08.02 18:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.07.25 20:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symds64.sys -- (SymDS)
DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.03.31 19:32:00 | 001,424,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.03.29 10:50:26 | 000,034,672 | ---- | M] (REINER SCT) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cjusb.sys -- (cjusb)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 13:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.12.27 16:36:32 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.02 09:18:46 | 000,021,504 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt)
DRV:64bit: - [2010.09.02 09:18:46 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet)
DRV:64bit: - [2010.04.16 17:22:04 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010.01.13 17:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.28 16:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.26 05:44:40 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DgivEcp.sys -- (DgiVecp)
DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007.10.23 00:58:44 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2007.05.09 22:50:48 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007.05.09 22:46:48 | 001,127,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2007.05.09 22:46:36 | 000,016,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2007.02.27 15:31:26 | 000,024,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV - [2012.07.02 21:37:25 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120702.002\ex64.sys -- (NAVEX15)
DRV - [2012.07.02 21:37:25 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120702.002\eng64.sys -- (NAVENG)
DRV - [2012.06.19 02:01:13 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.06.18 20:26:25 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120629.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012.05.31 14:17:46 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.05.31 11:17:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2F AE D8 09 72 F1 CC 01  [binary data]
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=DE&ver=19
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6R8xKMJnyv&i=26
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\..\SearchScopes\{FFAD0366-B992-4AF7-BFF8-554948CAFEF6}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2F AE D8 09 72 F1 CC 01  [binary data]
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=DE&ver=19
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\..\SearchScopes\{FFAD0366-B992-4AF7-BFF8-554948CAFEF6}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6R8xKMJnyv&&i=26&search="
FF - prefs.js..network.proxy.http: "69.60.138.242"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@emc.com/NpDmDataTransfer: C:\Program Files (x86)\eRoom 7\npeRoom7.dll (Documentum, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.07.02 11:13:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.02.02 10:05:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012.07.02 08:32:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.28 22:56:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.07.02 11:13:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.27 16:42:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.13 14:44:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.12.07 10:55:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.28 22:56:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.27 16:42:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.13 14:44:13 | 000,000,000 | ---D | M]
 
[2011.11.20 17:44:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\babycat\AppData\Roaming\mozilla\Extensions
[2012.07.02 11:55:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\babycat\AppData\Roaming\mozilla\Firefox\Profiles\kcqvg8ll.default\extensions
[2012.07.02 11:55:24 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\babycat\AppData\Roaming\mozilla\Firefox\Profiles\kcqvg8ll.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2011.12.06 18:39:29 | 000,001,919 | ---- | M] () -- C:\Users\babycat\AppData\Roaming\Mozilla\Firefox\Profiles\kcqvg8ll.default\searchplugins\leo-deu-fra.xml
[2011.12.06 18:39:20 | 000,001,911 | ---- | M] () -- C:\Users\babycat\AppData\Roaming\Mozilla\Firefox\Profiles\kcqvg8ll.default\searchplugins\leo-deu-spa.xml
[2011.12.04 23:38:18 | 000,001,180 | ---- | M] () -- C:\Users\babycat\AppData\Roaming\Mozilla\Firefox\Profiles\kcqvg8ll.default\searchplugins\urban-dictionary.xml
[2012.01.01 20:48:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.02 11:13:00 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2011.11.21 00:03:44 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\babycat\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KCQVG8LL.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012.05.14 17:16:18 | 000,115,263 | ---- | M] () (No name found) -- C:\USERS\babycat\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KCQVG8LL.DEFAULT\EXTENSIONS\{DAF44BF7-A45E-4450-979C-91CF07434C3D}.XPI
[2012.02.07 12:58:16 | 000,246,025 | ---- | M] () (No name found) -- C:\USERS\babycat\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KCQVG8LL.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI
[2011.12.17 22:29:00 | 000,012,686 | ---- | M] () (No name found) -- C:\USERS\babycat\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KCQVG8LL.DEFAULT\EXTENSIONS\SHOPCLEVER@EXTENSION.XPI
[2012.06.25 10:35:59 | 000,182,698 | ---- | M] () (No name found) -- C:\USERS\babycat\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KCQVG8LL.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.06.27 16:42:06 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.05.12 17:42:04 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010.05.12 17:43:54 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010.05.12 17:42:52 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010.05.12 17:42:32 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2010.05.12 18:22:36 | 000,423,328 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2010.05.12 17:43:56 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012.02.01 23:04:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.01 23:04:47 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.01 23:04:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.01 23:04:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.01 23:04:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.01 23:04:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll ()
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files (x86)\Samsung AnyWeb Print\W2PBrowser.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000..\Run: [SkyDrive] C:\Users\babycat\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [InnoSetupRegFile.0000000001] C:\Windows\is-R5JPF.exe ()
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\babycat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\babycat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: SmarThru4 Als HTML speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files (x86)\Samsung AnyWeb Print\W2PBrowser.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites)
O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} Reg Error: Key error. (ERPageAddin Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CD6D070-CAD8-4615-A18D-D2DF37A57979}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{271170BB-4899-4877-9F5B-1409564BD169}: DhcpNameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66F37841-F7CF-41E7-9D35-14653D16F00A}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.02 22:45:15 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\babycat\Desktop\OTL.exe
[2012.07.02 19:45:19 | 000,000,000 | ---D | C] -- C:\Users\babycat\AppData\Roaming\Malwarebytes
[2012.07.02 19:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.02 19:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.02 19:45:06 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.02 19:45:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.02 11:13:26 | 000,000,000 | ---D | C] -- C:\Users\babycat\AppData\Roaming\pdfforge
[2012.07.02 11:13:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
[2012.07.02 11:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012.07.02 11:13:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012.07.02 11:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012.07.02 11:12:23 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012.06.26 09:24:20 | 000,000,000 | ---D | C] -- C:\Users\babycat\AppData\Local\Macromedia
[2012.01.09 17:03:32 | 000,092,064 | ---- | C] (MCCI) -- C:\Users\babycat\mqdmmdm.sys
[2012.01.09 17:03:32 | 000,079,328 | ---- | C] (MCCI) -- C:\Users\babycat\mqdmserd.sys
[2012.01.09 17:03:32 | 000,066,656 | ---- | C] (MCCI) -- C:\Users\babycat\mqdmbus.sys
[2012.01.09 17:03:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Users\babycat\usbsermptxp.sys
[2012.01.09 17:03:32 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Users\babycat\usbsermpt.sys
[2012.01.09 17:03:32 | 000,009,232 | ---- | C] (MCCI) -- C:\Users\babycat\mqdmmdfl.sys
[2012.01.09 17:03:32 | 000,006,208 | ---- | C] (MCCI) -- C:\Users\babycat\mqdmcmnt.sys
[2012.01.09 17:03:32 | 000,005,936 | ---- | C] (MCCI) -- C:\Users\babycat\mqdmwhnt.sys
[2012.01.09 17:03:32 | 000,004,048 | ---- | C] (MCCI) -- C:\Users\babycat\mqdmcr.sys
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.02 22:45:20 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\babycat\Desktop\OTL.exe
[2012.07.02 22:04:27 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.02 20:18:09 | 000,000,000 | ---- | M] () -- C:\Users\babycat\defogger_reenable
[2012.07.02 19:45:09 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.02 11:13:27 | 000,704,512 | ---- | M] () -- C:\Windows\is-R5JPF.exe
[2012.07.02 11:13:27 | 000,012,753 | ---- | M] () -- C:\Windows\is-R5JPF.msg
[2012.07.02 11:13:27 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.07.02 11:13:27 | 000,000,358 | ---- | M] () -- C:\Windows\is-R5JPF.lst
[2012.07.02 11:13:16 | 000,000,454 | ---- | M] () -- C:\user.js
[2012.07.02 08:40:50 | 000,013,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.02 08:40:50 | 000,013,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.02 08:30:56 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012.07.02 08:30:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.02 08:30:41 | 3216,986,112 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.26 16:24:46 | 000,011,386 | ---- | M] () -- C:\Users\babycat\AppData\Roaming\SmarThruOptions.xml
[2012.06.25 10:21:23 | 000,354,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.24 23:56:29 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.24 23:56:29 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.24 23:56:29 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.24 23:56:29 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.24 23:56:28 | 001,520,734 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.24 21:26:54 | 000,001,047 | ---- | M] () -- C:\Users\babycat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.06.24 21:26:27 | 000,001,013 | ---- | M] () -- C:\Users\babycat\Desktop\Dropbox.lnk
[2012.06.06 22:45:30 | 000,003,584 | ---- | M] () -- C:\Users\babycat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.05 21:58:49 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.02 20:18:09 | 000,000,000 | ---- | C] () -- C:\Users\babycat\defogger_reenable
[2012.07.02 19:45:08 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.02 11:13:27 | 000,704,512 | ---- | C] () -- C:\Windows\is-R5JPF.exe
[2012.07.02 11:13:27 | 000,012,753 | ---- | C] () -- C:\Windows\is-R5JPF.msg
[2012.07.02 11:13:27 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk
[2012.07.02 11:13:27 | 000,000,358 | ---- | C] () -- C:\Windows\is-R5JPF.lst
[2012.07.02 11:13:15 | 000,000,454 | ---- | C] () -- C:\user.js
[2012.06.06 22:45:29 | 000,003,584 | ---- | C] () -- C:\Users\babycat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.24 13:03:17 | 000,011,386 | ---- | C] () -- C:\Users\babycat\AppData\Roaming\SmarThruOptions.xml
[2012.04.24 13:03:03 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe
[2012.04.24 13:02:53 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\SecSNMP.dll
[2012.04.24 13:02:36 | 000,000,136 | ---- | C] () -- C:\Windows\Readiris.ini
[2012.04.24 13:02:35 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll
[2012.04.19 16:43:22 | 000,260,688 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2012.04.19 16:34:44 | 000,142,128 | ---- | C] () -- C:\Windows\wiainst64.exe
[2012.03.31 14:52:04 | 000,000,396 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2012.03.31 14:51:52 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\SerialXP.dll
[2012.03.31 14:51:52 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\win32com.dll
[2012.02.15 16:02:33 | 000,000,600 | ---- | C] () -- C:\Users\babycat\AppData\Local\PUTTY.RND
[2012.01.18 08:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 08:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 08:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012.01.17 12:43:34 | 000,038,355 | ---- | C] () -- C:\Users\babycat\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2012.01.09 17:11:03 | 000,007,201 | ---- | C] () -- C:\Users\babycat\1326121863-(null)
[2012.01.09 17:03:32 | 000,009,913 | ---- | C] () -- C:\Users\babycat\MCCI_MDM.INF
[2012.01.09 17:03:32 | 000,009,232 | ---- | C] () -- C:\Users\babycat\USB_MOT_BRIT.INF
[2012.01.09 17:03:32 | 000,007,201 | ---- | C] () -- C:\Users\babycat\USBMOT2000.INF
[2012.01.09 17:03:32 | 000,006,989 | ---- | C] () -- C:\Users\babycat\MCCI_BUS.INF
[2012.01.09 17:03:32 | 000,006,141 | ---- | C] () -- C:\Users\babycat\USBMOT2000XP.INF
[2012.01.09 17:03:32 | 000,005,960 | ---- | C] () -- C:\Users\babycat\USB_MOT_A1000.INF
[2012.01.09 17:03:32 | 000,005,880 | ---- | C] () -- C:\Users\babycat\USB_CMCS_2000.INF
[2012.01.09 17:03:32 | 000,004,477 | ---- | C] () -- C:\Users\babycat\MCCI_SDM.INF
[2012.01.09 12:31:00 | 001,064,960 | ---- | C] () -- C:\Windows\SysWow64\h5krnl32.dll
[2012.01.09 12:31:00 | 000,188,928 | ---- | C] () -- C:\Windows\SysWow64\h5icon32.dll
[2012.01.09 12:31:00 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\h5menu32.dll
[2012.01.09 12:31:00 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\h5rtf32.dll
[2012.01.09 12:31:00 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\h5tool32.dll
[2011.12.04 22:52:31 | 000,000,575 | ---- | C] () -- C:\Windows\hpwmdl21.dat.temp
[2011.11.28 22:52:43 | 000,252,159 | ---- | C] () -- C:\Windows\hpwins21.dat
[2011.11.28 22:52:43 | 000,000,575 | ---- | C] () -- C:\Windows\hpwmdl21.dat
[2011.11.22 00:20:49 | 000,007,599 | ---- | C] () -- C:\Users\babycat\AppData\Local\Resmon.ResmonCfg
[2011.11.20 17:54:13 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.11.20 17:54:11 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.11.20 17:54:11 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.11.20 17:54:11 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.11.20 17:29:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
 
========== LOP Check ==========
 
[2011.11.20 19:12:23 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\90499BF8-CE1E-47CB-9EEA-4B39DD43956F
[2011.11.20 20:34:01 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\Acronis
[2012.02.15 17:56:07 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\ASCOMP Software
[2012.05.06 00:32:08 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\calibre
[2011.11.20 19:23:21 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\Canneverbe Limited
[2012.07.02 08:33:19 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\Dropbox
[2012.02.29 01:10:11 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\elsterformular
[2012.01.17 21:40:59 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\ICAClient
[2011.11.20 19:40:13 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\ID3-TagIT 3
[2012.01.17 22:03:20 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\Leadertech
[2012.07.02 11:13:26 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\pdfforge
[2012.05.11 11:50:00 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\SAP
[2012.04.24 13:03:19 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\SmarThru4
[2012.05.03 16:14:23 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\SmartTools
[2011.11.20 18:02:16 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\SpeedProject
[2011.11.20 17:31:55 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\Synaptics
[2012.02.08 15:51:20 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\Systemberatung Schommer
[2011.12.07 10:56:15 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\Thunderbird
[2011.11.20 18:15:35 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\TuneUp Software
[2011.11.21 00:29:05 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\Ubisoft
[2011.11.20 19:27:13 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\WindSolutions
[2012.02.15 08:54:29 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
Code:
OTL Extras logfile created on: 02.07.2012 22:50:47 - Run 1
OTL by OldTimer - Version 3.2.53.1    Folder = C:\Users\babycat\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 46,22% Memory free
7,99 Gb Paging File | 5,72 Gb Available in Paging File | 71,59% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 80,01 Gb Total Space | 27,16 Gb Free Space | 33,94% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 49,91 Gb Free Space | 99,82% Space Free | Partition Type: NTFS
Drive E: | 168,08 Gb Total Space | 54,28 Gb Free Space | 32,29% Space Free | Partition Type: NTFS
 
Computer Name: babycat-PC | User Name: babycat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2113610040-2832984514-1530586175-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [OnlineFotoservice] -- "C:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [CEWE FOTOSCHAU] -- "C:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [OnlineFotoservice] -- "C:\Program Files (x86)\OnlineFotoservice\OnlineFotoservice\OnlineFotoservice.exe" "%1" ()
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{006972B6-7DD5-4859-ACD5-95B92775F775}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{00B8E3C0-6987-4F24-87BB-D743CE0EDFC5}" = lport=139 | protocol=6 | dir=in | app=system |
"{075699EB-1F88-486D-AB49-23CACBC36CB9}" = rport=138 | protocol=17 | dir=out | app=system |
"{1CA66805-DDE4-4253-87E8-4C9C64910373}" = lport=138 | protocol=17 | dir=in | app=system |
"{25BE8233-AB52-42BC-B4B5-DB61822D1F7A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{463E529F-4F4F-40B8-9211-49DBD12E2B78}" = rport=445 | protocol=6 | dir=out | app=system |
"{4AE43453-15CE-4A37-A320-EBDD71758B51}" = lport=445 | protocol=6 | dir=in | app=system |
"{4E298A8F-7A3E-4831-A8D8-1E396FA8B44E}" = rport=137 | protocol=17 | dir=out | app=system |
"{51B26A2C-7F77-456D-A65E-7F2E06D63183}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{534CC624-9D54-4BDE-8F93-CDE214E4AEDD}" = rport=10243 | protocol=6 | dir=out | app=system |
"{5B8EB2EE-9182-4A7E-84E1-8BFD8110A8C6}" = lport=2869 | protocol=6 | dir=in | app=system |
"{5DAB7A55-A1D0-47BE-8D8D-B6BD44C129AE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{605A8436-01B7-4B8B-B8C6-910465E2C20D}" = rport=139 | protocol=6 | dir=out | app=system |
"{6BDD4C68-21A8-4E87-A0D7-7D58C127ECC9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{72D9B19B-09EF-43E8-9AFB-077F8719E17E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7FADD899-E844-4229-B5DB-604D6F832576}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{9B89AC20-09BD-45B8-8FD3-F210DFAD344A}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe |
"{A9392F87-0910-41BE-8C79-17DFABFFB700}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ABB724AD-95DD-4536-888B-D6A89613959B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ADBEF9C8-3A66-46CE-AF64-2AB3309B3AA5}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B5FB9EBF-2418-4A55-B0E2-2F5CD159F4FB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C1F42018-85E5-45DE-8129-FC7A13BA756F}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{CEF25AF2-1B09-4BA6-A0F8-3C3E2ADD634E}" = lport=137 | protocol=17 | dir=in | app=system |
"{E33238F5-8C27-4FAA-AA8F-1B6A27E7BA48}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02BCCFC0-A593-49E8-BA5A-0200F155B429}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{114C402A-70ED-4AB5-8347-1B7AFE6D829C}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe |
"{11D7E155-8AEE-461D-8213-195E355A8B31}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{129B9BFD-128F-4C1A-BEFB-94CEFB0EA4C3}" = protocol=17 | dir=in | app=c:\users\babycat\appdata\local\microsoft\skydrive\skydrive.exe |
"{129F4FC5-8FF3-4871-BEAA-56145816F89F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1AAFCFAA-BFA8-4CCC-9796-85E52682AA53}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2288224A-6585-4072-9170-4EC2342966F1}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2475B31C-E880-48F5-B28C-215CE1AF6504}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{289F66A6-538D-44D4-8A78-78200A26B8D2}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{28EB0A27-6018-4C95-89F4-D601B7A4426A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3692D446-7B35-4179-8DAD-54D9E8584970}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{38178CBC-C6A1-4DCA-8D49-538BF3D6B2D2}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc2.exe |
"{4D833AA4-6E95-43CE-B79E-9D0576F93081}" = dir=in | app=c:\program files (x86)\hp\digital imaging\{a9e695cb-a6aa-4b4c-9754-ba3cff1c3b00}\setup\hpznui40.exe |
"{510F8309-138C-474B-8DEE-27C20FEB05D0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{53882299-A2A9-43EA-9D8C-D17BC6C832DD}" = protocol=6 | dir=out | app=system |
"{6511E3C4-7047-4D29-A174-AF90232BD7B8}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc2.exe |
"{6867EBA0-FFC4-4427-86BF-50F030017C03}" = protocol=6 | dir=in | app=c:\users\babycat\appdata\local\microsoft\skydrive\skydrive.exe |
"{6B921FF5-DAD8-486C-A53B-673A21D59CDF}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{7784E00A-E94E-4FCC-9EAC-8F1BD086D4BC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{8A399AA1-E310-4A7B-B03D-B165B1E4A9E4}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe |
"{8F37E92B-9722-4D6D-A535-C7FDEBC796AE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8F5B81E3-F910-4016-BF8A-49098C093ED9}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\usdagent.exe |
"{96791A83-6348-4C24-BC9B-34D25D7E77F3}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung universal scan driver\iccupdater.exe |
"{AF5B0D72-1687-4F8C-8457-15B2F8828405}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{AFC218B1-68CB-439A-982D-3178459C0D53}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B09990EF-C6CB-400F-A314-B98D99FC70BF}" = protocol=17 | dir=in | app=c:\users\babycat\appdata\roaming\dropbox\bin\dropbox.exe |
"{BEAB5977-8A11-4C6A-96C9-6A9BAC7D792F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CF1A98C5-0389-45BC-85AC-86CA905C26A7}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DEB6184B-23D5-492A-B1FD-E1F31FDFA8DF}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E56C79C8-7D1A-420C-A2C0-C5757C989766}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EBD6683B-1677-417C-AE32-DF66E181A01E}" = protocol=6 | dir=in | app=c:\users\babycat\appdata\roaming\dropbox\bin\dropbox.exe |
"{F854A8DA-BCE1-49F1-A552-5F54328FEAD8}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{FCF85C9D-391F-4027-B467-03385EDB8CC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = Web Assistant 2.0.0.455
"{3D33F6F0-4D90-484D-A1D9-09AE791CCBD9}" = Eraser 6.0.9.2343
"{48C0866E-57EB-444C-8371-8E4321066BC3}" = Network64
"{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}" = iTunes
"{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}" = Cisco Systems VPN Client 5.0.07.0440
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{813CE4B9-A995-4709-9459-8694532E408E}" = Motorola Driver Installation
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9ED333F8-3E6C-4A38-BAFA-728454121CDA}" = PDF-XChange Viewer
"{A9E695CB-A6AA-4B4C-9754-BA3CFF1C3B00}" = HP Officejet Pro 8000 A809 Series
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CPUID HWMonitorPro_is1" = CPUID HWMonitor Pro 1.12
"HP Imaging Device Functions" = HP Imaging Device Functions 14.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0
"HPExtendedCapabilities" = HP Customer Participation Program 14.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Shop for HP Supplies" = Shop for HP Supplies
"Shrew Soft VPN Client" = Shrew Soft VPN Client
"SpeedCommander 13 (x64)" = SpeedCommander 13 (x64)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{0FAEAEC8-F458-4AE2-89B8-BF680FD245D5}" = 8000A809_eDocs
"{1000ACF5-0BCF-4FC0-B4F5-F044317F9155}" = ProductContext
"{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery
"{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}" = Synaptics Gesture Suite featuring SYNAPTICS | Scrybe
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{2300EE96-0A41-4FAB-BD03-989EC44577A0}" = Acronis*Disk Director Suite
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 29
"{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{318DBE01-1E6B-4243-84B0-210391FE789A}" = Samsung AnyWeb Print
"{3324A5DC-C7F6-430A-ACC8-F251CD8F4FC7}" = Motorola Driver Installation
"{366584A4-1D35-49B2-97B3-C803DDFCC543}" = myPrintMileage (Officejet Pro 8000 A809)
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 - Königsedition
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3FCE16F1-CCC4-4A18-A7B7-8837FCC4ABB1}" = eRoom 7 Client
"{44228375-A198-489B-B90F-F88A1A78D5F5}" = Microsoft Lync 2010 Attendee
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{50ACF4F1-D38A-4DCE-8147-0F574CDEF45B}" = Citrix Online Plug-in (USB)
"{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{76E41F43-59D2-4F30-BA42-9A762EE1E8DE}" = Avanquest update
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{A47A9101-6EB5-4314-BDA1-297880FBB908}" = Microsoft redistributable runtime DLLs VS2008 SP1(x86)
"{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply
"{B124E6D3-91B4-4E3C-AD03-BA959B223537}" = Citrix Online Plug-in (Web)
"{B660E0D0-A8CB-45A7-96FB-93E8C915A0B2}" = Easy Network Manager
"{B9830694-3D4A-40CC-AB27-5A8C9E160200}" = BPDSoftware
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2
"{BC093E6F-61D2-4F6D-9463-ECDC2CA25462}" = calibre
"{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter
"{BDE7CE44-145A-47E3-9A75-9FBD49D9B46B}" = 8000A809
"{C1CE7EE2-8BCE-4F22-85C0-58331E33621E}" = Motorola Phone Tools
"{C2F1F96A-057E-5819-B52E-FEA1D1D2933B}" = Acronis*True*Image*Home
"{C5F7045B-193F-418C-A4DE-27F76F28841E}" = BPDSoftware_Ini
"{CA510CF6-4F86-48FF-B176-C245E7F4D218}" = eT-Fahrtenbuch 7
"{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp
"{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86)
"{CF255306-5B68-401F-87BA-AA62BEA6888C}" = 8000A809_Help
"{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D899C197-F8C1-4773-9EC4-6C1FBADB9B29}" = Citrix Online Plug-in (HDX)
"{D8D4ED7E-954C-449D-B21D-6F97036DF0E9}" = Citrix Online Plug-in (DV)
"{E30E7561-A466-4393-B8BF-FD93E733EF3C}" = Microsoft Office Live Meeting 2007
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm
"{FC338210-F594-11D3-BA24-00001C3AB4DF}" = cyberJack Base Components
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"2476-8030-0924-5048" = Miniplan 3.1.5
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Canon ScanGear Toolbox CS" = Canon ScanGear Toolbox CS 2.2
"CDex" = CDex - Open Source Digital Audio CD Extractor
"CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web
"ElsterFormular 13.0.0.8086u" = ElsterFormular
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ID3-TagIT 3_is1" = ID3-TagIT 3
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.9.0 (Full)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security
"OnlineFotoservice" = OnlineFotoservice
"Passbild-Generator_is1" = Bewerbungsfoto-/Passbild-Generator v3.5a
"Picasa 3" = Picasa 3
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Samsung Universal Scan Driver" = Samsung Universal Scan Driver
"SAP_Engineering Client Viewer 7.0" = Engineering Client Viewer 7.0
"SAP_JNet" = SAP JNet
"SAPBI" = SAP Business Explorer
"SAPGUI710" = SAP GUI for Windows 7.20
"SetIP" = SetIP
"SmarThru PC Fax" = SmarThru PC Fax
"SpeedFan" = SpeedFan (remove only)
"Synchredible_is1" = Synchredible v3.2
"VLC media player" = VLC media player 1.1.11
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2113610040-2832984514-1530586175-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
"Dropbox" = Dropbox
"SkyDriveSetup.exe" = Microsoft SkyDrive
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2113610040-2832984514-1530586175-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"CopyTrans Suite" = Nur Deinstallierung der CopyTrans Suite möglich.
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.06.2012 17:54:06 | Computer Name = babycat-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 24.06.2012 17:54:07 | Computer Name = babycat-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 24.06.2012 17:59:36 | Computer Name = babycat-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 24.06.2012 17:59:56 | Computer Name = babycat-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 24.06.2012 17:59:58 | Computer Name = babycat-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 24.06.2012 18:00:02 | Computer Name = babycat-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
 Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
 Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
 gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
 
Error - 25.06.2012 04:22:35 | Computer Name = babycat-PC | Source = Microsoft-Windows-RestartManager | ID = 10006
Description = Die Anwendung oder der Dienst "Windows-Explorer" konnte nicht heruntergefahren
 werden.
 
Error - 26.06.2012 09:31:15 | Computer Name = babycat-PC | Source = Application Hang | ID = 1002
Description = Programm SpeedCommander.exe, Version 13.10.6000.0 kann nicht mehr
unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
 in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1330    Startzeit: 01cd539fed5ba363    Endzeit: 15    Anwendungspfad:
 C:\Program Files\SpeedProject\SpeedCommander 13\SpeedCommander.exe    Berichts-ID:
2f99400c-bf93-11e1-89b0-00211930bb1a 
 
Error - 02.07.2012 02:49:01 | Computer Name = babycat-PC | Source = Application Hang | ID = 1002
Description = Programm SpeedCommander.exe, Version 13.10.6000.0 kann nicht mehr
unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
 in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: fc8    Startzeit: 01cd581d8a5ca866    Endzeit: 16    Anwendungspfad:
C:\Program Files\SpeedProject\SpeedCommander 13\SpeedCommander.exe    Berichts-ID: faf7fc52-c411-11e1-9dfa-00211930bb1a

 
Error - 02.07.2012 03:10:43 | Computer Name = babycat-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SpeedCommander.exe, Version: 13.10.6000.0,
 Zeitstempel: 0x4b601f47  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000374  Fehleroffset: 0x00000000000c40f2
ID
 des fehlerhaften Prozesses: 0x151c  Startzeit der fehlerhaften Anwendung: 0x01cd5821a9916066
Pfad
 der fehlerhaften Anwendung: C:\Program Files\SpeedProject\SpeedCommander 13\SpeedCommander.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: 09767e50-c415-11e1-9dfa-00211930bb1a
 
[ OSession Events ]
Error - 08.01.2012 16:17:40 | Computer Name = babycat-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 68
 seconds with 60 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 08.05.2012 03:31:58 | Computer Name = babycat-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
Error - 09.05.2012 03:39:18 | Computer Name = babycat-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
Error - 10.05.2012 04:46:34 | Computer Name = babycat-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
Error - 11.05.2012 05:11:54 | Computer Name = babycat-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
Error - 14.05.2012 04:28:09 | Computer Name = babycat-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
Error - 15.05.2012 02:17:54 | Computer Name = babycat-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
Error - 15.05.2012 02:40:15 | Computer Name = babycat-PC | Source = Server | ID = 2505
Description = Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht
 \Device\NetBT_Tcpip_{5D15464A-4AE0-413E-92D5-411E8DC00B94} vom Serverdienst nicht
 gebunden werden. Der Serverdienst konnte nicht gestartet werden.
 
Error - 16.05.2012 04:00:55 | Computer Name = babycat-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
Error - 17.05.2012 07:09:52 | Computer Name = babycat-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
Error - 21.05.2012 03:49:18 | Computer Name = babycat-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
  %%20
 
 
< End of report >
Code:
Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.07.02.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
babycat :: BABYCAT-PC [Administrator]

Schutz: Deaktiviert

02.07.2012 19:50:53
mbam-log-2012-07-02 (19-50-53).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 420228
Laufzeit: 1 Stunde(n), 48 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
Danke schon mal im Voraus...

cosinus 04.07.2012 13:25
Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

babycat 04.07.2012 13:33
Hallo Arne,

danke für die Unterstützung!:daumenhoc

Ich habe vorher noch nicht mit Malwarebytes gescannt. Außer dem geposteten Log sind noch 3 Dateien vorhanden.
Sind allerdings nur die Protection Logs. Ich denke die interessieren nicht, oder?
Ich füge sie trotzdem als Anhang hinzu.

Danke + Grüße,
Nina

cosinus 05.07.2012 08:51
Führ bitte auch ESET aus, danach sehen wir weiter.

Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden.

ESET Online Scanner
Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
  • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt so öffnen: per Rechtsklick => als Administrator ausführen
  • Dein Anti-Virus-Programm während des Scans deaktivieren.

    Button http://img695.imageshack.us/img695/1599/eset1l.jpg (<< klick) drücken.
    • Firefox-User:
      Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
    • IE-User:
      müssen das Installieren eines ActiveX Elements erlauben.
  • Setze den einen Haken bei Yes, i accept the Terms of Use.
  • Drücke den http://img707.imageshack.us/img707/687/starteg.jpg Button.
  • Warte bis die Komponenten herunter geladen wurden.
  • Setze einen Haken bei "Scan archives".
  • Gehe sicher das bei Remove Found Threats kein Hacken gesetzt ist.
  • http://img707.imageshack.us/img707/687/starteg.jpg drücken.
  • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.
Wenn der Scan beendet wurde
  • Klicke Finish.
  • Browser schließen.
Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und kopiere folgenden Text in das Ausführen Fenster.
Code:
"%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Hinweis: Falls du ein 64-Bit-Windows einsetzt, lautet der Pfad so:

Code:
"%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
Poste nun den Inhalt der log.txt.

babycat 05.07.2012 22:05
Hallo Arne,

anbei die Logdatei:

Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=03ccda9fe2948643bff4490d037324fb
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-05 09:57:20
# local_time=2012-07-05 11:57:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 66 85 19426467 93108386 0 0
# compatibility_mode=8192 67108863 100 0 146 146 0 0
# scanned=84337
# found=0
# cleaned=0
# scan_time=3704
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=03ccda9fe2948643bff4490d037324fb
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-07-05 09:00:07
# local_time=2012-07-05 11:00:07 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=5893 16776574 66 85 19460925 93142844 0 0
# compatibility_mode=8192 67108863 100 0 34604 34604 0 0
# scanned=218376
# found=3
# cleaned=0
# scan_time=9012
C:\Users\Nina\Downloads\PDFCreator-1_2_3_setup.exe        Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
C:\Users\Nina\Downloads\Screen-Cap_dlm.exe        a variant of Win32/InstallCore.F application (unable to clean)        00000000000000000000000000000000        I
E:\Privat\Update 64 Bit\PDFCreator-1_2_3_setup.exe        Win32/Toolbar.Widgi application (unable to clean)        00000000000000000000000000000000        I
Danke + Grüße,
Nina

cosinus 06.07.2012 08:45
Hätte da mal zwei Fragen bevor es weiter geht

1.) Geht der normale Modus von Windows (wieder) uneingeschränkt?
2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?

babycat 06.07.2012 10:41
Hallo Arne,

der normale Windows Modus geht aber im Firefox kommt bei jedem neuen Tab immer MyStart Incredibar als Startseite. Im Startmenü vermisse ich (noch) nichts. Ich könnte mir jetzt einbilden, dass der Rechner insgesamt etwa langsamer ist.

Danke + Grüße,
Nina

cosinus 06.07.2012 11:43
Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

babycat 10.07.2012 20:22
Hallo Arne,

sorry hat ein paar Tage gedauert. Anbei das Logfile:

OTL Logfile:
Code:
OTL logfile created on: 10.07.2012 20:42:27 - Run 2
OTL by OldTimer - Version 3.2.53.1    Folder = C:\Users\Nina\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 58,42% Memory free
7,99 Gb Paging File | 6,18 Gb Available in Paging File | 77,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 80,01 Gb Total Space | 23,24 Gb Free Space | 29,05% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 49,91 Gb Free Space | 99,82% Space Free | Partition Type: NTFS
Drive E: | 168,08 Gb Total Space | 54,28 Gb Free Space | 32,29% Space Free | Partition Type: NTFS
Drive X: | 913,94 Gb Total Space | 586,01 Gb Free Space | 64,12% Space Free | Partition Type: NTFS
Drive Y: | 913,94 Gb Total Space | 586,01 Gb Free Space | 64,12% Space Free | Partition Type: NTFS
Drive Z: | 913,94 Gb Total Space | 586,01 Gb Free Space | 64,12% Space Free | Partition Type: NTFS
 
Computer Name: NINA-PC | User Name: Nina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.10 20:40:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe
PRC - [2012.06.06 09:14:32 | 000,185,856 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe
PRC - [2012.05.31 10:57:20 | 000,296,672 | ---- | M] (Microsoft Corporation) -- C:\Users\Nina\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Nina\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.22 08:38:56 | 000,160,872 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.28 01:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
PRC - [2012.03.19 21:58:12 | 000,514,128 | ---- | M] (REINER SCT) -- C:\Windows\SysWOW64\cjpcsc.exe
PRC - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.11.20 20:29:18 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011.11.11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2011.03.04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.05.12 18:04:48 | 000,599,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2010.05.12 18:03:22 | 000,300,472 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2010.05.12 17:52:16 | 001,918,392 | ---- | M] (Citrix Systems, Inc.) -- C:\PROGRA~2\Citrix\ICACLI~1\WFICA32.EXE
PRC - [2009.09.12 22:26:50 | 000,834,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009.09.12 19:09:48 | 000,357,800 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009.09.12 19:09:14 | 005,082,488 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009.08.23 14:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.08.12 13:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
MOD - [2011.08.12 13:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
MOD - [2011.08.12 13:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
MOD - [2011.08.12 13:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
MOD - [2011.08.12 13:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
MOD - [2006.08.12 13:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.12.02 05:12:11 | 000,165,456 | ---- | M] (Samsung Electronics) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc2.exe -- (Samsung UPD Service2)
SRV - [2012.06.27 16:42:06 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.24 22:03:21 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.06.06 09:14:32 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.28 01:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe -- (NIS)
SRV - [2012.03.19 21:58:12 | 000,514,128 | ---- | M] (REINER SCT) [Auto | Running] -- C:\Windows\SysWOW64\cjpcsc.exe -- (cjpcsc)
SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.11.20 20:29:18 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2011.03.04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.10.22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.10.08 07:18:46 | 000,697,616 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)
SRV - [2010.10.08 07:18:46 | 000,056,592 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)
SRV - [2010.10.08 07:18:44 | 000,957,712 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\iked.exe -- (iked)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.12 19:10:04 | 000,891,848 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.03.09 17:29:44 | 002,232,296 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe -- (AcronisOSSReinstallSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.29 08:28:38 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symnets.sys -- (SymNetS)
DRV:64bit: - [2012.03.29 08:28:30 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012.03.29 08:06:25 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.03.29 08:03:27 | 000,737,912 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012.03.29 08:03:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2012.03.27 09:55:06 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.01.18 08:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 500(UVC)
DRV:64bit: - [2012.01.18 08:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.11.30 00:44:29 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011.11.20 20:29:21 | 000,250,400 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011.11.20 20:29:15 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV:64bit: - [2011.11.20 20:29:12 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011.11.20 20:29:03 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011.08.02 18:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.07.25 20:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symds64.sys -- (SymDS)
DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.03.31 19:32:00 | 001,424,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.03.29 10:50:26 | 000,034,672 | ---- | M] (REINER SCT) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cjusb.sys -- (cjusb)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 13:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.12.27 16:36:32 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.02 09:18:46 | 000,021,504 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt)
DRV:64bit: - [2010.09.02 09:18:46 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet)
DRV:64bit: - [2010.04.16 17:22:04 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010.01.13 17:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009.09.28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.28 16:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.26 05:44:40 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DgivEcp.sys -- (DgiVecp)
DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007.10.23 00:58:44 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2007.05.09 22:50:48 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007.05.09 22:46:48 | 001,127,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2007.05.09 22:46:36 | 000,016,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2007.02.27 15:31:26 | 000,024,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV - [2012.07.10 12:08:29 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120709.038\ex64.sys -- (NAVEX15)
DRV - [2012.07.10 12:08:29 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120709.038\eng64.sys -- (NAVENG)
DRV - [2012.06.19 02:01:13 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.06.18 20:26:25 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120707.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012.05.31 14:17:46 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.05.31 11:17:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2F AE D8 09 72 F1 CC 01  [binary data]
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=DE&ver=19
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb139/?search={searchTerms}&loc=IB_DS&a=6R8xKMJnyv&i=26
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\..\SearchScopes\{FFAD0366-B992-4AF7-BFF8-554948CAFEF6}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2F AE D8 09 72 F1 CC 01  [binary data]
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=DE&ver=19
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\..\SearchScopes\{FFAD0366-B992-4AF7-BFF8-554948CAFEF6}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6R8xKMJnyv&&i=26&search="
FF - prefs.js..network.proxy.http: "69.60.138.242"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@emc.com/NpDmDataTransfer: C:\Program Files (x86)\eRoom 7\npeRoom7.dll (Documentum, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.07.02 11:13:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.02.02 10:05:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012.07.10 10:13:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.28 22:56:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.07.02 11:13:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.27 16:42:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.13 14:44:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.04 10:07:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.28 22:56:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.27 16:42:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.13 14:44:13 | 000,000,000 | ---D | M]
 
[2011.11.20 17:44:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nina\AppData\Roaming\mozilla\Extensions
[2012.07.10 20:39:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\kcqvg8ll.default\extensions
[2012.07.03 12:39:04 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\kcqvg8ll.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.07.10 20:39:20 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\Nina\AppData\Roaming\mozilla\Firefox\Profiles\kcqvg8ll.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2011.12.06 18:39:29 | 000,001,919 | ---- | M] () -- C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\kcqvg8ll.default\searchplugins\leo-deu-fra.xml
[2011.12.06 18:39:20 | 000,001,911 | ---- | M] () -- C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\kcqvg8ll.default\searchplugins\leo-deu-spa.xml
[2011.12.04 23:38:18 | 000,001,180 | ---- | M] () -- C:\Users\Nina\AppData\Roaming\Mozilla\Firefox\Profiles\kcqvg8ll.default\searchplugins\urban-dictionary.xml
[2012.01.01 20:48:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.02 11:13:00 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
[2011.11.21 00:03:44 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\NINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KCQVG8LL.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012.05.14 17:16:18 | 000,115,263 | ---- | M] () (No name found) -- C:\USERS\NINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KCQVG8LL.DEFAULT\EXTENSIONS\{DAF44BF7-A45E-4450-979C-91CF07434C3D}.XPI
[2012.02.07 12:58:16 | 000,246,025 | ---- | M] () (No name found) -- C:\USERS\NINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KCQVG8LL.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI
[2011.12.17 22:29:00 | 000,012,686 | ---- | M] () (No name found) -- C:\USERS\NINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KCQVG8LL.DEFAULT\EXTENSIONS\SHOPCLEVER@EXTENSION.XPI
[2012.06.25 10:35:59 | 000,182,698 | ---- | M] () (No name found) -- C:\USERS\NINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KCQVG8LL.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.06.27 16:42:06 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.05.12 17:42:04 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010.05.12 17:43:54 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010.05.12 17:42:52 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010.05.12 17:42:32 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2010.05.12 18:22:36 | 000,423,328 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2010.05.12 17:43:56 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012.02.01 23:04:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.01 23:04:47 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.01 23:04:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.01 23:04:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.01 23:04:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.01 23:04:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension64.dll ()
O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll ()
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files (x86)\Samsung AnyWeb Print\W2PBrowser.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000..\Run: [SkyDrive] C:\Users\Nina\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Nina\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: SmarThru4 Als HTML speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files (x86)\Samsung AnyWeb Print\W2PBrowser.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} Reg Error: Key error. (ERPageAddin Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CD6D070-CAD8-4615-A18D-D2DF37A57979}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{271170BB-4899-4877-9F5B-1409564BD169}: DhcpNameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66F37841-F7CF-41E7-9D35-14653D16F00A}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.10 20:40:11 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe
[2012.07.05 10:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.05 10:52:46 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Nina\Desktop\esetsmartinstaller_enu.exe
[2012.07.04 15:33:20 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\PDF24
[2012.07.04 10:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012.07.04 10:12:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24
[2012.07.03 12:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.07.02 19:45:19 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Roaming\Malwarebytes
[2012.07.02 19:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.02 19:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.02 19:45:06 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.02 19:45:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.02 11:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012.07.02 11:12:58 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant
[2012.07.02 11:12:23 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012.06.26 09:24:20 | 000,000,000 | ---D | C] -- C:\Users\Nina\AppData\Local\Macromedia
[2012.01.09 17:03:32 | 000,092,064 | ---- | C] (MCCI) -- C:\Users\Nina\mqdmmdm.sys
[2012.01.09 17:03:32 | 000,079,328 | ---- | C] (MCCI) -- C:\Users\Nina\mqdmserd.sys
[2012.01.09 17:03:32 | 000,066,656 | ---- | C] (MCCI) -- C:\Users\Nina\mqdmbus.sys
[2012.01.09 17:03:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Users\Nina\usbsermptxp.sys
[2012.01.09 17:03:32 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Users\Nina\usbsermpt.sys
[2012.01.09 17:03:32 | 000,009,232 | ---- | C] (MCCI) -- C:\Users\Nina\mqdmmdfl.sys
[2012.01.09 17:03:32 | 000,006,208 | ---- | C] (MCCI) -- C:\Users\Nina\mqdmcmnt.sys
[2012.01.09 17:03:32 | 000,005,936 | ---- | C] (MCCI) -- C:\Users\Nina\mqdmwhnt.sys
[2012.01.09 17:03:32 | 000,004,048 | ---- | C] (MCCI) -- C:\Users\Nina\mqdmcr.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.10 20:40:12 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Nina\Desktop\OTL.exe
[2012.07.10 20:03:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.10 10:20:14 | 000,013,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.10 10:20:14 | 000,013,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.10 10:11:40 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012.07.10 10:11:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.10 10:11:29 | 3216,986,112 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.05 10:52:47 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Nina\Desktop\esetsmartinstaller_enu.exe
[2012.07.04 10:15:07 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.04 10:15:07 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.04 10:15:07 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.04 10:15:07 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.04 10:15:07 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.04 10:14:47 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.07.04 10:14:46 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.07.04 10:13:22 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.07.04 10:13:18 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.07.02 20:18:09 | 000,000,000 | ---- | M] () -- C:\Users\Nina\defogger_reenable
[2012.07.02 19:45:09 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.02 11:13:16 | 000,000,454 | ---- | M] () -- C:\user.js
[2012.06.26 16:24:46 | 000,011,386 | ---- | M] () -- C:\Users\Nina\AppData\Roaming\SmarThruOptions.xml
[2012.06.25 10:21:23 | 000,354,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.24 21:26:54 | 000,001,047 | ---- | M] () -- C:\Users\Nina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.06.24 21:26:27 | 000,001,013 | ---- | M] () -- C:\Users\Nina\Desktop\Dropbox.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.04 10:14:47 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.07.04 10:14:46 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.07.04 10:13:20 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.07.04 10:13:16 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.07.02 20:18:09 | 000,000,000 | ---- | C] () -- C:\Users\Nina\defogger_reenable
[2012.07.02 19:45:08 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.02 11:13:15 | 000,000,454 | ---- | C] () -- C:\user.js
[2012.06.06 22:45:29 | 000,003,584 | ---- | C] () -- C:\Users\Nina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.24 13:03:17 | 000,011,386 | ---- | C] () -- C:\Users\Nina\AppData\Roaming\SmarThruOptions.xml
[2012.04.24 13:03:03 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe
[2012.04.24 13:02:53 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\SecSNMP.dll
[2012.04.24 13:02:36 | 000,000,136 | ---- | C] () -- C:\Windows\Readiris.ini
[2012.04.24 13:02:35 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll
[2012.04.19 16:43:22 | 000,260,688 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2012.04.19 16:34:44 | 000,142,128 | ---- | C] () -- C:\Windows\wiainst64.exe
[2012.03.31 14:52:04 | 000,000,396 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2012.03.31 14:51:52 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\SerialXP.dll
[2012.03.31 14:51:52 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\win32com.dll
[2012.02.15 16:02:33 | 000,000,600 | ---- | C] () -- C:\Users\Nina\AppData\Local\PUTTY.RND
[2012.01.18 08:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 08:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 08:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012.01.17 12:43:34 | 000,038,355 | ---- | C] () -- C:\Users\Nina\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2012.01.09 17:11:03 | 000,007,201 | ---- | C] () -- C:\Users\Nina\1326121863-(null)
[2012.01.09 17:03:32 | 000,009,913 | ---- | C] () -- C:\Users\Nina\MCCI_MDM.INF
[2012.01.09 17:03:32 | 000,009,232 | ---- | C] () -- C:\Users\Nina\USB_MOT_BRIT.INF
[2012.01.09 17:03:32 | 000,007,201 | ---- | C] () -- C:\Users\Nina\USBMOT2000.INF
[2012.01.09 17:03:32 | 000,006,989 | ---- | C] () -- C:\Users\Nina\MCCI_BUS.INF
[2012.01.09 17:03:32 | 000,006,141 | ---- | C] () -- C:\Users\Nina\USBMOT2000XP.INF
[2012.01.09 17:03:32 | 000,005,960 | ---- | C] () -- C:\Users\Nina\USB_MOT_A1000.INF
[2012.01.09 17:03:32 | 000,005,880 | ---- | C] () -- C:\Users\Nina\USB_CMCS_2000.INF
[2012.01.09 17:03:32 | 000,004,477 | ---- | C] () -- C:\Users\Nina\MCCI_SDM.INF
[2012.01.09 12:31:00 | 001,064,960 | ---- | C] () -- C:\Windows\SysWow64\h5krnl32.dll
[2012.01.09 12:31:00 | 000,188,928 | ---- | C] () -- C:\Windows\SysWow64\h5icon32.dll
[2012.01.09 12:31:00 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\h5menu32.dll
[2012.01.09 12:31:00 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\h5rtf32.dll
[2012.01.09 12:31:00 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\h5tool32.dll
[2011.12.04 22:52:31 | 000,000,575 | ---- | C] () -- C:\Windows\hpwmdl21.dat.temp
[2011.11.28 22:52:43 | 000,252,159 | ---- | C] () -- C:\Windows\hpwins21.dat
[2011.11.28 22:52:43 | 000,000,575 | ---- | C] () -- C:\Windows\hpwmdl21.dat
[2011.11.22 00:20:49 | 000,007,599 | ---- | C] () -- C:\Users\Nina\AppData\Local\Resmon.ResmonCfg
[2011.11.20 17:54:13 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.11.20 17:54:11 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.11.20 17:54:11 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.11.20 17:54:11 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.11.20 17:29:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
 
========== LOP Check ==========
 
[2011.11.20 19:12:23 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\90499BF8-CE1E-47CB-9EEA-4B39DD43956F
[2011.11.20 20:34:01 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Acronis
[2012.02.15 17:56:07 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\ASCOMP Software
[2012.05.06 00:32:08 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\calibre
[2011.11.20 19:23:21 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Canneverbe Limited
[2012.07.10 10:17:01 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Dropbox
[2012.02.29 01:10:11 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\elsterformular
[2012.01.17 21:40:59 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\ICAClient
[2011.11.20 19:40:13 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\ID3-TagIT 3
[2012.01.17 22:03:20 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Leadertech
[2012.05.11 11:50:00 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\SAP
[2012.04.24 13:03:19 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\SmarThru4
[2012.05.03 16:14:23 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\SmartTools
[2011.11.20 18:02:16 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\SpeedProject
[2011.11.20 17:31:55 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Synaptics
[2012.02.08 15:51:20 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Systemberatung Schommer
[2011.12.07 10:56:15 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Thunderbird
[2011.11.20 18:15:35 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\TuneUp Software
[2011.11.21 00:29:05 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Ubisoft
[2011.11.20 19:27:13 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\WindSolutions
[2012.02.15 08:54:29 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.20 19:12:23 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\90499BF8-CE1E-47CB-9EEA-4B39DD43956F
[2011.11.20 20:34:01 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Acronis
[2011.11.20 19:31:03 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Adobe
[2012.04.02 21:05:03 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Apple Computer
[2012.02.15 17:56:07 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\ASCOMP Software
[2012.05.06 00:32:08 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\calibre
[2011.11.20 19:23:21 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Canneverbe Limited
[2012.07.10 10:17:01 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Dropbox
[2012.02.29 01:10:11 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\elsterformular
[2011.12.12 21:30:54 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\HP
[2012.02.06 12:05:09 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\HpUpdate
[2012.01.17 21:40:59 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\ICAClient
[2011.11.20 19:40:13 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\ID3-TagIT 3
[2011.11.20 17:14:48 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Identities
[2012.04.19 16:31:41 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\InstallShield
[2012.01.17 22:03:20 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Leadertech
[2011.11.20 19:31:03 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Macromedia
[2012.07.02 19:45:19 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Media Center Programs
[2012.06.26 09:24:20 | 000,000,000 | --SD | M] -- C:\Users\Nina\AppData\Roaming\Microsoft
[2012.03.23 14:08:22 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Mozilla
[2012.05.11 11:50:00 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\SAP
[2012.06.26 16:24:02 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Skype
[2012.04.24 13:03:19 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\SmarThru4
[2012.05.03 16:14:23 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\SmartTools
[2011.11.20 18:02:16 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\SpeedProject
[2011.11.20 17:31:55 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Synaptics
[2012.02.08 15:51:20 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Systemberatung Schommer
[2011.12.07 10:56:15 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Thunderbird
[2011.11.20 18:15:35 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\TuneUp Software
[2011.11.21 00:29:05 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\Ubisoft
[2012.06.06 23:20:15 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\vlc
[2011.11.20 19:27:13 | 000,000,000 | ---D | M] -- C:\Users\Nina\AppData\Roaming\WindSolutions
 
< %APPDATA%\*.exe /s >
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Nina\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\Nina\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\Nina\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.05.03 11:48:55 | 006,220,536 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\install_eur11.exe
[2012.05.03 11:49:09 | 005,924,512 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gst11.exe
[2012.05.03 11:49:01 | 005,858,552 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gstz11.exe
[2012.03.02 13:15:27 | 004,643,176 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_10_8086_8394.exe
[2012.05.03 11:49:17 | 004,277,888 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_10_8394_8623.exe
[2012.03.02 13:15:34 | 004,642,088 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_11_8086_8394.exe
[2012.05.03 11:49:25 | 004,277,648 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_11_8394_8623.exe
[2012.03.02 13:15:40 | 004,673,064 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_12_8086_8394.exe
[2012.05.03 11:49:32 | 004,267,680 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_12_8394_8623.exe
[2012.03.02 13:15:48 | 004,691,768 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_09_8086_8394.exe
[2012.05.03 11:49:39 | 004,322,312 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_09_8394_8623.exe
[2012.03.02 13:15:54 | 004,700,176 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_10_8086_8394.exe
[2012.05.03 11:49:45 | 004,324,088 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_10_8394_8623.exe
[2012.03.02 13:16:12 | 004,630,968 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gstz_09_8086_8394.exe
[2012.05.03 11:50:11 | 004,279,840 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gstz_09_8394_8623.exe
[2012.03.02 13:16:21 | 004,631,456 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gstz_10_8086_8394.exe
[2012.05.03 11:50:17 | 004,280,832 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gstz_10_8394_8623.exe
[2012.03.02 13:16:00 | 004,637,496 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gst_09_8086_8394.exe
[2012.05.03 11:49:54 | 004,284,600 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gst_09_8394_8623.exe
[2012.03.02 13:16:06 | 004,637,352 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gst_10_8086_8394.exe
[2012.05.03 11:50:02 | 004,283,088 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gst_10_8394_8623.exe
[2012.03.02 13:16:26 | 004,646,376 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_10_8086_8394.exe
[2012.05.03 11:50:23 | 004,275,104 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_10_8394_8623.exe
[2012.03.02 13:16:33 | 004,648,632 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_11_8086_8394.exe
[2012.05.03 11:50:31 | 004,285,872 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_11_8394_8623.exe
[2012.03.02 13:16:40 | 004,702,544 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_12_8086_8394.exe
[2012.05.03 11:50:37 | 004,273,160 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_12_8394_8623.exe
[2012.03.02 13:16:46 | 004,697,488 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_10_8086_8394.exe
[2012.05.03 11:50:44 | 004,308,312 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_10_8394_8623.exe
[2012.03.02 13:16:54 | 004,694,976 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_11_8086_8394.exe
[2012.05.03 11:50:49 | 004,313,696 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_11_8394_8623.exe
[2012.03.02 13:17:01 | 004,705,456 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_12_8086_8394.exe
[2012.05.03 11:50:55 | 004,326,256 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_12_8394_8623.exe
[2012.03.02 13:17:07 | 004,766,648 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_09_8086_8394.exe
[2012.05.03 11:51:01 | 004,285,984 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_09_8394_8623.exe
[2012.03.02 13:17:14 | 004,766,752 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_10_8086_8394.exe
[2012.05.03 11:51:07 | 004,295,704 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_10_8394_8623.exe
[2012.03.02 13:17:20 | 004,804,264 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_11_8086_8394.exe
[2012.05.03 11:51:14 | 004,291,560 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_11_8394_8623.exe
[2012.03.02 13:15:07 | 007,447,064 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_pica_0_8086_8394.exe
[2012.04.01 00:23:42 | 003,841,784 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_pica_0_8394_8531.exe
[2012.05.03 11:48:37 | 005,575,752 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_pica_0_8531_8623.exe
[2012.03.02 13:17:49 | 004,673,152 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_10_8086_8394.exe
[2012.05.03 11:51:42 | 004,278,392 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_10_8394_8623.exe
[2012.03.02 13:17:56 | 004,658,456 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_11_8086_8394.exe
[2012.05.03 11:51:49 | 004,279,440 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_11_8394_8623.exe
[2012.03.02 13:18:02 | 004,715,656 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_12_8086_8394.exe
[2012.05.03 11:51:55 | 004,292,672 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_12_8394_8623.exe
[2012.03.02 13:17:28 | 004,644,168 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_09_8086_8394.exe
[2012.05.03 11:51:21 | 004,288,728 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_09_8394_8623.exe
[2012.03.02 13:17:34 | 004,646,104 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_10_8086_8394.exe
[2012.05.03 11:51:28 | 004,292,008 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_10_8394_8623.exe
[2012.03.02 13:17:41 | 004,729,840 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_11_8086_8394.exe
[2012.05.03 11:51:35 | 004,298,704 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\Nina\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_11_8394_8623.exe
[2012.01.17 22:03:19 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Nina\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2011.11.20 19:25:39 | 003,461,672 | ---- | M] (WindSolutions) -- C:\Users\Nina\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe
[2011.11.20 19:26:50 | 008,431,256 | ---- | M] (WindSolutions) -- C:\Users\Nina\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransManager.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll

< End of report >
--- --- ---



Vielen Dank,
Nina

cosinus 10.07.2012 22:24
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

babycat 11.07.2012 17:09
Hallo Arne,

vielen Dank, anbei das Log

Code:
# AdwCleaner v1.701 - Logfile created 07/11/2012 at 18:08:29
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : babycat - babycat-PC
# Running from : C:\Users\babycat\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : Web Assistant Updater

***** [Files / Folders] *****

Folder Found : C:\Users\babycat\AppData\LocalLow\Incredibar.com
Folder Found : C:\Program Files\Web Assistant

***** [Registry] *****

Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Found : HKLM\SOFTWARE\Web Assistant
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
[x64] Key Found : HKCU\Software\IM
[x64] Key Found : HKCU\Software\ImInstaller
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
[x64] Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
[x64] Key Found : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
[x64] Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[x64] Key Found : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
[x64] Key Found : HKLM\SOFTWARE\Web Assistant
[x64] Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Registre - GUID] *****

Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
[x64] Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
[x64] Key Found : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
[x64] Key Found : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
[x64] Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
[x64] Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\babycat\AppData\Roaming\Mozilla\Firefox\Profiles\kcqvg8ll.default\prefs.js

Found : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb139?a=6R8xKMJnyv&loc=FF_NT");
Found : user_pref("extensions.incredibar.admin", false);
Found : user_pref("extensions.incredibar.aflt", "orgnl");
Found : user_pref("extensions.incredibar.cntry", "DE");
Found : user_pref("extensions.incredibar.dfltLng", "");
Found : user_pref("extensions.incredibar.dfltSrch", false);
Found : user_pref("extensions.incredibar.did", "10669");
Found : user_pref("extensions.incredibar.envrmnt", "production");
Found : user_pref("extensions.incredibar.excTlbr", false);
Found : user_pref("extensions.incredibar.hdrMd5", "0BE9D29A08051BDEE6C785E75DD9B082");
Found : user_pref("extensions.incredibar.hmpg", false);
Found : user_pref("extensions.incredibar.id", "3688bb0300000000000000211930bb1a");
Found : user_pref("extensions.incredibar.installerproductid", "26");
Found : user_pref("extensions.incredibar.instlDay", "15523");
Found : user_pref("extensions.incredibar.instlRef", "");
Found : user_pref("extensions.incredibar.isDcmntCmplt", true);
Found : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1411:13:13");
Found : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Found : user_pref("extensions.incredibar.newTab", false);
Found : user_pref("extensions.incredibar.noFFXTlbr", false);
Found : user_pref("extensions.incredibar.ppd", "123%5F1");
Found : user_pref("extensions.incredibar.prdct", "incredibar");
Found : user_pref("extensions.incredibar.productid", "26");
Found : user_pref("extensions.incredibar.propectorlck", 79780886);
Found : user_pref("extensions.incredibar.prtkHmpg", 1);
Found : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar.sg", "none");
Found : user_pref("extensions.incredibar.smplGrp", "none");
Found : user_pref("extensions.incredibar.tlbrId", "base");
Found : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8xKMJnyv&loc=IB_T[...]
Found : user_pref("extensions.incredibar.upn2", "6R8xKMJnyv");
Found : user_pref("extensions.incredibar.upn2n", "92824635060394447");
Found : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1411:13:13");
Found : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Found : user_pref("extensions.incredibar_i.dfltLng", "");
Found : user_pref("extensions.incredibar_i.did", "10669");
Found : user_pref("extensions.incredibar_i.excTlbr", false);
Found : user_pref("extensions.incredibar_i.id", "3688bb0300000000000000211930bb1a");
Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Found : user_pref("extensions.incredibar_i.instlDay", "15523");
Found : user_pref("extensions.incredibar_i.instlRef", "");
Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Found : user_pref("extensions.incredibar_i.newTab", false);
Found : user_pref("extensions.incredibar_i.ppd", "123%5F1");
Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Found : user_pref("extensions.incredibar_i.productid", "26");
Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Found : user_pref("extensions.incredibar_i.tlbrId", "base");
Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8xKMJnyv&loc=IB[...]
Found : user_pref("extensions.incredibar_i.upn2", "6R8xKMJnyv");
Found : user_pref("extensions.incredibar_i.upn2n", "92824635060394447");
Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1411:13:13");
Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Found : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6R8xKMJnyv&&i=26&search="[...]
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://us.yhs4.search.y[...]
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.sear[...]
Found : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

*************************

AdwCleaner[R1].txt - [8304 octets] - [11/07/2012 18:08:29]

########## EOF - C:\AdwCleaner[R1].txt - [8432 octets] ##########
Grüße,
Nina

cosinus 11.07.2012 22:12
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

babycat 11.07.2012 23:08
Hallo Arne,

vielen Dank, anbei das Log:

Code:
# AdwCleaner v1.701 - Logfile created 07/11/2012 at 23:37:44
# Updated 02/07/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : babycat - babycat-PC
# Running from : C:\Users\babycat\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Web Assistant Updater

***** [Files / Folders] *****

Folder Deleted : C:\Users\babycat\AppData\LocalLow\Incredibar.com
Folder Deleted : C:\Program Files\Web Assistant

***** [Registry] *****

Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Key Deleted : HKLM\SOFTWARE\Web Assistant
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
[x64] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
[x64] Key Deleted : HKLM\SOFTWARE\Web Assistant

***** [Registre - GUID] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
[x64] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
[x64] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0.1 (de)

Profile name : default
File : C:\Users\babycat\AppData\Roaming\Mozilla\Firefox\Profiles\kcqvg8ll.default\prefs.js

C:\Users\babycat\AppData\Roaming\Mozilla\Firefox\Profiles\kcqvg8ll.default\user.js ... Deleted !

Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb139?a=6R8xKMJnyv&loc=FF_NT");
Deleted : user_pref("extensions.incredibar.admin", false);
Deleted : user_pref("extensions.incredibar.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar.cntry", "DE");
Deleted : user_pref("extensions.incredibar.dfltLng", "");
Deleted : user_pref("extensions.incredibar.dfltSrch", false);
Deleted : user_pref("extensions.incredibar.did", "10669");
Deleted : user_pref("extensions.incredibar.envrmnt", "production");
Deleted : user_pref("extensions.incredibar.excTlbr", false);
Deleted : user_pref("extensions.incredibar.hdrMd5", "0BE9D29A08051BDEE6C785E75DD9B082");
Deleted : user_pref("extensions.incredibar.hmpg", false);
Deleted : user_pref("extensions.incredibar.id", "3688bb0300000000000000211930bb1a");
Deleted : user_pref("extensions.incredibar.installerproductid", "26");
Deleted : user_pref("extensions.incredibar.instlDay", "15523");
Deleted : user_pref("extensions.incredibar.instlRef", "");
Deleted : user_pref("extensions.incredibar.isDcmntCmplt", true);
Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1411:13:13");
Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Deleted : user_pref("extensions.incredibar.newTab", false);
Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);
Deleted : user_pref("extensions.incredibar.ppd", "123%5F1");
Deleted : user_pref("extensions.incredibar.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar.productid", "26");
Deleted : user_pref("extensions.incredibar.propectorlck", 79780886);
Deleted : user_pref("extensions.incredibar.prtkHmpg", 1);
Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar.sg", "none");
Deleted : user_pref("extensions.incredibar.smplGrp", "none");
Deleted : user_pref("extensions.incredibar.tlbrId", "base");
Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8xKMJnyv&loc=IB_T[...]
Deleted : user_pref("extensions.incredibar.upn2", "6R8xKMJnyv");
Deleted : user_pref("extensions.incredibar.upn2n", "92824635060394447");
Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1411:13:13");
Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Deleted : user_pref("extensions.incredibar_i.did", "10669");
Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Deleted : user_pref("extensions.incredibar_i.id", "3688bb0300000000000000211930bb1a");
Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Deleted : user_pref("extensions.incredibar_i.instlDay", "15523");
Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Deleted : user_pref("extensions.incredibar_i.newTab", false);
Deleted : user_pref("extensions.incredibar_i.ppd", "123%5F1");
Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Deleted : user_pref("extensions.incredibar_i.productid", "26");
Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8xKMJnyv&loc=IB[...]
Deleted : user_pref("extensions.incredibar_i.upn2", "6R8xKMJnyv");
Deleted : user_pref("extensions.incredibar_i.upn2n", "92824635060394447");
Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1411:13:13");
Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Deleted : user_pref("keyword.URL", "hxxp://mystart.incredibar.com/mb139/?loc=IB_DS&a=6R8xKMJnyv&&i=26&search="[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_referrer", "hxxp://us.yhs4.search.y[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_temp_referer", "hxxp://us.yhs4.sear[...]
Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

*************************

AdwCleaner[R1].txt - [8395 octets] - [11/07/2012 18:08:29]
AdwCleaner[S1].txt - [7497 octets] - [11/07/2012 23:37:44]

########## EOF - C:\AdwCleaner[S1].txt - [7625 octets] ##########
Danke + Grüße,
Nina

cosinus 12.07.2012 10:27
Incredi müsste nun weg sein oder?


Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
hier steht das Log
CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT

babycat 13.07.2012 09:37
Hallo Arne,

oh man, Log gestern erstellt aber vergessen zu posten :stirn:
Und ja, Incredibar ist jetzt weg :applaus: :singsing:

OTL Logfile:
Code:
OTL logfile created on: 12.07.2012 11:53:02 - Run 3
OTL by OldTimer - Version 3.2.54.0    Folder = C:\Users\babycat\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,99 Gb Total Physical Memory | 2,44 Gb Available Physical Memory | 61,12% Memory free
7,99 Gb Paging File | 6,37 Gb Available in Paging File | 79,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 80,01 Gb Total Space | 22,78 Gb Free Space | 28,47% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 49,91 Gb Free Space | 99,82% Space Free | Partition Type: NTFS
Drive E: | 168,08 Gb Total Space | 54,28 Gb Free Space | 32,29% Space Free | Partition Type: NTFS
Drive I: | 999,63 Mb Total Space | 0,50 Mb Free Space | 0,05% Space Free | Partition Type: FAT
 
Computer Name: babycat-PC | User Name: babycat | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.12 11:45:09 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\babycat\Desktop\OTL(1).exe
PRC - [2012.05.31 10:57:20 | 000,296,672 | ---- | M] (Microsoft Corporation) -- C:\Users\babycat\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
PRC - [2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\babycat\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.05.22 08:38:56 | 000,160,872 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.03.28 01:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
PRC - [2012.03.19 21:58:12 | 000,514,128 | ---- | M] (REINER SCT) -- C:\Windows\SysWOW64\cjpcsc.exe
PRC - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011.11.20 20:29:18 | 002,326,920 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2011.11.11 15:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
PRC - [2011.03.04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010.05.12 18:04:48 | 000,599,480 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\wfcrun32.exe
PRC - [2010.05.12 18:03:22 | 000,300,472 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\Citrix\ICA Client\concentr.exe
PRC - [2009.09.12 22:26:50 | 000,834,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2009.09.12 19:09:48 | 000,357,800 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2009.09.12 19:09:14 | 005,082,488 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2009.08.23 14:47:34 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.09.27 08:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 08:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011.08.12 13:18:56 | 000,342,552 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
MOD - [2011.08.12 13:18:56 | 000,128,536 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
MOD - [2011.08.12 13:18:56 | 000,029,208 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
MOD - [2011.08.12 13:18:54 | 007,956,504 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
MOD - [2011.08.12 13:18:54 | 002,145,304 | ---- | M] () -- C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
MOD - [2006.08.12 13:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.12.02 05:12:11 | 000,165,456 | ---- | M] (Samsung Electronics) [On_Demand | Stopped] -- C:\Windows\SysNative\SUPDSvc2.exe -- (Samsung UPD Service2)
SRV - [2012.06.27 16:42:06 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.06.24 22:03:21 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.03.28 01:14:06 | 000,138,232 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe -- (NIS)
SRV - [2012.03.19 21:58:12 | 000,514,128 | ---- | M] (REINER SCT) [Auto | Running] -- C:\Windows\SysWOW64\cjpcsc.exe -- (cjpcsc)
SRV - [2012.02.15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.18 08:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011.11.20 20:29:18 | 002,326,920 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2011.10.15 10:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.27 16:23:00 | 001,300,264 | ---- | M] (Synaptics, Inc.) [Auto | Running] -- C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe -- (ScrybeUpdater)
SRV - [2011.03.04 13:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010.10.22 14:08:18 | 001,039,360 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2010.10.08 07:18:46 | 000,697,616 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\ipsecd.exe -- (ipsecd)
SRV - [2010.10.08 07:18:46 | 000,056,592 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\dtpd.exe -- (dtpd)
SRV - [2010.10.08 07:18:44 | 000,957,712 | ---- | M] () [Auto | Running] -- C:\Programme\ShrewSoft\VPN Client\iked.exe -- (iked)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.12 19:10:04 | 000,891,848 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.03.09 17:29:44 | 002,232,296 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe -- (AcronisOSSReinstallSvc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.29 08:28:38 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symnets.sys -- (SymNetS)
DRV:64bit: - [2012.03.29 08:28:30 | 001,092,728 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012.03.29 08:06:25 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.03.29 08:03:27 | 000,737,912 | ---- | M] (Symantec Corporation) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012.03.29 08:03:27 | 000,037,496 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\srtspx64.sys -- (SRTSPX) Symantec Real Time Storage Protection (PEL)
DRV:64bit: - [2012.03.27 09:55:06 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.01.18 08:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) Logitech Webcam 500(UVC)
DRV:64bit: - [2012.01.18 08:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.11.30 00:44:29 | 000,167,048 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2011.11.20 20:29:21 | 000,250,400 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2011.11.20 20:29:15 | 001,455,648 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm251.sys -- (tdrpman251) Acronis Try&Decide and Restore Points filter (build 251)
DRV:64bit: - [2011.11.20 20:29:12 | 000,929,312 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2011.11.20 20:29:03 | 000,254,496 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2011.08.02 18:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2011.07.25 20:18:36 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1307010.005\symds64.sys -- (SymDS)
DRV:64bit: - [2011.07.08 01:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.03.31 19:32:00 | 001,424,944 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.03.29 10:50:26 | 000,034,672 | ---- | M] (REINER SCT) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cjusb.sys -- (cjusb)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 13:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2010.12.27 16:36:32 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.09.02 09:18:46 | 000,021,504 | ---- | M] (Shrew Soft Inc) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vfilter.sys -- (vflt)
DRV:64bit: - [2010.09.02 09:18:46 | 000,017,408 | ---- | M] (Shrew Soft Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\virtualnet.sys -- (vnet)
DRV:64bit: - [2010.04.16 17:22:04 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2010.02.08 09:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2010.01.13 17:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2009.09.28 09:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.28 16:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2009.05.18 14:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.26 05:44:40 | 000,053,816 | ---- | M] (Samsung Electronics Co., Ltd.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DgivEcp.sys -- (DgiVecp)
DRV:64bit: - [2008.11.16 19:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2007.10.23 00:58:44 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.sys -- (SSPORT)
DRV:64bit: - [2007.05.09 22:50:48 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007.05.09 22:46:48 | 001,127,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI) Logitech QuickCam IM(PID_PEPI)
DRV:64bit: - [2007.05.09 22:46:36 | 000,016,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV:64bit: - [2007.02.27 15:31:26 | 000,024,576 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\motmodem.sys -- (motmodem)
DRV - [2012.07.12 09:32:57 | 002,068,600 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120711.018\ex64.sys -- (NAVEX15)
DRV - [2012.07.12 09:32:57 | 000,120,440 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120711.018\eng64.sys -- (NAVENG)
DRV - [2012.06.19 02:01:13 | 001,161,376 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120711.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.06.18 20:26:25 | 000,509,088 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120711.001\IDSviA64.sys -- (IDSVia64)
DRV - [2012.05.31 14:17:46 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012.05.31 11:17:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.7.1.5
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.7.1.5
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.7.1.5
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.7.1.5
 
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.7.1.5
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2F AE D8 09 72 F1 CC 01  [binary data]
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=DE&ver=19
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\..\SearchScopes\{FFAD0366-B992-4AF7-BFF8-554948CAFEF6}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.7.1.5
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2F AE D8 09 72 F1 CC 01  [binary data]
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = hxxp://int.search-results.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=NIS&chn=retail&geo=DE&ver=19
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\..\SearchScopes\{FFAD0366-B992-4AF7-BFF8-554948CAFEF6}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..network.proxy.http: "69.60.138.242"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@emc.com/NpDmDataTransfer: C:\Program Files (x86)\eRoom 7\npeRoom7.dll (Documentum, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.02.02 10:05:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2012.07.12 11:48:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.28 22:56:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.27 16:42:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.13 14:44:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.04 10:07:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.11.28 22:56:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.27 16:42:06 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.01.13 14:44:13 | 000,000,000 | ---D | M]
 
[2011.11.20 17:44:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\babycat\AppData\Roaming\mozilla\Extensions
[2012.07.10 20:39:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\babycat\AppData\Roaming\mozilla\Firefox\Profiles\kcqvg8ll.default\extensions
[2012.07.03 12:39:04 | 000,000,000 | ---D | M] (WOT) -- C:\Users\babycat\AppData\Roaming\mozilla\Firefox\Profiles\kcqvg8ll.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.07.10 20:39:20 | 000,000,000 | ---D | M] (FoxClocks) -- C:\Users\babycat\AppData\Roaming\mozilla\Firefox\Profiles\kcqvg8ll.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2011.12.06 18:39:29 | 000,001,919 | ---- | M] () -- C:\Users\babycat\AppData\Roaming\Mozilla\Firefox\Profiles\kcqvg8ll.default\searchplugins\leo-deu-fra.xml
[2011.12.06 18:39:20 | 000,001,911 | ---- | M] () -- C:\Users\babycat\AppData\Roaming\Mozilla\Firefox\Profiles\kcqvg8ll.default\searchplugins\leo-deu-spa.xml
[2011.12.04 23:38:18 | 000,001,180 | ---- | M] () -- C:\Users\babycat\AppData\Roaming\Mozilla\Firefox\Profiles\kcqvg8ll.default\searchplugins\urban-dictionary.xml
[2012.01.01 20:48:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.11.21 00:03:44 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\babycat\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KCQVG8LL.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012.05.14 17:16:18 | 000,115,263 | ---- | M] () (No name found) -- C:\USERS\babycat\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KCQVG8LL.DEFAULT\EXTENSIONS\{DAF44BF7-A45E-4450-979C-91CF07434C3D}.XPI
[2012.02.07 12:58:16 | 000,246,025 | ---- | M] () (No name found) -- C:\USERS\babycat\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KCQVG8LL.DEFAULT\EXTENSIONS\AMZNUWL2@AMAZON.COM.XPI
[2011.12.17 22:29:00 | 000,012,686 | ---- | M] () (No name found) -- C:\USERS\babycat\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KCQVG8LL.DEFAULT\EXTENSIONS\SHOPCLEVER@EXTENSION.XPI
[2012.06.25 10:35:59 | 000,182,698 | ---- | M] () (No name found) -- C:\USERS\babycat\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KCQVG8LL.DEFAULT\EXTENSIONS\STEALTHYEXTENSION@GMAIL.COM.XPI
[2012.06.27 16:42:06 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2010.05.12 17:42:04 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010.05.12 17:43:54 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010.05.12 17:42:52 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010.05.12 17:42:32 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2010.05.12 18:22:36 | 000,423,328 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2010.05.12 17:43:56 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2012.02.01 23:04:47 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.01 23:04:47 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.01 23:04:47 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.01 23:04:47 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.01 23:04:47 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.01 23:04:47 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Samsung BHO Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files (x86)\Samsung AnyWeb Print\W2PBrowser.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000..\Run: [SkyDrive] C:\Users\babycat\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: []  File not found
O4 - HKU\S-1-5-18..\RunOnce: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: []  File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001..\RunOnce: []  File not found
O4 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\babycat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\babycat\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: SmarThru4 Als HTML speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files (x86)\Samsung AnyWeb Print\W2PBrowser.dll ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O16 - DPF: {6E2510E6-BF2D-4C78-9F28-2F5C8760F124} Reg Error: Key error. (ERPageAddin Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1CD6D070-CAD8-4615-A18D-D2DF37A57979}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{271170BB-4899-4877-9F5B-1409564BD169}: DhcpNameServer = 193.189.244.206 193.189.244.225
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{66F37841-F7CF-41E7-9D35-14653D16F00A}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\saphtmlp - No CLSID value found
O18:64bit: - Protocol\Handler\sapr3 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll (SAP, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/x-ica - No CLSID value found
O18:64bit: - Protocol\Filter\ica - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: vidc.i420 - lvcod64.dll (Logitech Inc.)
Drivers32: msacm.ac3acm - C:\Windows\SysWow64\ac3acm.acm (fccHandler)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\Windows\SysWow64\lameACM.acm (hxxp://www.mp3dev.org/)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\Windows\SysWow64\ff_vfw.dll ()
Drivers32: vidc.i420 - C:\Windows\SysWow64\lvcodec2.dll (Logitech Inc.)
Drivers32: VIDC.XVID - C:\Windows\SysWow64\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\Windows\SysWow64\xvidvfw.dll ()
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.12 11:45:04 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\babycat\Desktop\OTL(1).exe
[2012.07.12 11:42:06 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2012.07.05 10:53:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.07.05 10:52:46 | 002,322,184 | ---- | C] (ESET) -- C:\Users\babycat\Desktop\esetsmartinstaller_enu.exe
[2012.07.04 15:33:20 | 000,000,000 | ---D | C] -- C:\Users\babycat\AppData\Local\PDF24
[2012.07.04 10:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
[2012.07.04 10:12:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF24
[2012.07.03 12:49:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in
[2012.07.02 19:45:19 | 000,000,000 | ---D | C] -- C:\Users\babycat\AppData\Roaming\Malwarebytes
[2012.07.02 19:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.02 19:45:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.02 19:45:06 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.02 19:45:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.02 11:13:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Premium
[2012.07.02 11:12:23 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallMate
[2012.06.26 09:24:20 | 000,000,000 | ---D | C] -- C:\Users\babycat\AppData\Local\Macromedia
[2012.01.09 17:03:32 | 000,092,064 | ---- | C] (MCCI) -- C:\Users\babycat\mqdmmdm.sys
[2012.01.09 17:03:32 | 000,079,328 | ---- | C] (MCCI) -- C:\Users\babycat\mqdmserd.sys
[2012.01.09 17:03:32 | 000,066,656 | ---- | C] (MCCI) -- C:\Users\babycat\mqdmbus.sys
[2012.01.09 17:03:32 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Users\babycat\usbsermptxp.sys
[2012.01.09 17:03:32 | 000,022,768 | ---- | C] (Microsoft Corporation) -- C:\Users\babycat\usbsermpt.sys
[2012.01.09 17:03:32 | 000,009,232 | ---- | C] (MCCI) -- C:\Users\babycat\mqdmmdfl.sys
[2012.01.09 17:03:32 | 000,006,208 | ---- | C] (MCCI) -- C:\Users\babycat\mqdmcmnt.sys
[2012.01.09 17:03:32 | 000,005,936 | ---- | C] (MCCI) -- C:\Users\babycat\mqdmwhnt.sys
[2012.01.09 17:03:32 | 000,004,048 | ---- | C] (MCCI) -- C:\Users\babycat\mqdmcr.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.12 12:03:33 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.07.12 11:56:27 | 000,013,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.12 11:56:27 | 000,013,904 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.12 11:48:18 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.12 11:47:56 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2012.07.12 11:47:38 | 3216,986,112 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.12 11:45:09 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\babycat\Desktop\OTL(1).exe
[2012.07.12 11:43:56 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.12 11:43:56 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.12 11:43:56 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.12 11:43:56 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.12 11:43:56 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.12 09:11:06 | 000,354,560 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.11 18:07:51 | 000,618,655 | ---- | M] () -- C:\Users\babycat\Desktop\adwcleaner.exe
[2012.07.05 10:52:47 | 002,322,184 | ---- | M] (ESET) -- C:\Users\babycat\Desktop\esetsmartinstaller_enu.exe
[2012.07.04 10:14:47 | 000,072,822 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.07.04 10:14:46 | 000,072,822 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2012.07.04 10:13:22 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.07.04 10:13:18 | 000,001,872 | ---- | M] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.07.02 20:18:09 | 000,000,000 | ---- | M] () -- C:\Users\babycat\defogger_reenable
[2012.07.02 19:45:09 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.02 11:13:16 | 000,000,454 | ---- | M] () -- C:\user.js
[2012.06.26 16:24:46 | 000,011,386 | ---- | M] () -- C:\Users\babycat\AppData\Roaming\SmarThruOptions.xml
[2012.06.24 21:26:54 | 000,001,047 | ---- | M] () -- C:\Users\babycat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.06.24 21:26:27 | 000,001,013 | ---- | M] () -- C:\Users\babycat\Desktop\Dropbox.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.11 18:07:51 | 000,618,655 | ---- | C] () -- C:\Users\babycat\Desktop\adwcleaner.exe
[2012.07.04 10:14:47 | 000,072,822 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2012.07.04 10:14:46 | 000,072,822 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.07.04 10:13:20 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Fax.lnk
[2012.07.04 10:13:16 | 000,001,872 | ---- | C] () -- C:\Users\Public\Desktop\PDF24 Editor.lnk
[2012.07.02 20:18:09 | 000,000,000 | ---- | C] () -- C:\Users\babycat\defogger_reenable
[2012.07.02 19:45:08 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.07.02 11:13:15 | 000,000,454 | ---- | C] () -- C:\user.js
[2012.06.06 22:45:29 | 000,003,584 | ---- | C] () -- C:\Users\babycat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.04.24 13:03:17 | 000,011,386 | ---- | C] () -- C:\Users\babycat\AppData\Roaming\SmarThruOptions.xml
[2012.04.24 13:03:03 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe
[2012.04.24 13:02:53 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\SecSNMP.dll
[2012.04.24 13:02:36 | 000,000,136 | ---- | C] () -- C:\Windows\Readiris.ini
[2012.04.24 13:02:35 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll
[2012.04.19 16:43:22 | 000,260,688 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2012.04.19 16:34:44 | 000,142,128 | ---- | C] () -- C:\Windows\wiainst64.exe
[2012.03.31 14:52:04 | 000,000,396 | ---- | C] () -- C:\Windows\hbcikrnl.ini
[2012.03.31 14:51:52 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\SerialXP.dll
[2012.03.31 14:51:52 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\win32com.dll
[2012.02.15 16:02:33 | 000,000,600 | ---- | C] () -- C:\Users\babycat\AppData\Local\PUTTY.RND
[2012.01.18 08:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll
[2012.01.18 08:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll
[2012.01.18 08:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe
[2012.01.17 12:43:34 | 000,038,355 | ---- | C] () -- C:\Users\babycat\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2012.01.09 17:11:03 | 000,007,201 | ---- | C] () -- C:\Users\babycat\1326121863-(null)
[2012.01.09 17:03:32 | 000,009,913 | ---- | C] () -- C:\Users\babycat\MCCI_MDM.INF
[2012.01.09 17:03:32 | 000,009,232 | ---- | C] () -- C:\Users\babycat\USB_MOT_BRIT.INF
[2012.01.09 17:03:32 | 000,007,201 | ---- | C] () -- C:\Users\babycat\USBMOT2000.INF
[2012.01.09 17:03:32 | 000,006,989 | ---- | C] () -- C:\Users\babycat\MCCI_BUS.INF
[2012.01.09 17:03:32 | 000,006,141 | ---- | C] () -- C:\Users\babycat\USBMOT2000XP.INF
[2012.01.09 17:03:32 | 000,005,960 | ---- | C] () -- C:\Users\babycat\USB_MOT_A1000.INF
[2012.01.09 17:03:32 | 000,005,880 | ---- | C] () -- C:\Users\babycat\USB_CMCS_2000.INF
[2012.01.09 17:03:32 | 000,004,477 | ---- | C] () -- C:\Users\babycat\MCCI_SDM.INF
[2012.01.09 12:31:00 | 001,064,960 | ---- | C] () -- C:\Windows\SysWow64\h5krnl32.dll
[2012.01.09 12:31:00 | 000,188,928 | ---- | C] () -- C:\Windows\SysWow64\h5icon32.dll
[2012.01.09 12:31:00 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\h5menu32.dll
[2012.01.09 12:31:00 | 000,095,744 | ---- | C] () -- C:\Windows\SysWow64\h5rtf32.dll
[2012.01.09 12:31:00 | 000,051,200 | ---- | C] () -- C:\Windows\SysWow64\h5tool32.dll
[2011.12.04 22:52:31 | 000,000,575 | ---- | C] () -- C:\Windows\hpwmdl21.dat.temp
[2011.11.28 22:52:43 | 000,252,159 | ---- | C] () -- C:\Windows\hpwins21.dat
[2011.11.28 22:52:43 | 000,000,575 | ---- | C] () -- C:\Windows\hpwmdl21.dat
[2011.11.22 00:20:49 | 000,007,599 | ---- | C] () -- C:\Users\babycat\AppData\Local\Resmon.ResmonCfg
[2011.11.20 17:54:13 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.11.20 17:54:11 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.11.20 17:54:11 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.11.20 17:54:11 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.11.20 17:29:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
 
========== LOP Check ==========
 
[2011.11.20 19:12:23 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\90499BF8-CE1E-47CB-9EEA-4B39DD43956F
[2011.11.20 20:34:01 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\Acronis
[2012.02.15 17:56:07 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\ASCOMP Software
[2012.05.06 00:32:08 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\calibre
[2011.11.20 19:23:21 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\Canneverbe Limited
[2012.07.12 11:50:02 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\Dropbox
[2012.02.29 01:10:11 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\elsterformular
[2012.01.17 21:40:59 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\ICAClient
[2011.11.20 19:40:13 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\ID3-TagIT 3
[2012.01.17 22:03:20 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\Leadertech
[2012.05.11 11:50:00 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\SAP
[2012.04.24 13:03:19 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\SmarThru4
[2012.05.03 16:14:23 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\SmartTools
[2011.11.20 18:02:16 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\SpeedProject
[2011.11.20 17:31:55 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\Synaptics
[2012.02.08 15:51:20 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\Systemberatung Schommer
[2011.12.07 10:56:15 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\Thunderbird
[2011.11.20 18:15:35 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\TuneUp Software
[2011.11.21 00:29:05 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\Ubisoft
[2011.11.20 19:27:13 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\WindSolutions
[2012.02.15 08:54:29 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2011.11.20 19:12:23 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\90499BF8-CE1E-47CB-9EEA-4B39DD43956F
[2011.11.20 20:34:01 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\Acronis
[2011.11.20 19:31:03 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\Adobe
[2012.04.02 21:05:03 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\Apple Computer
[2012.02.15 17:56:07 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\ASCOMP Software
[2012.05.06 00:32:08 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\calibre
[2011.11.20 19:23:21 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\Canneverbe Limited
[2012.07.12 11:50:02 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\Dropbox
[2012.02.29 01:10:11 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\elsterformular
[2011.12.12 21:30:54 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\HP
[2012.02.06 12:05:09 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\HpUpdate
[2012.01.17 21:40:59 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\ICAClient
[2011.11.20 19:40:13 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\ID3-TagIT 3
[2011.11.20 17:14:48 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\Identities
[2012.04.19 16:31:41 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\InstallShield
[2012.01.17 22:03:20 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\Leadertech
[2011.11.20 19:31:03 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\Macromedia
[2012.07.02 19:45:19 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\Malwarebytes
[2009.07.14 20:18:18 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\Media Center Programs
[2012.06.26 09:24:20 | 000,000,000 | --SD | M] -- C:\Users\babycat\AppData\Roaming\Microsoft
[2012.03.23 14:08:22 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\Mozilla
[2012.05.11 11:50:00 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\SAP
[2012.06.26 16:24:02 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\Skype
[2012.04.24 13:03:19 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\SmarThru4
[2012.05.03 16:14:23 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\SmartTools
[2011.11.20 18:02:16 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\SpeedProject
[2011.11.20 17:31:55 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\Synaptics
[2012.02.08 15:51:20 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\Systemberatung Schommer
[2011.12.07 10:56:15 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\Thunderbird
[2011.11.20 18:15:35 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\TuneUp Software
[2011.11.21 00:29:05 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\Ubisoft
[2012.06.06 23:20:15 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\vlc
[2011.11.20 19:27:13 | 000,000,000 | ---D | M] -- C:\Users\babycat\AppData\Roaming\WindSolutions
 
< %APPDATA%\*.exe /s >
[2012.05.24 20:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\babycat\AppData\Roaming\Dropbox\bin\Dropbox.exe
[2012.05.24 20:39:24 | 000,872,144 | ---- | M] (Dropbox, Inc.) -- C:\Users\babycat\AppData\Roaming\Dropbox\bin\DropboxUpdateHelper.exe
[2012.05.24 20:39:56 | 000,177,280 | ---- | M] (Dropbox, Inc.) -- C:\Users\babycat\AppData\Roaming\Dropbox\bin\Uninstall.exe
[2012.05.03 11:48:55 | 006,220,536 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\install_eur11.exe
[2012.05.03 11:49:09 | 005,924,512 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gst11.exe
[2012.05.03 11:49:01 | 005,858,552 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\install_gstz11.exe
[2012.03.02 13:15:27 | 004,643,176 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_10_8086_8394.exe
[2012.05.03 11:49:17 | 004,277,888 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_10_8394_8623.exe
[2012.03.02 13:15:34 | 004,642,088 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_11_8086_8394.exe
[2012.05.03 11:49:25 | 004,277,648 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_11_8394_8623.exe
[2012.03.02 13:15:40 | 004,673,064 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_12_8086_8394.exe
[2012.05.03 11:49:32 | 004,267,680 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_dfv_12_8394_8623.exe
[2012.03.02 13:15:48 | 004,691,768 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_09_8086_8394.exe
[2012.05.03 11:49:39 | 004,322,312 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_09_8394_8623.exe
[2012.03.02 13:15:54 | 004,700,176 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_10_8086_8394.exe
[2012.05.03 11:49:45 | 004,324,088 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_eur_10_8394_8623.exe
[2012.03.02 13:16:12 | 004,630,968 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gstz_09_8086_8394.exe
[2012.05.03 11:50:11 | 004,279,840 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gstz_09_8394_8623.exe
[2012.03.02 13:16:21 | 004,631,456 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gstz_10_8086_8394.exe
[2012.05.03 11:50:17 | 004,280,832 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gstz_10_8394_8623.exe
[2012.03.02 13:16:00 | 004,637,496 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gst_09_8086_8394.exe
[2012.05.03 11:49:54 | 004,284,600 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gst_09_8394_8623.exe
[2012.03.02 13:16:06 | 004,637,352 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gst_10_8086_8394.exe
[2012.05.03 11:50:02 | 004,283,088 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_gst_10_8394_8623.exe
[2012.03.02 13:16:26 | 004,646,376 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_10_8086_8394.exe
[2012.05.03 11:50:23 | 004,275,104 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_10_8394_8623.exe
[2012.03.02 13:16:33 | 004,648,632 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_11_8086_8394.exe
[2012.05.03 11:50:31 | 004,285,872 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_11_8394_8623.exe
[2012.03.02 13:16:40 | 004,702,544 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_12_8086_8394.exe
[2012.05.03 11:50:37 | 004,273,160 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lsta_12_8394_8623.exe
[2012.03.02 13:16:46 | 004,697,488 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_10_8086_8394.exe
[2012.05.03 11:50:44 | 004,308,312 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_10_8394_8623.exe
[2012.03.02 13:16:54 | 004,694,976 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_11_8086_8394.exe
[2012.05.03 11:50:49 | 004,313,696 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_11_8394_8623.exe
[2012.03.02 13:17:01 | 004,705,456 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_12_8086_8394.exe
[2012.05.03 11:50:55 | 004,326,256 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_lstb_12_8394_8623.exe
[2012.03.02 13:17:07 | 004,766,648 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_09_8086_8394.exe
[2012.05.03 11:51:01 | 004,285,984 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_09_8394_8623.exe
[2012.03.02 13:17:14 | 004,766,752 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_10_8086_8394.exe
[2012.05.03 11:51:07 | 004,295,704 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_10_8394_8623.exe
[2012.03.02 13:17:20 | 004,804,264 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_11_8086_8394.exe
[2012.05.03 11:51:14 | 004,291,560 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_par34a_11_8394_8623.exe
[2012.03.02 13:15:07 | 007,447,064 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_pica_0_8086_8394.exe
[2012.04.01 00:23:42 | 003,841,784 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_pica_0_8394_8531.exe
[2012.05.03 11:48:37 | 005,575,752 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_pica_0_8531_8623.exe
[2012.03.02 13:17:49 | 004,673,152 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_10_8086_8394.exe
[2012.05.03 11:51:42 | 004,278,392 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_10_8394_8623.exe
[2012.03.02 13:17:56 | 004,658,456 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_11_8086_8394.exe
[2012.05.03 11:51:49 | 004,279,440 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_11_8394_8623.exe
[2012.03.02 13:18:02 | 004,715,656 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_12_8086_8394.exe
[2012.05.03 11:51:55 | 004,292,672 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ustva_12_8394_8623.exe
[2012.03.02 13:17:28 | 004,644,168 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_09_8086_8394.exe
[2012.05.03 11:51:21 | 004,288,728 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_09_8394_8623.exe
[2012.03.02 13:17:34 | 004,646,104 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_10_8086_8394.exe
[2012.05.03 11:51:28 | 004,292,008 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_10_8394_8623.exe
[2012.03.02 13:17:41 | 004,729,840 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_11_8086_8394.exe
[2012.05.03 11:51:35 | 004,298,704 | ---- | M] (Landesfinanzdirektion Thueringen) -- C:\Users\babycat\AppData\Roaming\elsterformular\pluginmanager\tmp\update_ust_11_8394_8623.exe
[2012.01.17 22:03:19 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\babycat\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2011.11.20 19:25:39 | 003,461,672 | ---- | M] (WindSolutions) -- C:\Users\babycat\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransControlCenter.exe
[2011.11.20 19:26:50 | 008,431,256 | ---- | M] (WindSolutions) -- C:\Users\babycat\AppData\Roaming\WindSolutions\CopyTransControlCenter\Applications\CopyTransManager.exe
 
< %SYSTEMDRIVE%\*.exe >
 
< MD5 for: AGP440.SYS  >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: IASTORV.SYS  >
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll

< End of report >
--- --- ---

[/CODE]

:dankeschoen:

Grüße,
Nina

cosinus 13.07.2012 20:19
Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)


Code:
:OTL
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..browser.search.selectedEngine: "MyStart Search"
FF - user.js - File not found
O4 - HKU\.DEFAULT..\RunOnce: []  File not found
O4 - HKU\S-1-5-18..\RunOnce: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: []  File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: []  File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001..\RunOnce: []  File not found
O4 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableStatusMessages = 0
O7 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-2113610040-2832984514-1530586175-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
:Files
C:\user.js
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.

Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt.

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

babycat 13.07.2012 23:54
Hallo Arne,

anbei das Log nach dem Fix:

Code:
All processes killed
========== OTL ==========
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Prefs.js: "MyStart Search" removed from browser.search.selectedEngine
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2113610040-2832984514-1530586175-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2113610040-2832984514-1530586175-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\EnableLinkedConnections deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableStatusMessages deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2113610040-2832984514-1530586175-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoInternetOpenWith deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2113610040-2832984514-1530586175-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2113610040-2832984514-1530586175-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2113610040-2832984514-1530586175-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoInternetOpenWith deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2113610040-2832984514-1530586175-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2113610040-2832984514-1530586175-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
========== FILES ==========
C:\user.js moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: babycat
->Temp folder emptied: 2173355453 bytes
->Temporary Internet Files folder emptied: 110870926 bytes
->Java cache emptied: 14859533 bytes
->FireFox cache emptied: 739860069 bytes
->Flash cache emptied: 31177 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1533389 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 235665338 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67899 bytes
RecycleBin emptied: 614419407 bytes
 
Total Files Cleaned = 3.710,00 mb
 
 
[EMPTYFLASH]
 
User: All Users
 
User: Default
 
User: Default User
 
User: babycat
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
 
Total Flash Files Cleaned = 0,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.54.0 log created on 07132012_232905

Files\Folders moved on Reboot...
C:\Users\babycat\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...
File C:\Users\babycat\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!

Registry entries deleted on Reboot...
Grüße und vielen Dank,
Nina

cosinus 14.07.2012 13:33
Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html

Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm!

Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet,
Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten.
Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C:) nach, da speichert der TDSS-Killer seine Logs.

Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!

http://saved.im/mtkwmtcxexhp/setting...8_16-25-18.jpg

babycat 16.07.2012 10:05
Hallo Arne,

vielen Dank soweit, anbei das neue Log:

Code:
11:01:49.0382 5880        TDSS rootkit removing tool 2.7.45.0 Jul  9 2012 12:46:35
11:01:49.0444 5880        ============================================================
11:01:49.0444 5880        Current date / time: 2012/07/16 11:01:49.0444
11:01:49.0444 5880        SystemInfo:
11:01:49.0444 5880       
11:01:49.0444 5880        OS Version: 6.1.7601 ServicePack: 1.0
11:01:49.0444 5880        Product type: Workstation
11:01:49.0444 5880        ComputerName: babycat-PC
11:01:49.0444 5880        UserName: babycat
11:01:49.0444 5880        Windows directory: C:\Windows
11:01:49.0444 5880        System windows directory: C:\Windows
11:01:49.0444 5880        Running under WOW64
11:01:49.0444 5880        Processor architecture: Intel x64
11:01:49.0444 5880        Number of processors: 2
11:01:49.0444 5880        Page size: 0x1000
11:01:49.0444 5880        Boot type: Normal boot
11:01:49.0444 5880        ============================================================
11:01:50.0770 5880        Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
11:01:50.0802 5880        ============================================================
11:01:50.0802 5880        \Device\Harddisk0\DR0:
11:01:50.0802 5880        MBR partitions:
11:01:50.0802 5880        \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1F02DC02, BlocksNum 0x63FFABF
11:01:50.0802 5880        \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xA00684E
11:01:50.0802 5880        \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xA00688D, BlocksNum 0x15027375
11:01:50.0802 5880        ============================================================
11:01:50.0817 5880        C: <-> \Device\Harddisk0\DR0\Partition1
11:01:50.0833 5880        D: <-> \Device\Harddisk0\DR0\Partition0
11:01:50.0880 5880        E: <-> \Device\Harddisk0\DR0\Partition2
11:01:50.0880 5880        ============================================================
11:01:50.0880 5880        Initialize success
11:01:50.0880 5880        ============================================================
11:02:08.0882 4348        ============================================================
11:02:08.0882 4348        Scan started
11:02:08.0882 4348        Mode: Manual; SigCheck; TDLFS;
11:02:08.0882 4348        ============================================================
11:02:09.0896 4348        1394ohci        (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
11:02:10.0021 4348        1394ohci - ok
11:02:10.0052 4348        ACPI            (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
11:02:10.0068 4348        ACPI - ok
11:02:10.0099 4348        AcpiPmi        (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
11:02:10.0161 4348        AcpiPmi - ok
11:02:10.0364 4348        AcronisOSSReinstallSvc (7e0275a22a0ce8c448767adb9a287f25) C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
11:02:10.0427 4348        AcronisOSSReinstallSvc ( UnsignedFile.Multi.Generic ) - warning
11:02:10.0427 4348        AcronisOSSReinstallSvc - detected UnsignedFile.Multi.Generic (1)
11:02:10.0567 4348        AcrSch2Svc      (eac4c4cb23ea3c267062f1ea0f9ffbb3) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
11:02:10.0598 4348        AcrSch2Svc - ok
11:02:10.0801 4348        AdobeFlashPlayerUpdateSvc (5e1a953c6472e7bb644892a4d0df5e72) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
11:02:10.0817 4348        AdobeFlashPlayerUpdateSvc - ok
11:02:10.0973 4348        adp94xx        (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
11:02:11.0004 4348        adp94xx - ok
11:02:11.0051 4348        adpahci        (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
11:02:11.0066 4348        adpahci - ok
11:02:11.0113 4348        adpu320        (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
11:02:11.0129 4348        adpu320 - ok
11:02:11.0160 4348        AeLookupSvc    (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
11:02:11.0300 4348        AeLookupSvc - ok
11:02:11.0347 4348        afcdp          (3426a6eaa09077f3ab946fb9ceb85d8e) C:\Windows\system32\DRIVERS\afcdp.sys
11:02:11.0378 4348        afcdp - ok
11:02:11.0581 4348        afcdpsrv        (986a134b1a1770599b7af9354cbb066f) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
11:02:11.0628 4348        afcdpsrv - ok
11:02:11.0784 4348        AFD            (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
11:02:11.0862 4348        AFD - ok
11:02:11.0893 4348        agp440          (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
11:02:11.0909 4348        agp440 - ok
11:02:11.0955 4348        ALG            (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
11:02:12.0018 4348        ALG - ok
11:02:12.0033 4348        aliide          (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
11:02:12.0049 4348        aliide - ok
11:02:12.0065 4348        amdide          (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
11:02:12.0080 4348        amdide - ok
11:02:12.0111 4348        AmdK8          (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
11:02:12.0174 4348        AmdK8 - ok
11:02:12.0189 4348        AmdPPM          (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
11:02:12.0236 4348        AmdPPM - ok
11:02:12.0283 4348        amdsata        (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
11:02:12.0299 4348        amdsata - ok
11:02:12.0330 4348        amdsbs          (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
11:02:12.0345 4348        amdsbs - ok
11:02:12.0361 4348        amdxata        (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
11:02:12.0377 4348        amdxata - ok
11:02:12.0439 4348        AppID          (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
11:02:12.0564 4348        AppID - ok
11:02:12.0595 4348        AppIDSvc        (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
11:02:12.0657 4348        AppIDSvc - ok
11:02:12.0720 4348        Appinfo        (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
11:02:12.0767 4348        Appinfo - ok
11:02:12.0876 4348        Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
11:02:12.0891 4348        Apple Mobile Device - ok
11:02:12.0923 4348        arc            (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
11:02:12.0938 4348        arc - ok
11:02:12.0969 4348        arcsas          (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
11:02:12.0985 4348        arcsas - ok
11:02:13.0001 4348        AsyncMac        (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
11:02:13.0079 4348        AsyncMac - ok
11:02:13.0094 4348        atapi          (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
11:02:13.0110 4348        atapi - ok
11:02:13.0203 4348        AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:02:13.0266 4348        AudioEndpointBuilder - ok
11:02:13.0266 4348        AudioSrv        (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
11:02:13.0313 4348        AudioSrv - ok
11:02:13.0359 4348        AxInstSV        (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
11:02:13.0453 4348        AxInstSV - ok
11:02:13.0500 4348        b06bdrv        (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
11:02:13.0547 4348        b06bdrv - ok
11:02:13.0593 4348        b57nd60a        (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
11:02:13.0656 4348        b57nd60a - ok
11:02:13.0703 4348        BDESVC          (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
11:02:13.0734 4348        BDESVC - ok
11:02:13.0781 4348        Beep            (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
11:02:13.0843 4348        Beep - ok
11:02:13.0937 4348        BFE            (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
11:02:13.0983 4348        BFE - ok
11:02:14.0186 4348        BHDrvx64        (c8ab71a5102d0fc103f6dfc750005137) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120711.002\BHDrvx64.sys
11:02:14.0217 4348        BHDrvx64 - ok
11:02:14.0373 4348        BITS            (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
11:02:14.0436 4348        BITS - ok
11:02:14.0483 4348        blbdrive        (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
11:02:14.0514 4348        blbdrive - ok
11:02:15.0029 4348        Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
11:02:15.0075 4348        Bonjour Service - ok
11:02:15.0107 4348        bowser          (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
11:02:15.0153 4348        bowser - ok
11:02:15.0169 4348        BrFiltLo        (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:02:15.0231 4348        BrFiltLo - ok
11:02:15.0247 4348        BrFiltUp        (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:02:15.0263 4348        BrFiltUp - ok
11:02:15.0325 4348        Browser        (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
11:02:15.0387 4348        Browser - ok
11:02:15.0434 4348        Brserid        (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
11:02:15.0497 4348        Brserid - ok
11:02:15.0512 4348        BrSerWdm        (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
11:02:15.0543 4348        BrSerWdm - ok
11:02:15.0559 4348        BrUsbMdm        (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:02:15.0575 4348        BrUsbMdm - ok
11:02:15.0606 4348        BrUsbSer        (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
11:02:15.0668 4348        BrUsbSer - ok
11:02:15.0731 4348        BthEnum        (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
11:02:15.0777 4348        BthEnum - ok
11:02:15.0793 4348        BTHMODEM        (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
11:02:15.0824 4348        BTHMODEM - ok
11:02:15.0855 4348        BthPan          (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
11:02:15.0887 4348        BthPan - ok
11:02:15.0965 4348        BTHPORT        (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
11:02:15.0996 4348        BTHPORT - ok
11:02:16.0027 4348        bthserv        (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
11:02:16.0074 4348        bthserv - ok
11:02:16.0089 4348        BTHUSB          (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
11:02:16.0121 4348        BTHUSB - ok
11:02:16.0214 4348        ccSet_NIS      (0e1737a63aec0f6de231bb59836c0a11) C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys
11:02:16.0230 4348        ccSet_NIS - ok
11:02:16.0261 4348        cdfs            (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
11:02:16.0308 4348        cdfs - ok
11:02:16.0370 4348        cdrom          (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
11:02:16.0386 4348        cdrom - ok
11:02:16.0448 4348        CertPropSvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:02:16.0526 4348        CertPropSvc - ok
11:02:16.0557 4348        circlass        (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
11:02:16.0589 4348        circlass - ok
11:02:16.0760 4348        cjpcsc          (ed81e81752ca817afa740c14ad05bc6c) C:\Windows\SysWOW64\cjpcsc.exe
11:02:16.0791 4348        cjpcsc - ok
11:02:16.0838 4348        cjusb          (06e1f5228399fc49a8d026da38db6784) C:\Windows\system32\DRIVERS\cjusb.sys
11:02:16.0854 4348        cjusb - ok
11:02:16.0901 4348        CLFS            (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
11:02:16.0916 4348        CLFS - ok
11:02:16.0979 4348        clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:02:16.0994 4348        clr_optimization_v2.0.50727_32 - ok
11:02:17.0057 4348        clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
11:02:17.0072 4348        clr_optimization_v2.0.50727_64 - ok
11:02:17.0181 4348        clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:02:17.0197 4348        clr_optimization_v4.0.30319_32 - ok
11:02:17.0228 4348        clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
11:02:17.0244 4348        clr_optimization_v4.0.30319_64 - ok
11:02:17.0275 4348        CmBatt          (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
11:02:17.0306 4348        CmBatt - ok
11:02:17.0353 4348        cmdide          (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
11:02:17.0369 4348        cmdide - ok
11:02:17.0415 4348        CNG            (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
11:02:17.0447 4348        CNG - ok
11:02:17.0462 4348        Compbatt        (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
11:02:17.0478 4348        Compbatt - ok
11:02:17.0540 4348        CompositeBus    (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
11:02:17.0571 4348        CompositeBus - ok
11:02:17.0587 4348        COMSysApp - ok
11:02:17.0618 4348        cpuz135        (76355d5eafdfa3e9b7580b9153de1f30) C:\Windows\system32\drivers\cpuz135_x64.sys
11:02:17.0634 4348        cpuz135 - ok
11:02:17.0696 4348        crcdisk        (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
11:02:17.0712 4348        crcdisk - ok
11:02:17.0759 4348        CryptSvc        (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
11:02:17.0805 4348        CryptSvc - ok
11:02:17.0883 4348        ctxusbm        (ba8e5b2291c01ef71ca80e25f0c79d55) C:\Windows\system32\DRIVERS\ctxusbm.sys
11:02:17.0899 4348        ctxusbm - ok
11:02:17.0930 4348        CVirtA          (44bddeb03c84a1c993c992ffb5700357) C:\Windows\system32\DRIVERS\CVirtA64.sys
11:02:17.0946 4348        CVirtA - ok
11:02:18.0086 4348        CVPND          (98c413e1a2fb6e5a4c101c25b3d0b275) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
11:02:18.0133 4348        CVPND - ok
11:02:18.0273 4348        CVPNDRVA        (79af0e203d089af442a3f70ed00a37fb) C:\Windows\system32\Drivers\CVPNDRVA.sys
11:02:18.0289 4348        CVPNDRVA - ok
11:02:18.0351 4348        DcomLaunch      (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:02:18.0398 4348        DcomLaunch - ok
11:02:18.0445 4348        defragsvc      (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
11:02:18.0492 4348        defragsvc - ok
11:02:18.0554 4348        DfsC            (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
11:02:18.0601 4348        DfsC - ok
11:02:18.0679 4348        DgiVecp        (2d589a2c024b2fb238535db9f7b3597d) C:\Windows\system32\Drivers\DgiVecp.sys
11:02:18.0695 4348        DgiVecp - ok
11:02:18.0757 4348        Dhcp            (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
11:02:18.0788 4348        Dhcp - ok
11:02:18.0819 4348        discache        (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
11:02:18.0866 4348        discache - ok
11:02:18.0897 4348        Disk            (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
11:02:18.0913 4348        Disk - ok
11:02:18.0960 4348        DNE            (05cb5910b3ca6019fc3cca815ee06ffb) C:\Windows\system32\DRIVERS\dne64x.sys
11:02:18.0975 4348        DNE - ok
11:02:19.0007 4348        Dnscache        (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
11:02:19.0053 4348        Dnscache - ok
11:02:19.0085 4348        dot3svc        (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
11:02:19.0147 4348        dot3svc - ok
11:02:19.0194 4348        Dot4            (b42ed0320c6e41102fde0005154849bb) C:\Windows\system32\DRIVERS\Dot4.sys
11:02:19.0225 4348        Dot4 - ok
11:02:19.0256 4348        Dot4Print      (e9f5969233c5d89f3c35e3a66a52a361) C:\Windows\system32\DRIVERS\Dot4Prt.sys
11:02:19.0287 4348        Dot4Print - ok
11:02:19.0303 4348        dot4usb        (fd05a02b0370bc3000f402e543ca5814) C:\Windows\system32\DRIVERS\dot4usb.sys
11:02:19.0334 4348        dot4usb - ok
11:02:19.0381 4348        DPS            (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
11:02:19.0428 4348        DPS - ok
11:02:19.0459 4348        drmkaud        (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
11:02:19.0475 4348        drmkaud - ok
11:02:19.0537 4348        dtpd - ok
11:02:19.0615 4348        DXGKrnl        (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
11:02:19.0646 4348        DXGKrnl - ok
11:02:19.0693 4348        EapHost        (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
11:02:19.0740 4348        EapHost - ok
11:02:19.0911 4348        ebdrv          (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
11:02:19.0989 4348        ebdrv - ok
11:02:20.0145 4348        eeCtrl          (ba6420c1f7070ed8f1ba372844f3e1ec) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
11:02:20.0177 4348        eeCtrl - ok
11:02:20.0255 4348        EFS            (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
11:02:20.0333 4348        EFS - ok
11:02:20.0411 4348        ehRecvr        (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
11:02:20.0473 4348        ehRecvr - ok
11:02:20.0520 4348        ehSched        (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
11:02:20.0551 4348        ehSched - ok
11:02:20.0613 4348        elxstor        (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
11:02:20.0645 4348        elxstor - ok
11:02:20.0769 4348        EraserSvc11210  (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
11:02:20.0785 4348        EraserSvc11210 - ok
11:02:20.0879 4348        EraserUtilRebootDrv (1343df3451bc0c442dc69837c6fba21b) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
11:02:20.0894 4348        EraserUtilRebootDrv - ok
11:02:20.0925 4348        ErrDev          (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
11:02:20.0957 4348        ErrDev - ok
11:02:21.0019 4348        EventSystem    (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
11:02:21.0066 4348        EventSystem - ok
11:02:21.0097 4348        exfat          (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
11:02:21.0159 4348        exfat - ok
11:02:21.0175 4348        fastfat        (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
11:02:21.0237 4348        fastfat - ok
11:02:21.0315 4348        Fax            (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
11:02:21.0362 4348        Fax - ok
11:02:21.0378 4348        fdc            (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
11:02:21.0409 4348        fdc - ok
11:02:21.0440 4348        fdPHost        (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
11:02:21.0487 4348        fdPHost - ok
11:02:21.0503 4348        FDResPub        (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
11:02:21.0565 4348        FDResPub - ok
11:02:21.0581 4348        FileInfo        (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
11:02:21.0596 4348        FileInfo - ok
11:02:21.0643 4348        Filetrace      (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
11:02:21.0690 4348        Filetrace - ok
11:02:21.0705 4348        flpydisk        (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
11:02:21.0721 4348        flpydisk - ok
11:02:21.0783 4348        FltMgr          (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
11:02:21.0815 4348        FltMgr - ok
11:02:21.0893 4348        FontCache      (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
11:02:21.0955 4348        FontCache - ok
11:02:22.0033 4348        FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
11:02:22.0049 4348        FontCache3.0.0.0 - ok
11:02:22.0080 4348        FsDepends      (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
11:02:22.0095 4348        FsDepends - ok
11:02:22.0127 4348        Fs_Rec          (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
11:02:22.0142 4348        Fs_Rec - ok
11:02:22.0205 4348        fvevol          (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
11:02:22.0236 4348        fvevol - ok
11:02:22.0267 4348        gagp30kx        (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:02:22.0283 4348        gagp30kx - ok
11:02:22.0298 4348        GEARAspiWDM    (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
11:02:22.0314 4348        GEARAspiWDM - ok
11:02:22.0376 4348        gpsvc          (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
11:02:22.0439 4348        gpsvc - ok
11:02:22.0517 4348        gusvc          (c1b577b2169900f4cf7190c39f085794) C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
11:02:22.0532 4348        gusvc - ok
11:02:22.0563 4348        hcw85cir        (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
11:02:22.0641 4348        hcw85cir - ok
11:02:22.0719 4348        HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
11:02:22.0751 4348        HdAudAddService - ok
11:02:22.0766 4348        HDAudBus        (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
11:02:22.0797 4348        HDAudBus - ok
11:02:22.0813 4348        HidBatt        (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
11:02:22.0860 4348        HidBatt - ok
11:02:22.0891 4348        HidBth          (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
11:02:22.0922 4348        HidBth - ok
11:02:22.0938 4348        HidIr          (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
11:02:22.0969 4348        HidIr - ok
11:02:23.0000 4348        hidserv        (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
11:02:23.0047 4348        hidserv - ok
11:02:23.0094 4348        HidUsb          (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
11:02:23.0109 4348        HidUsb - ok
11:02:23.0156 4348        hkmsvc          (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
11:02:23.0187 4348        hkmsvc - ok
11:02:23.0234 4348        HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
11:02:23.0265 4348        HomeGroupListener - ok
11:02:23.0312 4348        HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
11:02:23.0343 4348        HomeGroupProvider - ok
11:02:23.0484 4348        hpqcxs08        (97aac45a375168c6a2297beeb9692e31) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
11:02:23.0499 4348        hpqcxs08 - ok
11:02:23.0531 4348        hpqddsvc        (19a4fb67b1c97ea18edff44340973cd9) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
11:02:23.0546 4348        hpqddsvc - ok
11:02:23.0593 4348        HpSAMD          (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
11:02:23.0609 4348        HpSAMD - ok
11:02:23.0733 4348        HPSLPSVC        (f37882f128efacefe353e0bae2766909) C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
11:02:23.0765 4348        HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
11:02:23.0765 4348        HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
11:02:23.0843 4348        HTTP            (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
11:02:23.0889 4348        HTTP - ok
11:02:23.0921 4348        hwpolicy        (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
11:02:23.0936 4348        hwpolicy - ok
11:02:23.0983 4348        i8042prt        (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
11:02:23.0999 4348        i8042prt - ok
11:02:24.0045 4348        iaStorV        (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
11:02:24.0061 4348        iaStorV - ok
11:02:24.0201 4348        idsvc          (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
11:02:24.0233 4348        idsvc - ok
11:02:24.0373 4348        IDSVia64        (ce0bf35c79e03bb89da6b14fac838605) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120713.001\IDSvia64.sys
11:02:24.0389 4348        IDSVia64 - ok
11:02:24.0513 4348        iirsp          (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
11:02:24.0529 4348        iirsp - ok
11:02:24.0576 4348        iked - ok
11:02:24.0654 4348        IKEEXT          (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
11:02:24.0747 4348        IKEEXT - ok
11:02:24.0794 4348        intelide        (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
11:02:24.0794 4348        intelide - ok
11:02:24.0841 4348        intelppm        (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
11:02:24.0872 4348        intelppm - ok
11:02:24.0903 4348        IPBusEnum      (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
11:02:24.0950 4348        IPBusEnum - ok
11:02:24.0981 4348        IpFilterDriver  (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:02:25.0028 4348        IpFilterDriver - ok
11:02:25.0075 4348        iphlpsvc        (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
11:02:25.0137 4348        iphlpsvc - ok
11:02:25.0169 4348        IPMIDRV        (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
11:02:25.0200 4348        IPMIDRV - ok
11:02:25.0231 4348        IPNAT          (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
11:02:25.0278 4348        IPNAT - ok
11:02:25.0371 4348        iPod Service    (755e4ba6dce627a2683bb7640553c8d6) C:\Program Files\iPod\bin\iPodService.exe
11:02:25.0403 4348        iPod Service - ok
11:02:25.0434 4348        ipsecd - ok
11:02:25.0481 4348        IRENUM          (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
11:02:25.0559 4348        IRENUM - ok
11:02:25.0574 4348        isapnp          (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
11:02:25.0590 4348        isapnp - ok
11:02:25.0637 4348        iScsiPrt        (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
11:02:25.0668 4348        iScsiPrt - ok
11:02:25.0699 4348        kbdclass        (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
11:02:25.0715 4348        kbdclass - ok
11:02:25.0730 4348        kbdhid          (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
11:02:25.0761 4348        kbdhid - ok
11:02:25.0793 4348        KeyIso          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:02:25.0808 4348        KeyIso - ok
11:02:25.0839 4348        KSecDD          (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
11:02:25.0855 4348        KSecDD - ok
11:02:25.0886 4348        KSecPkg        (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
11:02:25.0902 4348        KSecPkg - ok
11:02:25.0933 4348        ksthunk        (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
11:02:25.0980 4348        ksthunk - ok
11:02:26.0027 4348        KtmRm          (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
11:02:26.0073 4348        KtmRm - ok
11:02:26.0151 4348        LanmanServer    (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
11:02:26.0198 4348        LanmanServer - ok
11:02:26.0229 4348        LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
11:02:26.0276 4348        LanmanWorkstation - ok
11:02:26.0323 4348        lltdio          (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
11:02:26.0354 4348        lltdio - ok
11:02:26.0385 4348        lltdsvc        (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
11:02:26.0432 4348        lltdsvc - ok
11:02:26.0448 4348        lmhosts        (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
11:02:26.0479 4348        lmhosts - ok
11:02:26.0510 4348        LSI_FC          (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:02:26.0526 4348        LSI_FC - ok
11:02:26.0557 4348        LSI_SAS        (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:02:26.0573 4348        LSI_SAS - ok
11:02:26.0588 4348        LSI_SAS2        (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:02:26.0604 4348        LSI_SAS2 - ok
11:02:26.0666 4348        LSI_SCSI        (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:02:26.0682 4348        LSI_SCSI - ok
11:02:26.0713 4348        luafv          (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
11:02:26.0760 4348        luafv - ok
11:02:26.0807 4348        lvpepf64        (4cb64d7458abd8396bcd389a69c8fc80) C:\Windows\system32\DRIVERS\lv302a64.sys
11:02:26.0822 4348        lvpepf64 - ok
11:02:26.0869 4348        LVRS64          (0c85b2b6fb74b36a251792d45e0ef860) C:\Windows\system32\DRIVERS\lvrs64.sys
11:02:26.0900 4348        LVRS64 - ok
11:02:26.0916 4348        LVUSBS64        (0034f69d0007d3f77f6b96fa51228e85) C:\Windows\system32\DRIVERS\LVUSBS64.sys
11:02:26.0931 4348        LVUSBS64 - ok
11:02:27.0212 4348        LVUVC64        (ff3a488924b0032b1a9ca6948c1fa9e8) C:\Windows\system32\DRIVERS\lvuvc64.sys
11:02:27.0368 4348        LVUVC64 - ok
11:02:27.0524 4348        MBAMProtector  (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
11:02:27.0540 4348        MBAMProtector - ok
11:02:27.0649 4348        MBAMService    (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
11:02:27.0680 4348        MBAMService - ok
11:02:27.0711 4348        Mcx2Svc        (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
11:02:27.0758 4348        Mcx2Svc - ok
11:02:27.0774 4348        megasas        (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
11:02:27.0789 4348        megasas - ok
11:02:27.0821 4348        MegaSR          (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
11:02:27.0836 4348        MegaSR - ok
11:02:27.0867 4348        MMCSS          (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:02:27.0914 4348        MMCSS - ok
11:02:27.0930 4348        Modem          (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
11:02:27.0977 4348        Modem - ok
11:02:28.0008 4348        monitor        (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
11:02:28.0039 4348        monitor - ok
11:02:28.0086 4348        motmodem        (81d8c94ccbf6cdbd70413dca63c02ae4) C:\Windows\system32\DRIVERS\motmodem.sys
11:02:28.0133 4348        motmodem - ok
11:02:28.0179 4348        mouclass        (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
11:02:28.0195 4348        mouclass - ok
11:02:28.0226 4348        mouhid          (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
11:02:28.0257 4348        mouhid - ok
11:02:28.0304 4348        mountmgr        (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
11:02:28.0320 4348        mountmgr - ok
11:02:28.0398 4348        MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
11:02:28.0413 4348        MozillaMaintenance - ok
11:02:28.0460 4348        mpio            (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
11:02:28.0476 4348        mpio - ok
11:02:28.0507 4348        mpsdrv          (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
11:02:28.0538 4348        mpsdrv - ok
11:02:28.0616 4348        MpsSvc          (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
11:02:28.0663 4348        MpsSvc - ok
11:02:28.0710 4348        MRxDAV          (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
11:02:28.0741 4348        MRxDAV - ok
11:02:28.0772 4348        mrxsmb          (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:02:28.0803 4348        mrxsmb - ok
11:02:28.0835 4348        mrxsmb10        (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:02:28.0866 4348        mrxsmb10 - ok
11:02:28.0897 4348        mrxsmb20        (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:02:28.0913 4348        mrxsmb20 - ok
11:02:28.0944 4348        msahci          (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
11:02:28.0959 4348        msahci - ok
11:02:29.0006 4348        msdsm          (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
11:02:29.0022 4348        msdsm - ok
11:02:29.0053 4348        MSDTC          (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
11:02:29.0084 4348        MSDTC - ok
11:02:29.0131 4348        Msfs            (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
11:02:29.0162 4348        Msfs - ok
11:02:29.0178 4348        mshidkmdf      (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
11:02:29.0225 4348        mshidkmdf - ok
11:02:29.0256 4348        msisadrv        (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
11:02:29.0271 4348        msisadrv - ok
11:02:29.0318 4348        MSiSCSI        (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
11:02:29.0365 4348        MSiSCSI - ok
11:02:29.0381 4348        msiserver - ok
11:02:29.0412 4348        MSKSSRV        (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
11:02:29.0459 4348        MSKSSRV - ok
11:02:29.0474 4348        MSPCLOCK        (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
11:02:29.0521 4348        MSPCLOCK - ok
11:02:29.0537 4348        MSPQM          (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
11:02:29.0583 4348        MSPQM - ok
11:02:29.0630 4348        MsRPC          (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
11:02:29.0661 4348        MsRPC - ok
11:02:29.0708 4348        mssmbios        (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
11:02:29.0708 4348        mssmbios - ok
11:02:29.0755 4348        MSTEE          (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
11:02:29.0802 4348        MSTEE - ok
11:02:29.0817 4348        MTConfig        (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
11:02:29.0833 4348        MTConfig - ok
11:02:29.0864 4348        Mup            (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
11:02:29.0880 4348        Mup - ok
11:02:29.0927 4348        napagent        (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
11:02:29.0989 4348        napagent - ok
11:02:30.0036 4348        NativeWifiP    (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
11:02:30.0067 4348        NativeWifiP - ok
11:02:30.0223 4348        NAVENG          (8043d41f881d6ace40b854ad6e32217f) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120715.009\ENG64.SYS
11:02:30.0239 4348        NAVENG - ok
11:02:30.0363 4348        NAVEX15        (9a9ab2fc45d701daed465d14980f1305) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120715.009\EX64.SYS
11:02:30.0410 4348        NAVEX15 - ok
11:02:30.0597 4348        NDIS            (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
11:02:30.0613 4348        NDIS - ok
11:02:30.0675 4348        NdisCap        (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
11:02:30.0722 4348        NdisCap - ok
11:02:30.0753 4348        NdisTapi        (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
11:02:30.0800 4348        NdisTapi - ok
11:02:30.0831 4348        Ndisuio        (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
11:02:30.0863 4348        Ndisuio - ok
11:02:30.0941 4348        NdisWan        (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
11:02:31.0003 4348        NdisWan - ok
11:02:31.0034 4348        NDProxy        (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
11:02:31.0081 4348        NDProxy - ok
11:02:31.0159 4348        Net Driver HPZ12 (2334dc48997ba203b794df3ee70521db) C:\Windows\system32\HPZinw12.dll
11:02:31.0175 4348        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:02:31.0175 4348        Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:02:31.0206 4348        Netaapl        (6f4607e2333fe21e9e3ff8133a88b35b) C:\Windows\system32\DRIVERS\netaapl64.sys
11:02:31.0237 4348        Netaapl - ok
11:02:31.0284 4348        NetBIOS        (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
11:02:31.0331 4348        NetBIOS - ok
11:02:31.0377 4348        NetBT          (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
11:02:31.0424 4348        NetBT - ok
11:02:31.0455 4348        Netlogon        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:02:31.0471 4348        Netlogon - ok
11:02:31.0518 4348        Netman          (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
11:02:31.0565 4348        Netman - ok
11:02:31.0611 4348        netprofm        (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
11:02:31.0689 4348        netprofm - ok
11:02:31.0799 4348        NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:02:31.0799 4348        NetTcpPortSharing - ok
11:02:32.0220 4348        NETw5s64        (39ede676d17f37af4573c2b33ec28aca) C:\Windows\system32\DRIVERS\NETw5s64.sys
11:02:32.0485 4348        NETw5s64 - ok
11:02:33.0171 4348        netw5v64        (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
11:02:33.0359 4348        netw5v64 - ok
11:02:33.0468 4348        nfrd960        (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
11:02:33.0483 4348        nfrd960 - ok
11:02:33.0624 4348        NIS            (c6948f034d7edabcfa2234d399fc78bc) C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
11:02:33.0639 4348        NIS - ok
11:02:33.0717 4348        NlaSvc          (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
11:02:33.0764 4348        NlaSvc - ok
11:02:33.0811 4348        Npfs            (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
11:02:33.0842 4348        Npfs - ok
11:02:33.0873 4348        nsi            (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
11:02:33.0905 4348        nsi - ok
11:02:33.0936 4348        nsiproxy        (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
11:02:33.0983 4348        nsiproxy - ok
11:02:34.0092 4348        Ntfs            (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
11:02:34.0139 4348        Ntfs - ok
11:02:34.0248 4348        Null            (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
11:02:34.0295 4348        Null - ok
11:02:34.0357 4348        NVHDA          (10204955027011e08a9dc27737a48a54) C:\Windows\system32\drivers\nvhda64v.sys
11:02:34.0373 4348        NVHDA - ok
11:02:35.0059 4348        nvlddmkm        (b15258b1f45f9571758ac6bb2f043b01) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:02:35.0465 4348        nvlddmkm - ok
11:02:35.0699 4348        nvraid          (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
11:02:35.0714 4348        nvraid - ok
11:02:35.0745 4348        nvstor          (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
11:02:35.0761 4348        nvstor - ok
11:02:35.0886 4348        nvsvc          (2d7092fec9bd2aca199673bba2ba9277) C:\Windows\system32\nvvsvc.exe
11:02:35.0933 4348        nvsvc - ok
11:02:36.0135 4348        nvUpdatusService (7e22de30e222bfdfcec7e77032baf3cd) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
11:02:36.0198 4348        nvUpdatusService - ok
11:02:36.0307 4348        nv_agp          (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
11:02:36.0323 4348        nv_agp - ok
11:02:36.0447 4348        odserv          (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:02:36.0479 4348        odserv - ok
11:02:36.0510 4348        ohci1394        (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
11:02:36.0541 4348        ohci1394 - ok
11:02:36.0557 4348        ose            (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:02:36.0572 4348        ose - ok
11:02:36.0619 4348        p2pimsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:02:36.0681 4348        p2pimsvc - ok
11:02:36.0713 4348        p2psvc          (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
11:02:36.0728 4348        p2psvc - ok
11:02:36.0759 4348        Parport        (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
11:02:36.0775 4348        Parport - ok
11:02:36.0822 4348        partmgr        (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
11:02:36.0837 4348        partmgr - ok
11:02:36.0853 4348        PcaSvc          (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
11:02:36.0884 4348        PcaSvc - ok
11:02:36.0931 4348        pci            (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
11:02:36.0947 4348        pci - ok
11:02:36.0947 4348        pciide          (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
11:02:36.0962 4348        pciide - ok
11:02:36.0993 4348        pcmcia          (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
11:02:37.0009 4348        pcmcia - ok
11:02:37.0040 4348        pcw            (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
11:02:37.0056 4348        pcw - ok
11:02:37.0087 4348        PEAUTH          (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
11:02:37.0149 4348        PEAUTH - ok
11:02:37.0227 4348        PerfHost        (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
11:02:37.0274 4348        PerfHost - ok
11:02:37.0383 4348        PID_PEPI        (37ea62238e17ae88e4713d9246ca1c1c) C:\Windows\system32\DRIVERS\LV302V64.SYS
11:02:37.0415 4348        PID_PEPI - ok
11:02:37.0493 4348        pla            (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
11:02:37.0571 4348        pla - ok
11:02:37.0649 4348        PlugPlay        (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
11:02:37.0680 4348        PlugPlay - ok
11:02:37.0789 4348        Pml Driver HPZ12 (ac78df349f0e4cfb8b667c0cfff83cce) C:\Windows\system32\HPZipm12.dll
11:02:37.0820 4348        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
11:02:37.0820 4348        Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
11:02:37.0851 4348        PNRPAutoReg    (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
11:02:37.0867 4348        PNRPAutoReg - ok
11:02:37.0898 4348        PNRPsvc        (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
11:02:37.0914 4348        PNRPsvc - ok
11:02:37.0992 4348        PolicyAgent    (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
11:02:38.0039 4348        PolicyAgent - ok
11:02:38.0085 4348        Power          (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
11:02:38.0132 4348        Power - ok
11:02:38.0195 4348        PptpMiniport    (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
11:02:38.0226 4348        PptpMiniport - ok
11:02:38.0257 4348        Processor      (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
11:02:38.0288 4348        Processor - ok
11:02:38.0335 4348        ProfSvc        (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
11:02:38.0382 4348        ProfSvc - ok
11:02:38.0413 4348        ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:02:38.0413 4348        ProtectedStorage - ok
11:02:38.0475 4348        Psched          (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
11:02:38.0522 4348        Psched - ok
11:02:38.0663 4348        ql2300          (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
11:02:38.0694 4348        ql2300 - ok
11:02:38.0834 4348        ql40xx          (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
11:02:38.0850 4348        ql40xx - ok
11:02:38.0881 4348        QWAVE          (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
11:02:38.0928 4348        QWAVE - ok
11:02:38.0943 4348        QWAVEdrv        (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
11:02:38.0975 4348        QWAVEdrv - ok
11:02:39.0006 4348        RasAcd          (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
11:02:39.0037 4348        RasAcd - ok
11:02:39.0084 4348        RasAgileVpn    (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:02:39.0115 4348        RasAgileVpn - ok
11:02:39.0146 4348        RasAuto        (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
11:02:39.0193 4348        RasAuto - ok
11:02:39.0224 4348        Rasl2tp        (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:02:39.0287 4348        Rasl2tp - ok
11:02:39.0333 4348        RasMan          (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
11:02:39.0380 4348        RasMan - ok
11:02:39.0411 4348        RasPppoe        (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
11:02:39.0458 4348        RasPppoe - ok
11:02:39.0474 4348        RasSstp        (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
11:02:39.0536 4348        RasSstp - ok
11:02:39.0583 4348        rdbss          (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
11:02:39.0630 4348        rdbss - ok
11:02:39.0645 4348        rdpbus          (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
11:02:39.0677 4348        rdpbus - ok
11:02:39.0692 4348        RDPCDD          (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:02:39.0723 4348        RDPCDD - ok
11:02:39.0770 4348        RDPENCDD        (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
11:02:39.0801 4348        RDPENCDD - ok
11:02:39.0833 4348        RDPREFMP        (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
11:02:39.0864 4348        RDPREFMP - ok
11:02:39.0895 4348        RDPWD          (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
11:02:39.0957 4348        RDPWD - ok
11:02:40.0004 4348        rdyboost        (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
11:02:40.0035 4348        rdyboost - ok
11:02:40.0067 4348        RemoteAccess    (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
11:02:40.0113 4348        RemoteAccess - ok
11:02:40.0145 4348        RemoteRegistry  (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
11:02:40.0191 4348        RemoteRegistry - ok
11:02:40.0238 4348        RFCOMM          (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
11:02:40.0269 4348        RFCOMM - ok
11:02:40.0301 4348        RpcEptMapper    (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
11:02:40.0332 4348        RpcEptMapper - ok
11:02:40.0363 4348        RpcLocator      (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
11:02:40.0379 4348        RpcLocator - ok
11:02:40.0441 4348        RpcSs          (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
11:02:40.0472 4348        RpcSs - ok
11:02:40.0503 4348        rspndr          (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
11:02:40.0566 4348        rspndr - ok
11:02:40.0613 4348        SABI            (62db6cc4b0818f1b5f3441241b098f12) C:\Windows\system32\Drivers\SABI.sys
11:02:40.0659 4348        SABI - ok
11:02:40.0691 4348        SamSs          (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:02:40.0691 4348        SamSs - ok
11:02:40.0753 4348        Samsung UPD Service2 (2c31378a5695526e99adab928157b992) C:\Windows\System32\SUPDSvc2.exe
11:02:40.0769 4348        Samsung UPD Service2 - ok
11:02:40.0815 4348        sbp2port        (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
11:02:40.0815 4348        sbp2port - ok
11:02:40.0862 4348        SCardSvr        (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
11:02:40.0909 4348        SCardSvr - ok
11:02:40.0956 4348        scfilter        (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
11:02:41.0003 4348        scfilter - ok
11:02:41.0081 4348        Schedule        (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
11:02:41.0143 4348        Schedule - ok
11:02:41.0174 4348        SCPolicySvc    (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
11:02:41.0221 4348        SCPolicySvc - ok
11:02:41.0346 4348        ScrybeUpdater  (b60e9769655ddee8368e3abb6668e076) C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
11:02:41.0377 4348        ScrybeUpdater - ok
11:02:41.0502 4348        SDRSVC          (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
11:02:41.0564 4348        SDRSVC - ok
11:02:41.0595 4348        secdrv          (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
11:02:41.0642 4348        secdrv - ok
11:02:41.0673 4348        seclogon        (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
11:02:41.0720 4348        seclogon - ok
11:02:41.0736 4348        SENS            (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
11:02:41.0783 4348        SENS - ok
11:02:41.0814 4348        SensrSvc        (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
11:02:41.0861 4348        SensrSvc - ok
11:02:41.0876 4348        Serenum        (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
11:02:41.0892 4348        Serenum - ok
11:02:41.0939 4348        Serial          (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
11:02:41.0970 4348        Serial - ok
11:02:42.0001 4348        sermouse        (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
11:02:42.0017 4348        sermouse - ok
11:02:42.0063 4348        SessionEnv      (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
11:02:42.0110 4348        SessionEnv - ok
11:02:42.0141 4348        sffdisk        (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
11:02:42.0188 4348        sffdisk - ok
11:02:42.0204 4348        sffp_mmc        (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
11:02:42.0235 4348        sffp_mmc - ok
11:02:42.0235 4348        sffp_sd        (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
11:02:42.0266 4348        sffp_sd - ok
11:02:42.0297 4348        sfloppy        (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
11:02:42.0313 4348        sfloppy - ok
11:02:42.0344 4348        SharedAccess    (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
11:02:42.0391 4348        SharedAccess - ok
11:02:42.0453 4348        ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
11:02:42.0500 4348        ShellHWDetection - ok
11:02:42.0531 4348        SiSRaid2        (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:02:42.0547 4348        SiSRaid2 - ok
11:02:42.0578 4348        SiSRaid4        (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
11:02:42.0594 4348        SiSRaid4 - ok
11:02:42.0672 4348        SkypeUpdate    (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files (x86)\Skype\Updater\Updater.exe
11:02:42.0687 4348        SkypeUpdate - ok
11:02:42.0719 4348        Smb            (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
11:02:42.0765 4348        Smb - ok
11:02:42.0828 4348        snapman        (446eb38ce4a6d040f548b2f547ca96ff) C:\Windows\system32\DRIVERS\snapman.sys
11:02:42.0843 4348        snapman - ok
11:02:42.0875 4348        SNMPTRAP        (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
11:02:42.0906 4348        SNMPTRAP - ok
11:02:42.0984 4348        speedfan        (12583af6cbe0050651eaf2723b3ad7b3) C:\Windows\syswow64\speedfan.sys
11:02:42.0999 4348        speedfan - ok
11:02:43.0031 4348        spldr          (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
11:02:43.0046 4348        spldr - ok
11:02:43.0093 4348        Spooler        (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
11:02:43.0140 4348        Spooler - ok
11:02:43.0343 4348        sppsvc          (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
11:02:43.0436 4348        sppsvc - ok
11:02:43.0545 4348        sppuinotify    (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
11:02:43.0592 4348        sppuinotify - ok
11:02:43.0701 4348        SRTSP          (06b9a7ba94356ec5207c5ddb59540378) C:\Windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS
11:02:43.0733 4348        SRTSP - ok
11:02:43.0748 4348        SRTSPX          (fbb8945a61e55a2345d12487c74a9d76) C:\Windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS
11:02:43.0748 4348        SRTSPX - ok
11:02:43.0795 4348        srv            (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
11:02:43.0842 4348        srv - ok
11:02:43.0889 4348        srv2            (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
11:02:43.0920 4348        srv2 - ok
11:02:43.0935 4348        srvnet          (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
11:02:43.0951 4348        srvnet - ok
11:02:43.0998 4348        SSDPSRV        (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
11:02:44.0060 4348        SSDPSRV - ok
11:02:44.0107 4348        SSPORT          (0211ab46b73a2623b86c1cfcb30579ab) C:\Windows\system32\Drivers\SSPORT.sys
11:02:44.0123 4348        SSPORT - ok
11:02:44.0138 4348        SstpSvc        (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
11:02:44.0185 4348        SstpSvc - ok
11:02:44.0201 4348        stexstor        (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
11:02:44.0216 4348        stexstor - ok
11:02:44.0247 4348        StillCam        (decacb6921ded1a38642642685d77dac) C:\Windows\system32\DRIVERS\serscan.sys
11:02:44.0279 4348        StillCam - ok
11:02:44.0637 4348        stisvc          (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
11:02:44.0684 4348        stisvc - ok
11:02:44.0731 4348        swenum          (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
11:02:44.0747 4348        swenum - ok
11:02:44.0809 4348        swprv          (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
11:02:44.0856 4348        swprv - ok
11:02:44.0981 4348        SymDS          (8b2430762099598da40686f754632efd) C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS
11:02:44.0996 4348        SymDS - ok
11:02:45.0059 4348        SymEFA          (f90c7a190399165d3ab2245048d34786) C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS
11:02:45.0090 4348        SymEFA - ok
11:02:45.0121 4348        SymEvent        (894579207e39c465737e850a252ce4f2) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
11:02:45.0137 4348        SymEvent - ok
11:02:45.0168 4348        SymIRON        (5013a76caaa1d7cf1c55214b490b4e35) C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS
11:02:45.0183 4348        SymIRON - ok
11:02:45.0215 4348        SymNetS        (3911bd0e68c010e5438a87706abbe9ab) C:\Windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS
11:02:45.0246 4348        SymNetS - ok
11:02:45.0339 4348        SynTP          (8df6c536ece3b538978b53c223ab905d) C:\Windows\system32\DRIVERS\SynTP.sys
11:02:45.0386 4348        SynTP - ok
11:02:45.0558 4348        SysMain        (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
11:02:45.0620 4348        SysMain - ok
11:02:45.0745 4348        TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
11:02:45.0776 4348        TabletInputService - ok
11:02:45.0807 4348        TapiSrv        (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
11:02:45.0870 4348        TapiSrv - ok
11:02:45.0901 4348        TBS            (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
11:02:45.0948 4348        TBS - ok
11:02:46.0119 4348        Tcpip          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
11:02:46.0166 4348        Tcpip - ok
11:02:46.0385 4348        TCPIP6          (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
11:02:46.0416 4348        TCPIP6 - ok
11:02:46.0525 4348        tcpipreg        (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
11:02:46.0587 4348        tcpipreg - ok
11:02:46.0619 4348        TDPIPE          (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
11:02:46.0650 4348        TDPIPE - ok
11:02:46.0759 4348        tdrpman251      (df9179b7bdf0c5b71f9c3d93c016bae5) C:\Windows\system32\DRIVERS\tdrpm251.sys
11:02:46.0790 4348        tdrpman251 - ok
11:02:46.0899 4348        TDTCP          (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
11:02:46.0915 4348        TDTCP - ok
11:02:46.0977 4348        tdx            (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
11:02:47.0009 4348        tdx - ok
11:02:47.0071 4348        TermDD          (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
11:02:47.0071 4348        TermDD - ok
11:02:47.0133 4348        TermService    (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
11:02:47.0196 4348        TermService - ok
11:02:47.0227 4348        Themes          (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
11:02:47.0243 4348        Themes - ok
11:02:47.0274 4348        THREADORDER    (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
11:02:47.0305 4348        THREADORDER - ok
11:02:47.0367 4348        timounter      (f7546ead58cc3000ac02cf9529b9934e) C:\Windows\system32\DRIVERS\timntr.sys
11:02:47.0399 4348        timounter - ok
11:02:47.0445 4348        TrkWks          (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
11:02:47.0492 4348        TrkWks - ok
11:02:47.0555 4348        TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
11:02:47.0601 4348        TrustedInstaller - ok
11:02:47.0633 4348        tssecsrv        (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:02:47.0664 4348        tssecsrv - ok
11:02:47.0711 4348        TsUsbFlt        (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
11:02:47.0757 4348        TsUsbFlt - ok
11:02:47.0804 4348        tunnel          (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
11:02:47.0851 4348        tunnel - ok
11:02:47.0882 4348        uagp35          (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
11:02:47.0898 4348        uagp35 - ok
11:02:47.0945 4348        udfs            (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
11:02:48.0007 4348        udfs - ok
11:02:48.0038 4348        UI0Detect      (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
11:02:48.0069 4348        UI0Detect - ok
11:02:48.0101 4348        uliagpkx        (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
11:02:48.0116 4348        uliagpkx - ok
11:02:48.0179 4348        umbus          (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
11:02:48.0210 4348        umbus - ok
11:02:48.0241 4348        UmPass          (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
11:02:48.0257 4348        UmPass - ok
11:02:48.0366 4348        UMVPFSrv        (67a95b9d129ed5399e7965cd09cf30e7) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
11:02:48.0397 4348        UMVPFSrv - ok
11:02:48.0444 4348        upnphost        (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
11:02:48.0475 4348        upnphost - ok
11:02:48.0506 4348        USBAAPL64      (fb251567f41bc61988b26731dec19e4b) C:\Windows\system32\Drivers\usbaapl64.sys
11:02:48.0553 4348        USBAAPL64 - ok
11:02:48.0584 4348        usbaudio        (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
11:02:48.0600 4348        usbaudio - ok
11:02:48.0647 4348        usbccgp        (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
11:02:48.0678 4348        usbccgp - ok
11:02:48.0725 4348        usbcir          (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
11:02:48.0740 4348        usbcir - ok
11:02:48.0771 4348        usbehci        (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
11:02:48.0803 4348        usbehci - ok
11:02:48.0834 4348        usbhub          (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
11:02:48.0881 4348        usbhub - ok
11:02:48.0881 4348        usbohci        (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
11:02:48.0912 4348        usbohci - ok
11:02:48.0943 4348        usbprint        (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
11:02:48.0990 4348        usbprint - ok
11:02:49.0037 4348        usbscan        (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
11:02:49.0052 4348        usbscan - ok
11:02:49.0083 4348        USBSTOR        (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:02:49.0115 4348        USBSTOR - ok
11:02:49.0161 4348        usbuhci        (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\DRIVERS\usbuhci.sys
11:02:49.0177 4348        usbuhci - ok
11:02:49.0224 4348        usbvideo        (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
11:02:49.0239 4348        usbvideo - ok
11:02:49.0255 4348        UxSms          (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
11:02:49.0317 4348        UxSms - ok
11:02:49.0349 4348        VaultSvc        (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
11:02:49.0349 4348        VaultSvc - ok
11:02:49.0395 4348        vdrvroot        (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
11:02:49.0411 4348        vdrvroot - ok
11:02:49.0473 4348        vds            (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
11:02:49.0505 4348        vds - ok
11:02:49.0567 4348        vflt            (00c7df4f50962ba218ab60d32869100b) C:\Windows\system32\DRIVERS\vfilter.sys
11:02:49.0598 4348        vflt - ok
11:02:49.0895 4348        vga            (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
11:02:49.0910 4348        vga - ok
11:02:49.0926 4348        VgaSave        (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
11:02:49.0973 4348        VgaSave - ok
11:02:50.0004 4348        vhdmp          (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
11:02:50.0019 4348        vhdmp - ok
11:02:50.0035 4348        viaide          (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
11:02:50.0051 4348        viaide - ok
11:02:50.0097 4348        vnet            (a99ca064ad11266fe7067a79bf78bbb5) C:\Windows\system32\DRIVERS\virtualnet.sys
11:02:50.0144 4348        vnet - ok
11:02:50.0160 4348        volmgr          (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
11:02:50.0175 4348        volmgr - ok
11:02:50.0222 4348        volmgrx        (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
11:02:50.0238 4348        volmgrx - ok
11:02:50.0300 4348        volsnap        (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
11:02:50.0316 4348        volsnap - ok
11:02:50.0363 4348        vsmraid        (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
11:02:50.0378 4348        vsmraid - ok
11:02:50.0487 4348        VSS            (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
11:02:50.0565 4348        VSS - ok
11:02:50.0675 4348        vwifibus        (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
11:02:50.0706 4348        vwifibus - ok
11:02:50.0737 4348        vwififlt        (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
11:02:50.0753 4348        vwififlt - ok
11:02:50.0799 4348        W32Time        (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
11:02:50.0831 4348        W32Time - ok
11:02:50.0862 4348        WacomPen        (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
11:02:50.0877 4348        WacomPen - ok
11:02:50.0924 4348        WANARP          (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:02:50.0971 4348        WANARP - ok
11:02:50.0987 4348        Wanarpv6        (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
11:02:51.0018 4348        Wanarpv6 - ok
11:02:51.0127 4348        wbengine        (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
11:02:51.0189 4348        wbengine - ok
11:02:51.0330 4348        WbioSrvc        (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
11:02:51.0345 4348        WbioSrvc - ok
11:02:51.0392 4348        wcncsvc        (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
11:02:51.0423 4348        wcncsvc - ok
11:02:51.0439 4348        WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
11:02:51.0455 4348        WcsPlugInService - ok
11:02:51.0517 4348        Wd              (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
11:02:51.0533 4348        Wd - ok
11:02:51.0579 4348        Wdf01000        (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
11:02:51.0595 4348        Wdf01000 - ok
11:02:51.0626 4348        WdiServiceHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:02:51.0704 4348        WdiServiceHost - ok
11:02:51.0704 4348        WdiSystemHost  (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
11:02:51.0735 4348        WdiSystemHost - ok
11:02:51.0767 4348        WebClient      (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
11:02:51.0813 4348        WebClient - ok
11:02:51.0845 4348        Wecsvc          (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
11:02:51.0907 4348        Wecsvc - ok
11:02:51.0923 4348        wercplsupport  (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
11:02:51.0985 4348        wercplsupport - ok
11:02:52.0016 4348        WerSvc          (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
11:02:52.0063 4348        WerSvc - ok
11:02:52.0125 4348        WfpLwf          (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
11:02:52.0157 4348        WfpLwf - ok
11:02:52.0172 4348        WIMMount        (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
11:02:52.0188 4348        WIMMount - ok
11:02:52.0219 4348        WinDefend - ok
11:02:52.0235 4348        WinHttpAutoProxySvc - ok
11:02:52.0281 4348        Winmgmt        (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
11:02:52.0328 4348        Winmgmt - ok
11:02:52.0469 4348        WinRM          (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
11:02:52.0531 4348        WinRM - ok
11:02:52.0687 4348        WinUsb          (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
11:02:52.0718 4348        WinUsb - ok
11:02:52.0781 4348        Wlansvc        (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
11:02:52.0827 4348        Wlansvc - ok
11:02:52.0843 4348        WmiAcpi        (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
11:02:52.0874 4348        WmiAcpi - ok
11:02:52.0937 4348        wmiApSrv        (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
11:02:52.0968 4348        wmiApSrv - ok
11:02:53.0015 4348        WMPNetworkSvc - ok
11:02:53.0046 4348        WPCSvc          (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
11:02:53.0077 4348        WPCSvc - ok
11:02:53.0108 4348        WPDBusEnum      (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
11:02:53.0155 4348        WPDBusEnum - ok
11:02:53.0171 4348        ws2ifsl        (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
11:02:53.0217 4348        ws2ifsl - ok
11:02:53.0249 4348        wscsvc          (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
11:02:53.0264 4348        wscsvc - ok
11:02:53.0280 4348        WSearch - ok
11:02:53.0436 4348        wuauserv        (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
11:02:53.0498 4348        wuauserv - ok
11:02:53.0623 4348        WudfPf          (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
11:02:53.0670 4348        WudfPf - ok
11:02:53.0685 4348        WUDFRd          (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:02:53.0748 4348        WUDFRd - ok
11:02:53.0779 4348        wudfsvc        (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
11:02:53.0810 4348        wudfsvc - ok
11:02:53.0841 4348        WwanSvc        (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
11:02:53.0873 4348        WwanSvc - ok
11:02:53.0935 4348        yukonw7        (64f88af327aa74e03658ae32b48ccb8b) C:\Windows\system32\DRIVERS\yk62x64.sys
11:02:53.0982 4348        yukonw7 - ok
11:02:54.0029 4348        MBR (0x1B8)    (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:02:55.0199 4348        \Device\Harddisk0\DR0 - ok
11:02:55.0214 4348        Boot (0x1200)  (76f9f1c19cd0805b1f8c114cf2560a46) \Device\Harddisk0\DR0\Partition0
11:02:55.0214 4348        \Device\Harddisk0\DR0\Partition0 - ok
11:02:55.0214 4348        Boot (0x1200)  (29291f7167bc376deac896d808207895) \Device\Harddisk0\DR0\Partition1
11:02:55.0214 4348        \Device\Harddisk0\DR0\Partition1 - ok
11:02:55.0245 4348        Boot (0x1200)  (79d36be34191ff7738b478f6da9f3c67) \Device\Harddisk0\DR0\Partition2
11:02:55.0245 4348        \Device\Harddisk0\DR0\Partition2 - ok
11:02:55.0245 4348        ============================================================
11:02:55.0245 4348        Scan finished
11:02:55.0245 4348        ============================================================
11:02:55.0261 3868        Detected object count: 4
11:02:55.0261 3868        Actual detected object count: 4
11:03:12.0515 3868        AcronisOSSReinstallSvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:03:12.0515 3868        AcronisOSSReinstallSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:03:12.0515 3868        HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
11:03:12.0515 3868        HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:03:12.0515 3868        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:03:12.0515 3868        Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:03:12.0515 3868        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
11:03:12.0515 3868        Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
Grüße,
Nina

cosinus 16.07.2012 16:18
Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

babycat 16.07.2012 19:51
Hallo Arne,

hier der Combofix Log:


Combofix Logfile:
Code:
ComboFix 12-07-16.01 - babycat 16.07.2012  20:34:32.1.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4091.2439 [GMT 2:00]
ausgeführt von:: c:\users\babycat\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\babycat\4.0
c:\windows\security\Database\tmp.edb
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-16 bis 2012-07-16  ))))))))))))))))))))))))))))))
.
.
2012-07-16 18:41 . 2012-07-16 18:41        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-07-16 18:41 . 2012-07-16 18:41        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-07-13 21:29 . 2012-07-13 21:29        --------        d-----w-        C:\_OTL
2012-07-12 09:42 . 2012-07-12 09:42        --------        d--h--w-        c:\windows\PIF
2012-07-11 22:25 . 2012-06-12 03:08        3148800        ----a-w-        c:\windows\system32\win32k.sys
2012-07-11 22:19 . 2012-06-02 12:52        754808        ----a-w-        c:\program files\Internet Explorer\iexplore.exe
2012-07-11 08:00 . 2012-06-06 06:06        2004480        ----a-w-        c:\windows\system32\msxml6.dll
2012-07-11 07:59 . 2012-06-06 06:02        1133568        ----a-w-        c:\windows\system32\cdosys.dll
2012-07-11 07:59 . 2012-06-06 05:05        372736        ----a-w-        c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-05 08:53 . 2012-07-05 08:53        --------        d-----w-        c:\program files (x86)\ESET
2012-07-04 13:33 . 2012-07-04 13:33        --------        d-----w-        c:\users\babycat\AppData\Local\PDF24
2012-07-04 08:17 . 2012-07-04 08:17        --------        d-----w-        c:\windows\SysWow64\wbem\en-US
2012-07-04 08:17 . 2012-07-04 08:17        --------        d-----w-        c:\windows\system32\wbem\en-US
2012-07-04 08:12 . 2012-07-04 08:13        --------        d-----w-        c:\program files (x86)\PDF24
2012-07-04 08:10 . 2012-05-04 11:00        366592        ----a-w-        c:\windows\system32\qdvd.dll
2012-07-04 08:10 . 2012-05-04 09:59        514560        ----a-w-        c:\windows\SysWow64\qdvd.dll
2012-07-02 17:45 . 2012-07-02 17:45        --------        d-----w-        c:\users\babycat\AppData\Roaming\Malwarebytes
2012-07-02 17:45 . 2012-07-02 17:45        --------        d-----w-        c:\programdata\Malwarebytes
2012-07-02 09:13 . 2012-07-02 09:13        --------        d-----w-        c:\programdata\Premium
2012-07-02 09:12 . 2012-07-02 09:13        --------        d-----w-        c:\programdata\InstallMate
2012-06-26 07:24 . 2012-06-26 07:24        --------        d-----w-        c:\users\babycat\AppData\Local\Macromedia
2012-06-26 07:23 . 2012-06-26 07:23        770384        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-26 07:23 . 2012-06-26 07:23        421200        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-24 19:38 . 2012-04-26 05:41        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-06-24 19:38 . 2012-04-26 05:41        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-06-24 19:38 . 2012-04-26 05:34        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-06-24 19:38 . 2012-05-01 05:40        209920        ----a-w-        c:\windows\system32\profsvc.dll
2012-06-24 19:37 . 2012-05-04 11:06        5559664        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-06-24 19:37 . 2012-05-04 10:03        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-06-24 19:37 . 2012-05-04 10:03        3913072        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-06-24 19:37 . 2012-04-28 03:55        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-06-24 19:37 . 2012-04-07 12:31        3216384        ----a-w-        c:\windows\system32\msi.dll
2012-06-24 19:37 . 2012-04-07 11:26        2342400        ----a-w-        c:\windows\SysWow64\msi.dll
2012-06-24 19:37 . 2012-04-24 05:37        1462272        ----a-w-        c:\windows\system32\crypt32.dll
2012-06-24 19:37 . 2012-04-24 05:37        184320        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-06-24 19:37 . 2012-04-24 05:37        140288        ----a-w-        c:\windows\system32\cryptnet.dll
2012-06-24 19:37 . 2012-04-24 04:36        140288        ----a-w-        c:\windows\SysWow64\cryptsvc.dll
2012-06-24 19:37 . 2012-04-24 04:36        1158656        ----a-w-        c:\windows\SysWow64\crypt32.dll
2012-06-24 19:37 . 2012-04-24 04:36        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll
2012-06-24 19:30 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-24 19:30 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-24 19:30 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-24 19:30 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-24 19:30 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-24 19:30 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-24 19:30 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-24 19:30 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-24 19:30 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 11:03 . 2012-04-17 10:50        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 11:03 . 2011-11-20 17:28        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-07-13 07:50        220632        ----a-w-        c:\users\babycat\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-07-13 07:50        220632        ----a-w-        c:\users\babycat\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-07-13 07:50        220632        ----a-w-        c:\users\babycat\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\babycat\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\babycat\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\babycat\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
.
R1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2010-09-02 21504]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\DRIVERS\cjusb.sys [2011-03-29 34672]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2007-05-09 16032]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-27 113120]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 Samsung UPD Service2;Samsung UPD Service2;c:\windows\System32\SUPDSvc2.exe [2011-12-02 165456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2010-09-02 17408]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2011-07-25 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]
S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [2011-11-20 1455648]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-04-16 87600]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120713.001\IDSvia64.sys [2012-06-18 509088]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-11-20 2326920]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-12-27 21992]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 ScrybeUpdater;Scrybe-Updateprogramm;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-10-22 11576]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-11-20 250400]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [2007-05-09 50208]
S3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-16 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 11:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-07-13 07:50        244688        ----a-w-        c:\users\babycat\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-07-13 07:50        244688        ----a-w-        c:\users\babycat\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-07-13 07:50        244688        ----a-w-        c:\users\babycat\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        97792        ----a-w-        c:\users\babycat\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        97792        ----a-w-        c:\users\babycat\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        97792        ----a-w-        c:\users\babycat\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        97792        ----a-w-        c:\users\babycat\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.7.1.5
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: SmarThru4 Als HTML speichern - c:\program files (x86)\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Auswahl erfassen - c:\program files (x86)\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Capture Selection - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll2.htm
IE: SmarThru4 Markierten Text speichern - c:\program files (x86)\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Save as HTML - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files (x86)\SmarThru 4\WebCapture.dll
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\babycat\AppData\Roaming\Mozilla\Firefox\Profiles\kcqvg8ll.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.http - 69.60.138.242
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-16  20:44:59
ComboFix-quarantined-files.txt  2012-07-16 18:44
.
Vor Suchlauf: 9 Verzeichnis(se), 26.210.242.560 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 25.833.607.168 Bytes frei
.
- - End Of File - - F4B2C4608F124B0C93F016A9B5D070B9
--- --- ---


Danke + Grüße,
Nina

cosinus 17.07.2012 10:53
Combofix - Scripten

1. Starte das Notepad (Start / Ausführen / notepad[Enter])

2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein.


Code:
Firefox::
FF - ProfilePath - c:\users\babycat\AppData\Roaming\Mozilla\Firefox\Profiles\kcqvg8ll.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.http - 69.60.138.242
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
3. Speichere im Notepad als CFScript.txt auf dem Desktop.

4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall.
(Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !)

5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.

http://users.pandora.be/bluepatchy/m...s/CFScript.gif

6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien:
Combofix.txt

Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!

babycat 17.07.2012 11:18
Hallo Arne,


hier das neue Logfile:

Combofix Logfile:
Code:
ComboFix 12-07-16.01 - babycat 17.07.2012  12:00:31.2.2 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.4091.2685 [GMT 2:00]
ausgeführt von:: c:\users\babycat\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\babycat\Desktop\CFScript.txt
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-06-17 bis 2012-07-17  ))))))))))))))))))))))))))))))
.
.
2012-07-17 10:07 . 2012-07-17 10:07        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2012-07-17 10:07 . 2012-07-17 10:07        --------        d-----w-        c:\users\Default\AppData\Local\temp
2012-07-13 21:29 . 2012-07-13 21:29        --------        d-----w-        C:\_OTL
2012-07-12 09:42 . 2012-07-12 09:42        --------        d--h--w-        c:\windows\PIF
2012-07-11 22:25 . 2012-06-12 03:08        3148800        ----a-w-        c:\windows\system32\win32k.sys
2012-07-11 22:19 . 2012-06-02 12:52        754808        ----a-w-        c:\program files\Internet Explorer\iexplore.exe
2012-07-11 08:00 . 2012-06-06 06:06        2004480        ----a-w-        c:\windows\system32\msxml6.dll
2012-07-11 07:59 . 2012-06-06 06:02        1133568        ----a-w-        c:\windows\system32\cdosys.dll
2012-07-11 07:59 . 2012-06-06 05:05        372736        ----a-w-        c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-05 08:53 . 2012-07-05 08:53        --------        d-----w-        c:\program files (x86)\ESET
2012-07-04 13:33 . 2012-07-04 13:33        --------        d-----w-        c:\users\babycat\AppData\Local\PDF24
2012-07-04 08:17 . 2012-07-04 08:17        --------        d-----w-        c:\windows\SysWow64\wbem\en-US
2012-07-04 08:17 . 2012-07-04 08:17        --------        d-----w-        c:\windows\system32\wbem\en-US
2012-07-04 08:12 . 2012-07-04 08:13        --------        d-----w-        c:\program files (x86)\PDF24
2012-07-04 08:10 . 2012-05-04 11:00        366592        ----a-w-        c:\windows\system32\qdvd.dll
2012-07-04 08:10 . 2012-05-04 09:59        514560        ----a-w-        c:\windows\SysWow64\qdvd.dll
2012-07-02 17:45 . 2012-07-02 17:45        --------        d-----w-        c:\users\babycat\AppData\Roaming\Malwarebytes
2012-07-02 17:45 . 2012-07-02 17:45        --------        d-----w-        c:\programdata\Malwarebytes
2012-07-02 09:13 . 2012-07-02 09:13        --------        d-----w-        c:\programdata\Premium
2012-07-02 09:12 . 2012-07-02 09:13        --------        d-----w-        c:\programdata\InstallMate
2012-06-26 07:24 . 2012-06-26 07:24        --------        d-----w-        c:\users\babycat\AppData\Local\Macromedia
2012-06-26 07:23 . 2012-06-26 07:23        770384        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-26 07:23 . 2012-06-26 07:23        421200        ----a-w-        c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-24 19:38 . 2012-04-26 05:41        77312        ----a-w-        c:\windows\system32\rdpwsx.dll
2012-06-24 19:38 . 2012-04-26 05:41        149504        ----a-w-        c:\windows\system32\rdpcorekmts.dll
2012-06-24 19:38 . 2012-04-26 05:34        9216        ----a-w-        c:\windows\system32\rdrmemptylst.exe
2012-06-24 19:38 . 2012-05-01 05:40        209920        ----a-w-        c:\windows\system32\profsvc.dll
2012-06-24 19:37 . 2012-05-04 11:06        5559664        ----a-w-        c:\windows\system32\ntoskrnl.exe
2012-06-24 19:37 . 2012-05-04 10:03        3968368        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2012-06-24 19:37 . 2012-05-04 10:03        3913072        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2012-06-24 19:37 . 2012-04-28 03:55        210944        ----a-w-        c:\windows\system32\drivers\rdpwd.sys
2012-06-24 19:37 . 2012-04-07 12:31        3216384        ----a-w-        c:\windows\system32\msi.dll
2012-06-24 19:37 . 2012-04-07 11:26        2342400        ----a-w-        c:\windows\SysWow64\msi.dll
2012-06-24 19:37 . 2012-04-24 05:37        1462272        ----a-w-        c:\windows\system32\crypt32.dll
2012-06-24 19:37 . 2012-04-24 05:37        184320        ----a-w-        c:\windows\system32\cryptsvc.dll
2012-06-24 19:37 . 2012-04-24 05:37        140288        ----a-w-        c:\windows\system32\cryptnet.dll
2012-06-24 19:37 . 2012-04-24 04:36        140288        ----a-w-        c:\windows\SysWow64\cryptsvc.dll
2012-06-24 19:37 . 2012-04-24 04:36        1158656        ----a-w-        c:\windows\SysWow64\crypt32.dll
2012-06-24 19:37 . 2012-04-24 04:36        103936        ----a-w-        c:\windows\SysWow64\cryptnet.dll
2012-06-24 19:30 . 2012-06-02 22:19        2428952        ----a-w-        c:\windows\system32\wuaueng.dll
2012-06-24 19:30 . 2012-06-02 22:19        57880        ----a-w-        c:\windows\system32\wuauclt.exe
2012-06-24 19:30 . 2012-06-02 22:19        44056        ----a-w-        c:\windows\system32\wups2.dll
2012-06-24 19:30 . 2012-06-02 22:15        2622464        ----a-w-        c:\windows\system32\wucltux.dll
2012-06-24 19:30 . 2012-06-02 22:19        38424        ----a-w-        c:\windows\system32\wups.dll
2012-06-24 19:30 . 2012-06-02 22:19        701976        ----a-w-        c:\windows\system32\wuapi.dll
2012-06-24 19:30 . 2012-06-02 22:15        99840        ----a-w-        c:\windows\system32\wudriver.dll
2012-06-24 19:30 . 2012-06-02 13:19        186752        ----a-w-        c:\windows\system32\wuwebv.dll
2012-06-24 19:30 . 2012-06-02 13:15        36864        ----a-w-        c:\windows\system32\wuapp.exe
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-12 11:03 . 2012-04-17 10:50        426184        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-12 11:03 . 2011-11-20 17:28        70344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((  SnapShot@2012-07-16_18.42.03  )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-07-16 09:25        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-17 07:37        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-07-17 07:37        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-16 09:25        32768              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-16 09:25        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-17 07:37        16384              c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-11-20 15:33 . 2012-07-17 07:47        48124              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-17 07:47        43626              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-11-20 15:23 . 2012-07-17 07:47        17358              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2113610040-2832984514-1530586175-1000_UserData.bin
- 2011-11-20 15:23 . 2012-07-16 09:30        17358              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2113610040-2832984514-1530586175-1000_UserData.bin
- 2011-11-20 15:13 . 2012-07-16 09:17        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-11-20 15:13 . 2012-07-17 07:50        16384              c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-07-16 07:29 . 2012-07-17 07:50        49152              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2012-07-16 07:29 . 2012-07-16 09:17        49152              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-07-17 07:50        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-16 09:17        16384              c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-07-17 07:37 . 2012-07-17 07:37        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-16 09:24 . 2012-07-16 09:24        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-16 09:24 . 2012-07-16 09:24        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-17 07:37 . 2012-07-17 07:37        2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 05:01 . 2012-07-16 20:39        331640              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-07-16 09:23        331640              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2012-07-04 19:12 . 2012-07-16 09:23        979158              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2113610040-2832984514-1530586175-1000-4096.dat
+ 2012-07-04 19:12 . 2012-07-16 20:39        979158              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2113610040-2832984514-1530586175-1000-4096.dat
+ 2011-11-20 16:03 . 2012-07-16 20:39        30350388              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2113610040-2832984514-1530586175-1000-8192.dat
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-07-13 07:50        220632        ----a-w-        c:\users\babycat\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-07-13 07:50        220632        ----a-w-        c:\users\babycat\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-07-13 07:50        220632        ----a-w-        c:\users\babycat\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\babycat\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\babycat\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        94208        ----a-w-        c:\users\babycat\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ConnectionCenter"="c:\program files (x86)\Citrix\ICA Client\concentr.exe" [2010-05-12 300472]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
.
R1 vflt;Shrew Soft Lightweight Filter;c:\windows\system32\DRIVERS\vfilter.sys [2010-09-02 21504]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-02-15 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-12 250056]
R3 cjusb;REINER SCT cyberJack USB Driver;c:\windows\system32\DRIVERS\cjusb.sys [2011-03-29 34672]
R3 lvpepf64;Volume Adapter;c:\windows\system32\DRIVERS\lv302a64.sys [2007-05-09 16032]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-27 113120]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series - Adaptertreiber für Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 Samsung UPD Service2;Samsung UPD Service2;c:\windows\System32\SUPDSvc2.exe [2011-12-02 165456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
R3 vnet;Shrew Soft Virtual Adapter;c:\windows\system32\DRIVERS\virtualnet.sys [2010-09-02 17408]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [2011-07-25 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [2012-03-29 1092728]
S0 tdrpman251;Acronis Try&Decide and Restore Points filter (build 251);c:\windows\system32\DRIVERS\tdrpm251.sys [2011-11-20 1455648]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120711.002\BHDrvx64.sys [2012-06-19 1161376]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [2011-11-29 167048]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2010-04-16 87600]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120715.001\IDSvia64.sys [2012-06-18 509088]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 13824]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [2012-03-29 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS [2012-03-29 405624]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-11-20 2326920]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [2010-12-27 21992]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe [2012-03-27 138232]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-10-15 2253120]
S2 ScrybeUpdater;Scrybe-Updateprogramm;c:\program files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-05-27 1300264]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-10-22 11576]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-11-20 250400]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-05-31 138912]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\DRIVERS\LVUSBS64.sys [2007-05-09 50208]
S3 LVUVC64;Logitech Webcam 500(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-07 174184]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt        REG_MULTI_SZ          hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 11:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-07-13 07:50        244688        ----a-w-        c:\users\babycat\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2012-07-13 07:50        244688        ----a-w-        c:\users\babycat\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-07-13 07:50        244688        ----a-w-        c:\users\babycat\AppData\Local\Microsoft\SkyDrive\16.4.6003.0710\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        97792        ----a-w-        c:\users\babycat\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        97792        ----a-w-        c:\users\babycat\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        97792        ----a-w-        c:\users\babycat\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-02-14 22:58        97792        ----a-w-        c:\users\babycat\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=NIS&pvid=19.7.1.5
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: SmarThru4 Als HTML speichern - c:\program files (x86)\SmarThru 4\WebCapture.dll1.htm
IE: SmarThru4 Auswahl erfassen - c:\program files (x86)\SmarThru 4\WebCapture.dll2.htm
IE: SmarThru4 Capture Selection - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll2.htm
IE: SmarThru4 Markierten Text speichern - c:\program files (x86)\SmarThru 4\WebCapture.dll.htm
IE: SmarThru4 Save as HTML - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll1.htm
IE: SmarThru4 Save Selected Text - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll.htm
IE: SmarThru4 Web Capture - c:\program files (x86)\SmarThru 4\WebCapture.dll
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\babycat\AppData\Roaming\Mozilla\Firefox\Profiles\kcqvg8ll.default\
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.7.1.5\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-07-17  12:09:40
ComboFix-quarantined-files.txt  2012-07-17 10:09
ComboFix2.txt  2012-07-16 18:44
.
Vor Suchlauf: 14 Verzeichnis(se), 25.811.234.816 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 25.522.966.528 Bytes frei
.
- - End Of File - - 961A43BF39AF8A437A769C5CD8AB7F6D
--- --- ---


Danke,
Grüße Nina

cosinus 17.07.2012 15:21
Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.

Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM!

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).



Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes:
Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.

babycat 18.07.2012 09:50
Hallo Arne,

hier die Logs:

GMER Logfile:
Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-18 00:00:33
Windows 6.1.7601 Service Pack 1
Running: Gmer.exe


---- Registry - GMER 1.0.15 ----

Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00211930bb1a                                                                                                                   
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00211930bb1a (not active ControlSet)                                                                                               
Reg  HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\babycat\AppData\Local\Logitech\xae Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe  1

---- EOF - GMER 1.0.15 ----
OSAM Logfile:
Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 10:00:47 on 18.07.2012

OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit
Default Browser: Mozilla Corporation Firefox 13.0.1

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[Common]
-----( %SystemRoot%\Tasks )-----
"Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

[Control Panel Objects]
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\MLCFG32.CPL

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Acronis Snapshots Manager" (snapman) - "Acronis" - C:\Windows\System32\DRIVERS\snapman.sys
"Acronis Try&Decide and Restore Points filter (build 251)" (tdrpman251) - "Acronis" - C:\Windows\System32\DRIVERS\tdrpm251.sys
"afcdp" (afcdp) - "Acronis" - C:\Windows\System32\DRIVERS\afcdp.sys
"BHDrvx64" (BHDrvx64) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120711.002\BHDrvx64.sys
"catchme" (catchme) - ? - C:\ComboFix\catchme.sys  (File not found)
"Cisco Systems Inc. IPSec Driver" (CVPNDRVA) - ? - C:\Windows\system32\Drivers\CVPNDRVA.sys  (File found, but it contains no detailed information)
"Citrix USB Monitor Driver" (ctxusbm) - "Citrix Systems, Inc." - C:\Windows\System32\DRIVERS\ctxusbm.sys
"cpuz135" (cpuz135) - "CPUID" - C:\Windows\system32\drivers\cpuz135_x64.sys
"EraserUtilRebootDrv" (EraserUtilRebootDrv) - "Symantec Corporation" - C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
"IDSVia64" (IDSVia64) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120717.003\IDSvia64.sys
"NAVENG" (NAVENG) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120717.018\ENG64.SYS
"NAVEX15" (NAVEX15) - "Symantec Corporation" - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20120717.018\EX64.SYS
"Norton Internet Security Settings Manager" (ccSet_NIS) - "Symantec Corporation" - C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys
"REINER SCT cyberJack USB Driver" (cjusb) - "REINER SCT" - C:\Windows\System32\DRIVERS\cjusb.sys
"Shrew Soft Lightweight Filter" (vflt) - "Shrew Soft Inc" - C:\Windows\System32\DRIVERS\vfilter.sys
"Shrew Soft Virtual Adapter" (vnet) - "Shrew Soft Inc" - C:\Windows\System32\DRIVERS\virtualnet.sys
"speedfan" (speedfan) - "Almico Software" - C:\Windows\SysWOW64\speedfan.sys
"Symantec Data Store" (SymDS) - "Symantec Corporation" - C:\Windows\System32\drivers\NISx64\1307010.005\SYMDS64.SYS
"Symantec Eraser Control driver" (eeCtrl) - "Symantec Corporation" - C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
"Symantec Extended File Attributes" (SymEFA) - "Symantec Corporation" - C:\Windows\System32\drivers\NISx64\1307010.005\SYMEFA64.SYS
"Symantec Iron Driver" (SymIRON) - "Symantec Corporation" - C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS
"Symantec Network Security WFP Driver" (SymNetS) - "Symantec Corporation" - C:\Windows\System32\Drivers\NISx64\1307010.005\SYMNETS.SYS
"Symantec Real Time Storage Protection (PEL) x64" (SRTSPX) - "Symantec Corporation" - C:\Windows\system32\drivers\NISx64\1307010.005\SRTSPX64.SYS
"Symantec Real Time Storage Protection x64" (SRTSP) - "Symantec Corporation" - C:\Windows\System32\Drivers\NISx64\1307010.005\SRTSP64.SYS
"SymEvent" (SymEvent) - "Symantec Corporation" - C:\Windows\system32\Drivers\SYMEVENT64x86.SYS

[Explorer]
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? -  (File not found | COM-object registry key not found)
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\Win32\XCShInfo.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
{CFB6322E-CC85-4d1b-82C7-893888A236BC} "IcaMimeFilterPP Class" - "Citrix Systems, Inc." - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
{D1F8BD1E-7967-11D2-B43A-006094B9EADB} "SAP HTML Pluggable Protocol" - "SAP, Walldorf" - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll
{D1F8BD1E-7967-11D2-B43A-006094B9EADB} "SAP HTML Pluggable Protocol" - "SAP, Walldorf" - c:\program files (x86)\sap\frontend\sapgui\saphtmlp.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{C539A15B-3AF9-4c92-B771-50CB78F5C751} "Acronis Secure Zone" - "Acronis" - C:\Program Files (x86)\Acronis\TrueImageHome\tishell.dll
{C539A15A-3AF9-4c92-B771-50CB78F5C751} "Acronis True Image Shell Context Menu Extension" - "Acronis" - C:\Program Files (x86)\Acronis\TrueImageHome\tishell.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\ONFILTER.DLL
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\OLKFSTUB.DLL
{CF822AB4-6DB5-4FDA-BC28-E61DF36D2583} "PDF-XChange PDF Preview Provider" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\Win32\XCShInfo.dll
{67EB453C-1BE1-48EC-AAF3-23B10277FCC1} "PDF-XChange PDF Property Handler" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\Win32\XCShInfo.dll
{EBD0B8F4-A9A0-41B7-9695-030CD264D9C8} "PDF-XChange PDF Thumbnail Provider" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\Win32\XCShInfo.dll
{B2F55D43-C7A4-4B7C-90D7-7A860DFA9F2A} "PXCInfoShlExt Class" - "Tracker Software Products Ltd." - C:\Program Files\Tracker Software\Shell Extensions\Win32\XCShInfo.dll
{E99987AC-6311-4686-B095-EB30B69F9258} "Samsung AnyWeb Print" - ? - C:\Program Files (x86)\Samsung AnyWeb Print\W2PDeskband.dll

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )-----
{555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{002C5F79-B71E-44FD-966A-684AD20F58C2} "SmarThru4 Als HTML speichern" - ? - C:\Program Files (x86)\SmarThru 4\WebCapture.dll
{A9A0537F-A1B3-4472-BE97-CBB588B2965F} "SmarThru4 Auswahl erfassen" - ? - C:\Program Files (x86)\SmarThru 4\WebCapture.dll
{7944DB2F-E7C7-4A84-922D-305182AD87F3} "SmarThru4 Markierten Text speichern" - ? - C:\Program Files (x86)\SmarThru 4\WebCapture.dll
{C4F01940-1BF8-4447-AF12-7B548BBBFEB2} "SmarThru4 Web Capture" - ? - C:\Program Files (x86)\SmarThru 4\WebCapture.dll
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? -  (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -  (File not found | COM-object registry key not found)
<binary data> "Norton Toolbar" - "Symantec Corporation" - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{6E2510E6-BF2D-4C78-9F28-2F5C8760F124} "ERPageAddin Class" - "EMC" - C:\Program Files (x86)\eRoom 7\ERAddIn7.ocx /
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_29" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_29.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
{DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{94BB0C4C-B957-479A-85E4-42F53B89F681} "Samsung AnyWeb Print" - ? - C:\Program Files (x86)\Samsung AnyWeb Print\W2PBrowser.dll
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} "Norton Toolbar" - "Symantec Corporation" - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} "Norton Identity Protection" - "Symantec Corporation" - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
{6D53EC84-6AAE-4787-AEEE-F4628F01010C} "Norton Vulnerability Protection" - "Symantec Corporation" - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL
{AA609D72-8482-4076-8991-8CDAE5B93BCB} "Samsung BHO Class" - ? - C:\Program Files (x86)\Samsung AnyWeb Print\W2PBrowser.dll

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\babycat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"ConnectionCenter" - "Citrix Systems, Inc." - "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"SmarThru PC Fax Port" - ? - C:\Windows\system32\SamFaxPort64.dll
"spd__ Langmon" - ? - C:\Windows\system32\spd__l.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll  (File not found)
"@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe"  (File not found)
"Acronis Nonstop Backup service" (afcdpsrv) - "Acronis" - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
"Acronis OS Selector Reinstall Service" (AcronisOSSReinstallSvc) - ? - C:\Program Files (x86)\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe  (File found, but it contains no detailed information)
"Acronis Scheduler2 Service" (AcrSch2Svc) - "Acronis" - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
"Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"Cisco Systems, Inc. VPN Service" (CVPND) - "Cisco Systems, Inc." - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe
"Google Updater Service" (gusvc) - "Google" - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
"HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
"HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
"hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe
"Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll
"Norton Internet Security" (NIS) - "Symantec Corporation" - C:\Program Files (x86)\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe
"NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll
"Samsung UPD Service2" (Samsung UPD Service2) - "Samsung Electronics" - C:\Windows\System32\SUPDSvc2.exe
"Scrybe-Updateprogramm" (ScrybeUpdater) - "Synaptics, Inc." - C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
"Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files (x86)\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
aswMBR:

Code:
aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-18 10:12:45
-----------------------------
10:12:45.377    OS Version: Windows x64 6.1.7601 Service Pack 1
10:12:45.377    Number of processors: 2 586 0x1706
10:12:45.377    ComputerName: babycat-PC  UserName: babycat
10:12:46.438    Initialize success
10:12:53.520    AVAST engine defs: 12071800
10:13:03.052    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
10:13:03.052    Disk 0 Vendor: TOSHIBA_MK3252GSX LV011E Size: 305245MB BusType: 11
10:13:03.083    Disk 0 MBR read successfully
10:13:03.083    Disk 0 MBR scan
10:13:03.083    Disk 0 Windows 7 default MBR code
10:13:03.114    Disk 0 Partition 1 00    07    HPFS/NTFS NTFS        51199 MB offset 520281090
10:13:03.114    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS        81933 MB offset 63
10:13:03.145    Disk 0 Partition 3 00    07    HPFS/NTFS NTFS      172110 MB offset 167798925
10:13:03.161    Disk 0 scanning C:\Windows\system32\drivers
10:13:20.213    Service scanning
10:14:29.883    Modules scanning
10:14:29.883    Disk 0 trace - called modules:
10:14:29.898    ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
10:14:30.413    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c472b0]
10:14:30.413    3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800475d060]
10:14:31.349    AVAST engine scan C:\Windows
10:14:33.923    AVAST engine scan C:\Windows\system32
10:18:09.782    AVAST engine scan C:\Windows\system32\drivers
10:18:37.066    AVAST engine scan C:\Users\babycat
10:21:48.073    AVAST engine scan C:\ProgramData
10:25:11.216    Scan finished successfully
10:27:24.285    Disk 0 MBR has been saved successfully to "C:\Users\babycat\Desktop\cleaning\MBR.dat"
10:27:24.300    The log file has been saved successfully to "C:\Users\babycat\Desktop\cleaning\aswMBR.txt"
Danke + Grüße,
Nina

cosinus 18.07.2012 19:22
Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SASW und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!

cosinus 18.07.2012 19:24
(sry war doppelt)


Alle Zeitangaben in WEZ +1. Es ist jetzt 13:14 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27